F-secure And Dss Logs Now Included[RESOLVED]


Recommended Posts

I have a badly infected PC. Kids do not listen.

It has taken me a couple of hours just to get into Windows. The infections removed admin privileges and disabled all of the Services. When I finally got into Windows an outdated version of McAfee kept popping up a warning about protector.exe and other bad files. The protector.exe warning about needing access wouldn't go away until I located the file and moved it to another folder.

McAfee also warned about ntsystem.exe, spoolc.exe and exploeee.exe. McAfee could not remove or quarentine any of these. I ran Kaspersky online scan and included the log below. I aslo ran AdAware 2008 and Eset online scanner.

I have uninstalled most of McAfee and outdated versions of Adobe Reader, Java and etc. I need to research some of the other programs in Add/Remove.

Here are the initial HJT & Kaspersky logs. I will post the newest HJT log afterward.

__________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:40:26 PM, on 3/26/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\Program Files\Dell Photo AIO Printer 942\memcard.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\Program Files\McAfee.com\VSO\oasclnt.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\Common Files\AOL\1128385185\ee\AOLServiceHost.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Die MoFo\Die MoFo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll

O2 - BHO: (no name) - {DABCE839-3831-3818-AF3A-3837BCD324D2} - C:\WINDOWS\system32\mspoolg.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"

O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"

O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"

O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\system32\ntsystem.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"

O4 - HKLM\..\Run: [frun] C:\WINDOWS\derc32xz.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKCU\..\Run: [My Web Search Community Tools] "C:\Program Files\MyWebSearch\bar\2.bin\m3IMPipe.exe"

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm492YYUS

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)

O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O20 - AppInit_DLLs: C:\WINDOWS\system32\hrum135.txt

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

O23 - Service: McAfee SpamKiller Server (MskService) - Unknown owner - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--

End of file - 10895 bytes

StartupList report, 3/26/2008, 7:41:55 PM

StartupList version: 1.52.2

Started from : C:\Die MoFo\Die MoFo.EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)

* Using default options

==================================================

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\Program Files\Dell Photo AIO Printer 942\memcard.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\Program Files\McAfee.com\VSO\oasclnt.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\Common Files\AOL\1128385185\ee\AOLServiceHost.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Die MoFo\Die MoFo.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

Digital Line Detect.lnk = ?

Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SoundMAXPnP = C:\Program Files\Analog Devices\Core\smax4pnp.exe

SunJavaUpdateSched = "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"

UpdateManager = "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

mmtask = C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

VSOCheckTask = "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

MCAgentExe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe

MCUpdateExe = C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

dla = C:\WINDOWS\system32\dla\tfswctrl.exe

VirusScan Online = "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

Dell Photo AIO Printer 942 = "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"

DellMCM = "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"

MPSExe = C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding

MSKAGENTEXE = C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

MSKDetectorExe = C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

MPFExe = C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

OASClnt = C:\Program Files\McAfee.com\VSO\oasclnt.exe

HostManager = C:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exe

igfxtray = C:\WINDOWS\system32\igfxtray.exe

igfxhkcmd = C:\WINDOWS\system32\hkcmd.exe

igfxpers = C:\WINDOWS\system32\igfxpers.exe

My Web Search Bar = rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S

MyWebSearch Email Plugin = C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

QOELOADER = "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"

gwiz = C:\WINDOWS\system32\ntsystem.exe

iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"

eTrustPPAP = "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"

frun = C:\WINDOWS\derc32xz.exe

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

(Default) =

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

DellSupport = "C:\Program Files\DellSupport\DSAgnt.exe" /startup

MSKAGENTEXE = C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

Aim6 = "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

MyWebSearch Email Plugin = C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

My Web Search Community Tools = "C:\Program Files\MyWebSearch\bar\2.bin\m3IMPipe.exe"

Yahoo! Pager = "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*

run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\WINDOWS\system32\hrum135.txt

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe

SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr

drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*

HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL - {00A6FAF1-072E-44cf-8957-5838F569A31D}

(no name) - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll - {4D25F921-B9FE-4682-BF72-8AB8210D6D75}

(no name) - C:\WINDOWS\system32\mspoolg.dll - {DABCE839-3831-3818-AF3A-3837BCD324D2}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job

--------------------------------------------------

Enumerating Download Program Files:

[shockwave ActiveX Control]

InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll

CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

[{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]

CODEBASE = http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

Windows NT checkdisk command:

BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':

PendingFileRenameOperations: C:\Documents and Settings\Lindy Calkins\Application Data\xvvid.nsf

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\system32\webcheck.dll

SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------

End of report, 10,034 bytes

Report generated in 0.078 seconds

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Wednesday, March 26, 2008 11:17:08 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 27/03/2008

Kaspersky Anti-Virus database records: 665645

-------------------------------------------------------------------------------

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

Scan Target - My Computer:

C:\

D:\

E:\

Scan Statistics:

Total number of scanned objects: 53508

Number of viruses found: 28

Number of infected objects: 61

Number of suspicious objects: 0

Duration of the scan process: 00:43:16

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd000.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped

C:\Documents and Settings\Kenny Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfge.class-65499117-4bbb0955.class Infected: Trojan-Downloader.Java.OpenStream.y skipped

C:\Documents and Settings\Kenny Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfgn.class-2a829977-40ec9a63.class Infected: Trojan-Downloader.Java.OpenStream.y skipped

C:\Documents and Settings\Kenny Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-2a5c927e-55f6ecf9.zip/MagicApplet.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped

C:\Documents and Settings\Kenny Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-2a5c927e-55f6ecf9.zip/OwnClassLoader.class Infected: Trojan.Java.ClassLoader.au skipped

C:\Documents and Settings\Kenny Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-2a5c927e-55f6ecf9.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped

C:\Documents and Settings\Kenny Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-2a5c927e-55f6ecf9.zip ZIP: infected - 3 skipped

C:\Documents and Settings\Kenny Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-50d4f5ca-1df3dbe9.zip/MagicApplet.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped

C:\Documents and Settings\Kenny Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-50d4f5ca-1df3dbe9.zip/OwnClassLoader.class Infected: Trojan.Java.ClassLoader.au skipped

C:\Documents and Settings\Kenny Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-50d4f5ca-1df3dbe9.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped

C:\Documents and Settings\Kenny Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-50d4f5ca-1df3dbe9.zip ZIP: infected - 3 skipped

C:\Documents and Settings\Kenny Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-5e7eb989-21c99fb0.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped

C:\Documents and Settings\Kenny Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-5e7eb989-21c99fb0.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Kenny Calkins\My Documents\New Folder\ntsystem.exe Infected: Trojan-Clicker.Win32.Agent.hg skipped

C:\Documents and Settings\Lindy Calkins\Application Data\antivirus.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped

C:\Documents and Settings\Lindy Calkins\Application Data\drvcleaner.exe Infected: not-a-virus:Downloader.Win32.WinFixer.m skipped

C:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-637f0c3-5a5b704e.zip/BnnnnBaa.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-637f0c3-5a5b704e.zip/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-637f0c3-5a5b704e.zip/Bnnnnn.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-637f0c3-5a5b704e.zip ZIP: infected - 3 skipped

C:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-6dc09976-3f6a5a1b.zip/BnnnnBaa.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-6dc09976-3f6a5a1b.zip/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-6dc09976-3f6a5a1b.zip/Bnnnnn.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-6dc09976-3f6a5a1b.zip ZIP: infected - 3 skipped

C:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-50d4f5ca-596899d9.zip/MagicApplet.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped

C:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-50d4f5ca-596899d9.zip/OwnClassLoader.class Infected: Trojan.Java.ClassLoader.au skipped

C:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-50d4f5ca-596899d9.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped

C:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-50d4f5ca-596899d9.zip ZIP: infected - 3 skipped

C:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-54fff5de-27d0f4d4.zip/MagicApplet.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped

C:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-54fff5de-27d0f4d4.zip/OwnClassLoader.class Infected: Trojan.Java.ClassLoader.au skipped

C:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-54fff5de-27d0f4d4.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped

C:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-54fff5de-27d0f4d4.zip ZIP: infected - 3 skipped

C:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-14e46f0-4f430c3f.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped

C:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-14e46f0-4f430c3f.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-4e3272d0-6ad4ef61.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped

C:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-4e3272d0-6ad4ef61.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-5e7eb989-41a2f364.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped

C:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-5e7eb989-41a2f364.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-4b9c0e39-799cc406.zip/OP.class Infected: Trojan-Downloader.Java.OpenStream.ab skipped

C:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-4b9c0e39-799cc406.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Lindy Calkins\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Lindy Calkins\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Lindy Calkins\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Lindy Calkins\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Lindy Calkins\Local Settings\History\History.IE5\MSHist012008032620080327\index.dat Object is locked skipped

C:\Documents and Settings\Lindy Calkins\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Lindy Calkins\ntuser.dat Object is locked skipped

C:\Documents and Settings\Lindy Calkins\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Lindy Calkins\Shared\Eighties classic (comendy).wma Infected: Trojan-Downloader.WMA.Wimad.k skipped

C:\Documents and Settings\Lindy Calkins\Shared\Eighties classic.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Uninstall Fun Web Products.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\RECYCLER\S-1-5-21-2964191742-1540247971-618130885-500\Dc2.old Infected: Trojan.Win32.Qhost.my skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\change.log Object is locked skipped

C:\WINDOWS\bagvdg.exe Infected: Trojan-Spy.Win32.BZub.bvu skipped

C:\WINDOWS\ddexxz.exe Infected: Trojan-Downloader.Win32.Wixud.j skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\devadwp.exe Infected: Trojan-Downloader.Win32.Wixud.j skipped

C:\WINDOWS\dracee.exe Infected: Trojan-Spy.Win32.BZub.bun skipped

C:\WINDOWS\exploeee.exe Object is locked skipped

C:\WINDOWS\ksacre.exe Infected: Trojan-Proxy.Win32.Wopla.ao skipped

C:\WINDOWS\mirar_distro_876260.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bj skipped

C:\WINDOWS\svhjdsah.exe Infected: Trojan.Win32.Small.rt skipped

C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\hanonvt.ini Infected: Trojan-Downloader.Win32.Agent.bxx skipped

C:\WINDOWS\SYSTEM32\hrum135.txt Infected: Trojan.Win32.Agent.ali skipped

C:\WINDOWS\SYSTEM32\mskvtns.dll Infected: Trojan-Spy.Win32.BZub.bum skipped

C:\WINDOWS\SYSTEM32\mspoolg.dll Infected: Trojan-Spy.Win32.BZub.bvq skipped

C:\WINDOWS\SYSTEM32\ntio256.sys Infected: Rootkit.Win32.Agent.cf skipped

C:\WINDOWS\SYSTEM32\ntoskrnl.dll Infected: Trojan.Win32.Agent.rx skipped

C:\WINDOWS\SYSTEM32\ntsystem.exe Object is locked skipped

C:\WINDOWS\SYSTEM32\spoolc.exe Object is locked skipped

C:\WINDOWS\SYSTEM32\vtr135.dll Infected: Trojan-Downloader.Win32.Agent.bxx skipped

C:\WINDOWS\SYSTEM32\vtr221.dll Infected: Trojan-Downloader.Win32.Agent.bxx skipped

C:\WINDOWS\SYSTEM32\xlibgfl254.dll Infected: Trojan-Downloader.Win32.Agent.bfj skipped

C:\WINDOWS\xlavra3.exe Infected: Trojan-Downloader.Win32.Wixud.b skipped

C:\WINDOWS\xnnnav.exe Infected: SpamTool.Win32.Agent.du skipped

Scan process completed.

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Wednesday, March 26, 2008 10:33:19 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 27/03/2008

Kaspersky Anti-Virus database records: 665645

-------------------------------------------------------------------------------

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

Scan Target - Memory:

Scan Statistics:

Total number of scanned objects: 1419

Number of viruses found: 2

Number of infected objects: 3

Number of suspicious objects: 0

Duration of the scan process: 00:00:26

Infected Object Name / Virus Name / Last Action

[0] [system Process] => C:\WINDOWS\system32\mspoolg.dll Infected: Trojan-Spy.Win32.BZub.bvq skipped

[708] LSASS.EXE => C:\WINDOWS\system32\xlibgfl254.dll Infected: Trojan-Downloader.Win32.Agent.bfj skipped

[1284] IEXPLORE.EXE => C:\WINDOWS\system32\mspoolg.dll Infected: Trojan-Spy.Win32.BZub.bvq skipped

Scan process completed.

Link to post
Share on other sites

Newest HJT log.

_________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:06:51 AM, on 3/27/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exe

C:\Program Files\Common Files\AOL\1128385185\ee\AOLServiceHost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

C:\DOCUME~1\LINDYC~1\LOCALS~1\Temp\uninst.002

C:\Die MoFo\Die MoFo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

O2 - BHO: (no name) - {DABCE839-3831-3818-AF3A-3837BCD324D2} - C:\WINDOWS\system32\mspoolg.dll (file missing)

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm492YYUS

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O20 - AppInit_DLLs: C:\WINDOWS\system32\hrum135.txt

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--

End of file - 3952 bytes

Link to post
Share on other sites

TheTerrorist_75 Welcome to BestTechie. Sorry you had to visit under these circumstances. ROFLMAO.... Just couldn't resist that.

Let's see if we can get you cleaned up the rest of the way.

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

  • Close any open browsers.
  • If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Leave all the setting to the default except as noted below
    • Check the box for Scan all user accounts
    • Under Additional Scans sections, check the following
      • Reg - BotCheck
      • Reg - Disable MS Config items

    [*]Now click the Run Scan button on the toolbar.

    [*]The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.

    [*]When the scan is complete Notepad will open with the report file loaded in it.

    [*]Save that notepad file

If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.

Link to post
Share on other sites

When trying to run OTScanIt I get the following errors. I'll disable AVG AV, AVY Anti-Rootkit and AVG Anti-Spyware and try again.

Error loading process libraries & Invalid class string

I have been fighting this system most of yesterday morning and evening. I have finally gotten the Services to stay enabled.

The main problem seems to be hrum135.txt which AVG indentifies as Trojan Horse General6.AIT

Link to post
Share on other sites

Would you upload a copy of C:\WINDOWS\system32\hrum135.txt for me to HERE please.

Most times when a txt file is found as infected it's just cuz of a string in the file. In you case not so sure. IF it really is a text file.

Talking to OT about your error, he says he's seen that before when missing one of the crypo dll OR in your case

I have finally gotten the Services to stay enabled.
is Crypo svc running??

If we can't get a log there let's try another route

Please visit the webpage HERE for instructions for downloading and running ComboFix.

Post the log from ComboFix when you've accomplished that.

If, for some reason you are unable to get the CF log do the following please.

Deckard's System Scanner

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
  5. Please attach extra.txt to your post.

To attach a file to a new post, simply

  1. Go to the Atachments section on the post composition page.(just below the text entry window), and
  2. copy and paste the following into the "Select a file" box:

    C:\Deckard\System Scanner\extra.txt


  3. Click Upload.

What DSS will do:

  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Link to post
Share on other sites

All necessary Services were started and I still got the errors with OTScanIt.

AVG had removed hrum135.txt

The main Administrator account (Kenny) is still disabled so I had to use the other User account. Both accounts have some issues with permissions, but that is something that will need to be looked at after this POS is clean.

I was able to install the Recovery Console through the I386 folder. It's a Dell PC.

Here's the ComboFix log.

ComboFix 08-03-27.1 - Lindy Calkins 2008-03-28 19:35:18.1 - NTFSx86

Running from: C:\Documents and Settings\Lindy Calkins\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\inf\ultra.inf

C:\WINDOWS\system32\bszip.dll

C:\WINDOWS\system32\drivers\Oknx64.sys

C:\WINDOWS\system32\drivers\symavc32.sys

C:\WINDOWS\system32\mgtcxedzc.dll

C:\WINDOWS\system32\msdtexch.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NTIO256

-------\Legacy_OKNX64

((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-28 )))))))))))))))))))))))))))))))

.

2008-03-28 18:22 . 2008-03-28 18:22 <DIR> d-------- C:\Program Files\Dell Support Center

2008-03-28 18:22 . 2008-03-28 18:22 <DIR> d-------- C:\Program Files\Common Files\supportsoft

2008-03-28 18:22 . 2008-03-28 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft

2008-03-28 17:55 . 2008-03-28 17:55 <DIR> d-------- C:\Documents and Settings\Kenny Calkins\Application Data\Grisoft

2008-03-28 17:55 . 2008-03-28 18:17 <DIR> d-------- C:\Documents and Settings\Kenny Calkins\Application Data\AVG7

2008-03-28 15:32 . 2008-03-28 15:32 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7

2008-03-27 17:56 . 2008-03-28 08:49 <DIR> d-------- C:\Documents and Settings\Lindy Calkins\Application Data\AVG7

2008-03-27 17:55 . 2008-03-27 17:55 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7

2008-03-27 17:55 . 2008-03-28 18:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7

2008-03-27 12:35 . 2008-03-27 12:35 <DIR> d-------- C:\Documents and Settings\Lindy Calkins\Application Data\Grisoft

2008-03-27 12:35 . 2008-03-27 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-03-27 12:35 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys

2008-03-27 12:25 . 2007-01-18 08:00 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgArCln.sys

2008-03-27 10:55 . 2008-03-27 10:56 <DIR> d-------- C:\Program Files\SpywareBlaster

2008-03-27 10:55 . 2008-03-27 10:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP

2008-03-27 10:55 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\SYSTEM32\MSSTDFMT.DLL

2008-03-27 10:55 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\SYSTEM32\MSINET.OCX

2008-03-27 10:35 . 2008-03-27 10:35 <DIR> d-------- C:\Program Files\CCleaner

2008-03-26 21:27 . 2008-03-26 21:27 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab

2008-03-26 21:27 . 2008-03-26 21:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-03-26 21:21 . 2008-03-27 11:31 <DIR> d-------- C:\Program Files\EsetOnlineScanner

2008-03-26 21:20 . 2008-03-27 11:30 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files

2008-03-26 19:39 . 2008-03-28 09:18 <DIR> d-------- C:\Die MoFo

2008-03-26 19:32 . 2008-03-26 19:32 <DIR> d-------- C:\Program Files\Lavasoft

2008-03-26 19:32 . 2008-03-27 07:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-03-26 19:31 . 2008-03-26 19:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-03-26 19:18 . 2008-03-26 19:18 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles

2008-03-26 19:06 . 2008-03-26 19:06 2,855 --a------ C:\WINDOWS\SYSTEM32\ntsystem.PIF

2008-03-26 19:05 . 2008-03-26 19:05 <DIR> d--h----- C:\WINDOWS\PIF

2008-03-26 18:58 . 2008-03-28 18:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell

2008-03-26 18:52 . 2008-03-26 18:52 4,128 --a------ C:\INFCACHE.1

2008-03-26 18:51 . 2008-03-28 19:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-26 18:51 . 2008-03-26 18:51 1,409 --a------ C:\WINDOWS\QTFont.for

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-27 11:49 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys

2008-03-27 11:49 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys

2008-03-27 11:49 12,632 ----a-w C:\WINDOWS\SYSTEM32\lsdelete.exe

2008-02-11 13:39 253,952 ----a-w C:\WINDOWS\SYSTEM32\OnlineScannerDLLA.dll

2008-02-11 13:39 237,568 ----a-w C:\WINDOWS\SYSTEM32\OnlineScannerDLLW.dll

2008-02-08 17:53 110,592 ----a-w C:\WINDOWS\SYSTEM32\OnlineScannerLang.dll

2008-02-05 12:48 77,824 ----a-w C:\WINDOWS\SYSTEM32\OnlineScannerUninstaller.exe

2007-07-16 15:42 374 ----a-w C:\Documents and Settings\Lindy Calkins\Application Data\internaldb6334.dat

2007-06-24 20:02 2 ----a-w C:\Documents and Settings\Lindy Calkins\Application Data\xxx.exe

2007-05-16 20:14 848 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HostManager"="C:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exe" [2005-08-02 15:33 159832]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-27 17:55 579072]

"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 09:50 53248]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14 270648]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]

"DellMCM"="C:\Program Files\Dell Photo AIO Printer 942\memcard.exe" [2004-07-27 10:08 262144]

"Dell Photo AIO Printer 942"="C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2004-08-31 10:18 294912]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]

"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-04-13 02:45 26112]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 16:42 1404928]

"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01 110592]

"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-27 17:55 219136]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oknx64.sys]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"MskService"=2 (0x2)

"MpfService"=2 (0x2)

"mcupdmgr.exe"=3 (0x3)

"McTskshd.exe"=2 (0x2)

"McShield"=2 (0x2)

"McDetect.exe"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"C:\\Program Files\\America Online 9.0\\waol.exe"=

"C:\\Program Files\\Common Files\\AOL\\1128385185\\ee\\AOLServiceHost.exe"=

"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"C:\\Program Files\\AIM\\aim.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

.

Contents of the 'Scheduled Tasks' folder

"2008-03-28 21:39:34 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-28 19:39:58

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe

C:\Program Files\Common Files\AOL\1128385185\ee\AOLServiceHost.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2008-03-28 19:42:48 - machine was rebooted [Lindy Calkins]

ComboFix-quarantined-files.txt 2008-03-28 23:42:44

Pre-Run: 147,428,499,456 bytes free

Post-Run: 147,367,624,704 bytes free

.

2008-03-28 00:45:07 --- E O F ---

Link to post
Share on other sites

So far further scans haven't turned up any malware except for QooBox which is part of ComboFix. I have gained administrative control after running sfc /scannow and using Kelly's Korner. I am still going to wait to confirm this PC is absolutely clean before the kids get it back. I found a folder for Limewire hidden amongst their little brother's private folders.

Link to post
Share on other sites
I have gained administrative control after running sfc /scannow and using Kelly's Korner.

What a great site, huh. and sfc was comming up on my list of to do's

I'm gonna assume you've trashed the Limewire folder. Doesn't look like Limewire is current/active at least.

Do you know what is in C:\Die MoFo folder? Just name is a little quirky... Could be from Trojan OR from you to KILL said Trojans.

Only thing I see off hand is C:\Documents and Settings\Lindy Calkins\Application Data\xxx.exe.

If unknown to you perhaps check it at VirusTotal and remove if infected.

I'm also not certian on this Safeboot key

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oknx64.sys]
@=""

I'll look into it.

I'd also like one other/last Online opinion when you have time.

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

  • Click on the Start Scanning button at bottom of page.
  • Accept the License Agreement and the ActiveX install.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report to your Desktop for later posting.

Post

  • Fsecure results
  • Fresh Dss log (main.txt only)

in your next reply.

PS Also You've kept/got McAfee disabled instead of uninstalled. By choice? Still valid perhaps and just as a backup?? No harm just curious.

Link to post
Share on other sites

Die MoFo is HJT renamed. Just in case one of the infections tried to block it from running. I discovered the Host file was loaded with all of the anti-malware sites. Limewire was deleted along with all of it's sub folders and files. :thumbsup:

Oknx64.sys was QooBox. AVG removed it this morning when I started the PC.

I will check that xxx.exe file and run F-Secure when I hook that PC back up. I am down to one monitor so I have to switch between mine and theirs.

I have been trying to completely remove McAfee. I still have to search the registry for it's entries. I ran their removal program besides Add/Remove Programs and searched manually, but it is still intertwined throughout the Dell. As far as I am concerned McAfee is just as bad as an infection.

Link to post
Share on other sites

xxx.exe

MD5: 81051bcc2cf1bedf378224b0a93e2877

Date: 03.30.2008 00:46:33 (CET) [<1D]

Results: 0/32

Permalink: analisis/87dba1062f01d9ae77f474c569dad2d8

http://www.virustotal.com/analisis/87dba10...7f474c569dad2d8

Jotti finds nothing wrong with the file.

http://www.liutilities.com/products/wintas...esslibrary/xxx/

xxx.exe - xxx - Process InformationProcess Name: Downloader.W32.Delf

xxx.exe is registered as a downloader. This process usually comes bundled with a virus or spyware and its main role is to do nothing other than download other viruses/spyware to your computer.

I have manually deleted it.

Preparing to run other scans.

Link to post
Share on other sites

Here are the F-Secure & DSS scan logs.

Scanning Report

Sunday, March 30, 2008 09:13:48 - 10:13:51

Computer name: KENNY

Scanning type: Scan system for malware, rootkits

Target: C:\

--------------------------------------------------------------------------------

Result: 0 malware found

--------------------------------------------------------------------------------

Statistics

Scanned:

Files: 37401

System: 3810

Not scanned: 7

Actions:

Disinfected: 0

Renamed: 0

Deleted: 0

None: 0

Submitted: 0

Files not scanned:

C:\PAGEFILE.SYS

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

C:\WINDOWS\SYSTEM32\CONFIG\SAM

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{7F515B08-B1E0-43C1-AFF1-640121EF52BC}.BIN

Deckard's System Scanner v20071014.68

Run by Lindy Calkins on 2008-03-30 10:23:08

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 3 Restore Point(s) --

3: 2008-03-30 14:23:19 UTC - RP3 - Deckard's System Scanner Restore Point

2: 2008-03-29 01:42:40 UTC - RP2 - Removed My Way Search Assistant

1: 2008-03-28 23:40:38 UTC - RP1 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).

-- HijackThis (run as Lindy Calkins.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:24:47 AM, on 3/30/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Dell Photo AIO Printer 942\memcard.exe

C:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exe

C:\Program Files\Common Files\AOL\1128385185\ee\AOLServiceHost.exe

C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe

C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Documents and Settings\Lindy Calkins\Desktop\dss.exe

C:\DIEMOF~1\Lindy Calkins.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"

O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: AutorunsDisabled

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm492YYUS

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O24 - Desktop Component 0: (no name) - (no file)

--

End of file - 6924 bytes

-- HijackThis Fixed Entries (C:\DIEMOF~1\backups\) -----------------------------

backup-20080327-120810-322 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

backup-20080327-120811-192 O20 - AppInit_DLLs: C:\WINDOWS\system32\hrum135.txt

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S3 catchme - c:\docume~1\lindyc~1\locals~1\temp\catchme.sys (file missing)

S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter

S3 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-03-28 17:39:34 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-02-29 and 2008-03-30 -----------------------------

2008-03-30 09:11:17 0 d-------- C:\fsaua.data

2008-03-30 08:57:53 0 dr-h----- C:\Documents and Settings\Kenny Calkins\Recent

2008-03-29 10:07:03 0 dr-h----- C:\Documents and Settings\Lindy Calkins\Recent

2008-03-28 19:34:48 68096 --a------ C:\WINDOWS\system32\zip.exe

2008-03-28 19:34:48 98816 --a------ C:\WINDOWS\system32\sed.exe

2008-03-28 19:34:48 80412 --a------ C:\WINDOWS\system32\grep.exe

2008-03-28 19:34:48 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >

2008-03-28 19:25:49 0 dr-hs---- C:\cmdcons

2008-03-28 19:25:48 0 d-------- C:\WINDOWS\setup.pss

2008-03-28 19:25:36 0 d-------- C:\WINDOWS\setupupd

2008-03-28 18:22:51 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft

2008-03-28 18:22:26 0 d-------- C:\Program Files\Dell Support Center

2008-03-28 18:22:25 0 d-------- C:\Program Files\Common Files\supportsoft

2008-03-28 17:55:47 0 d-------- C:\Documents and Settings\Kenny Calkins\Application Data\Grisoft

2008-03-28 17:55:46 0 d-------- C:\Documents and Settings\Kenny Calkins\Application Data\AVG7

2008-03-28 15:32:17 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7

2008-03-27 18:17:52 0 dr-h----- C:\$VAULT$.AVG

2008-03-27 17:56:03 0 d-------- C:\Documents and Settings\Lindy Calkins\Application Data\AVG7

2008-03-27 17:55:22 0 d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7

2008-03-27 17:55:09 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7

2008-03-27 12:35:18 0 d-------- C:\Documents and Settings\Lindy Calkins\Application Data\Grisoft

2008-03-27 12:35:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-03-27 10:55:44 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP

2008-03-27 10:55:39 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>

2008-03-27 10:55:38 0 d-------- C:\Program Files\SpywareBlaster

2008-03-27 10:35:12 0 d-------- C:\Program Files\CCleaner

2008-03-27 07:34:06 0 dr------- C:\Documents and Settings\NetworkService\Favorites

2008-03-26 21:27:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-03-26 21:27:53 0 d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-03-26 21:21:09 0 d-------- C:\Program Files\EsetOnlineScanner

2008-03-26 21:20:19 0 d---s---- C:\WINDOWS\Downloaded Program Files

2008-03-26 19:39:08 0 d-------- C:\Die MoFo

2008-03-26 19:36:52 0 d-------- C:\WINDOWS\pss

2008-03-26 19:32:42 0 d-------- C:\Program Files\Lavasoft

2008-03-26 19:32:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-03-26 19:31:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-03-26 19:18:47 0 d-------- C:\WINDOWS\system32\LogFiles

2008-03-26 19:06:27 2855 --a------ C:\WINDOWS\system32\ntsystem.PIF

2008-03-26 19:05:30 0 d--h----- C:\WINDOWS\PIF

2008-03-26 18:58:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Dell

-- Find3M Report ---------------------------------------------------------------

2008-03-28 18:22:25 0 d-------- C:\Program Files\Common Files

2008-03-27 17:51:07 0 d-------- C:\Documents and Settings\Lindy Calkins\Application Data\Adobe

2008-02-11 09:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>

2008-02-11 09:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>

2008-02-08 13:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>

2008-02-05 08:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HostManager"="C:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exe" [08/02/2005 03:33 PM]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [03/27/2008 05:55 PM]

"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [09/14/2004 09:50 AM]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/28/2007 09:14 AM]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 10:35 AM]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 10:36 AM]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 10:32 AM]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 02:05 AM]

"DellMCM"="C:\Program Files\Dell Photo AIO Printer 942\memcard.exe" [07/27/2004 10:08 AM]

"Dell Photo AIO Printer 942"="C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe" [08/31/2004 10:18 AM]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]

"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [04/13/2005 02:45 AM]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 04:42 PM]

"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 02:01 AM]

"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 09:24 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim6"="" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=1 (0x1)

"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=1 (0x1)

"HideStartupScripts"=0 (0x0)

"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oknx64.sys"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"MskService"=2 (0x2)

"MpfService"=2 (0x2)

"mcupdmgr.exe"=3 (0x3)

"McTskshd.exe"=2 (0x2)

"McShield"=2 (0x2)

"McDetect.exe"=2 (0x2)

*Newly Created Service* - F-SECURE_STANDALONE_MINIFILTER

-- End of Deckard's System Scanner: finished at 2008-03-30 10:25:29 ------------

Link to post
Share on other sites

All anti-virus online and installed come up clean. Here are the latest DSS scans from both admin accounts. Nothing bad stands out to me. Is it time to return this darn Dell and yell at the kids to stop downloading crap?

Deckard's System Scanner v20071014.68

Run by Kenny Calkins on 2008-03-31 18:22:09

Computer is in Normal Mode.

--------------------------------------------------------------------------------

Total Physical Memory: 510 MiB (512 MiB recommended).

-- HijackThis (run as Kenny Calkins.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:22:24 PM, on 3/31/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Dell Photo AIO Printer 942\memcard.exe

C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exe

C:\Program Files\Common Files\AOL\1128385185\ee\AOLServiceHost.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Kenny Calkins\Desktop\dss.exe

C:\HIJACK~1\KENNYC~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"

O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: AutorunsDisabled

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm492YYUS

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--

End of file - 8033 bytes

-- Files created between 2008-02-29 and 2008-03-31 -----------------------------

2008-03-31 18:21:03 0 dr-h----- C:\Documents and Settings\Kenny Calkins\Recent

2008-03-31 17:57:48 0 dr-h----- C:\Documents and Settings\Lindy Calkins\Recent

2008-03-31 11:07:11 0 d-------- C:\Program Files\Java

2008-03-31 11:06:34 0 d-------- C:\Program Files\Common Files\Java

2008-03-31 11:00:09 0 d-------- C:\Program Files\jv16 PowerTools

2008-03-31 10:36:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe

2008-03-30 09:11:17 0 d-------- C:\fsaua.data

2008-03-28 19:34:48 68096 --a------ C:\WINDOWS\system32\zip.exe

2008-03-28 19:34:48 98816 --a------ C:\WINDOWS\system32\sed.exe

2008-03-28 19:34:48 80412 --a------ C:\WINDOWS\system32\grep.exe

2008-03-28 19:34:48 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >

2008-03-28 19:25:49 0 dr-hs---- C:\cmdcons

2008-03-28 19:25:48 0 d-------- C:\WINDOWS\setup.pss

2008-03-28 19:25:36 0 d-------- C:\WINDOWS\setupupd

2008-03-28 18:22:51 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft

2008-03-28 18:22:26 0 d-------- C:\Program Files\Dell Support Center

2008-03-28 18:22:25 0 d-------- C:\Program Files\Common Files\supportsoft

2008-03-28 17:55:47 0 d-------- C:\Documents and Settings\Kenny Calkins\Application Data\Grisoft

2008-03-28 17:55:46 0 d-------- C:\Documents and Settings\Kenny Calkins\Application Data\AVG7

2008-03-28 15:32:17 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7

2008-03-27 18:17:52 0 dr-h----- C:\$VAULT$.AVG

2008-03-27 17:56:03 0 d-------- C:\Documents and Settings\Lindy Calkins\Application Data\AVG7

2008-03-27 17:55:22 0 d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7

2008-03-27 17:55:09 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7

2008-03-27 12:35:18 0 d-------- C:\Documents and Settings\Lindy Calkins\Application Data\Grisoft

2008-03-27 12:35:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-03-27 10:55:44 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-03-27 10:55:39 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>

2008-03-27 10:55:38 0 d-------- C:\Program Files\SpywareBlaster

2008-03-27 10:35:12 0 d-------- C:\Program Files\CCleaner

2008-03-27 07:34:06 0 dr------- C:\Documents and Settings\NetworkService\Favorites

2008-03-26 21:27:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-03-26 21:27:53 0 d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-03-26 21:21:09 0 d-------- C:\Program Files\EsetOnlineScanner

2008-03-26 21:20:19 0 d---s---- C:\WINDOWS\Downloaded Program Files

2008-03-26 19:39:08 0 d-------- C:\HijackThis

2008-03-26 19:36:52 0 d-------- C:\WINDOWS\pss

2008-03-26 19:32:42 0 d-------- C:\Program Files\Lavasoft

2008-03-26 19:32:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-03-26 19:31:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-03-26 19:18:47 0 d-------- C:\WINDOWS\system32\LogFiles

2008-03-26 19:06:27 2855 --a------ C:\WINDOWS\system32\ntsystem.PIF

2008-03-26 19:05:30 0 d--h----- C:\WINDOWS\PIF

2008-03-26 18:58:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Dell

-- Find3M Report ---------------------------------------------------------------

2008-03-31 11:06:34 0 d-------- C:\Program Files\Common Files

2008-03-31 10:48:07 0 d-------- C:\Program Files\Common Files\Adobe

2008-03-27 11:20:03 0 d-------- C:\Documents and Settings\Kenny Calkins\Application Data\Adobe

2008-02-11 09:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>

2008-02-11 09:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>

2008-02-08 13:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>

2008-02-05 08:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HostManager"="C:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exe" [08/02/2005 03:33 PM]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [03/27/2008 05:55 PM]

"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [09/14/2004 09:50 AM]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/28/2007 09:14 AM]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 10:35 AM]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 10:36 AM]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 10:32 AM]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 02:05 AM]

"DellMCM"="C:\Program Files\Dell Photo AIO Printer 942\memcard.exe" [07/27/2004 10:08 AM]

"Dell Photo AIO Printer 942"="C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe" [08/31/2004 10:18 AM]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]

"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [04/13/2005 02:45 AM]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 04:42 PM]

"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 02:01 AM]

"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 09:24 AM]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=1 (0x1)

"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoWindowsUpdate"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

-- End of Deckard's System Scanner: finished at 2008-03-31 18:22:50 ------------

Deckard's System Scanner v20071014.68

Run by Lindy Calkins on 2008-03-31 18:27:44

Computer is in Normal Mode.

--------------------------------------------------------------------------------

Total Physical Memory: 510 MiB (512 MiB recommended).

-- HijackThis (run as Lindy Calkins.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:27:51 PM, on 3/31/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exe

C:\Program Files\Common Files\AOL\1128385185\ee\AOLServiceHost.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Dell Photo AIO Printer 942\memcard.exe

C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe

C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Documents and Settings\Lindy Calkins\Desktop\dss.exe

C:\HIJACK~1\LINDYC~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"

O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: AutorunsDisabled

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm492YYUS

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--

End of file - 7873 bytes

-- Files created between 2008-02-29 and 2008-03-31 -----------------------------

2008-03-31 18:21:03 0 dr-h----- C:\Documents and Settings\Kenny Calkins\Recent

2008-03-31 17:57:48 0 dr-h----- C:\Documents and Settings\Lindy Calkins\Recent

2008-03-31 11:07:11 0 d-------- C:\Program Files\Java

2008-03-31 11:06:34 0 d-------- C:\Program Files\Common Files\Java

2008-03-31 11:00:09 0 d-------- C:\Program Files\jv16 PowerTools

2008-03-31 10:36:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe

2008-03-30 09:11:17 0 d-------- C:\fsaua.data

2008-03-28 19:34:48 68096 --a------ C:\WINDOWS\system32\zip.exe

2008-03-28 19:34:48 98816 --a------ C:\WINDOWS\system32\sed.exe

2008-03-28 19:34:48 80412 --a------ C:\WINDOWS\system32\grep.exe

2008-03-28 19:34:48 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >

2008-03-28 19:25:49 0 dr-hs---- C:\cmdcons

2008-03-28 19:25:48 0 d-------- C:\WINDOWS\setup.pss

2008-03-28 19:25:36 0 d-------- C:\WINDOWS\setupupd

2008-03-28 18:22:51 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft

2008-03-28 18:22:26 0 d-------- C:\Program Files\Dell Support Center

2008-03-28 18:22:25 0 d-------- C:\Program Files\Common Files\supportsoft

2008-03-28 17:55:47 0 d-------- C:\Documents and Settings\Kenny Calkins\Application Data\Grisoft

2008-03-28 17:55:46 0 d-------- C:\Documents and Settings\Kenny Calkins\Application Data\AVG7

2008-03-28 15:32:17 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7

2008-03-27 18:17:52 0 dr-h----- C:\$VAULT$.AVG

2008-03-27 17:56:03 0 d-------- C:\Documents and Settings\Lindy Calkins\Application Data\AVG7

2008-03-27 17:55:22 0 d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7

2008-03-27 17:55:09 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7

2008-03-27 12:35:18 0 d-------- C:\Documents and Settings\Lindy Calkins\Application Data\Grisoft

2008-03-27 12:35:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-03-27 10:55:44 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-03-27 10:55:39 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>

2008-03-27 10:55:38 0 d-------- C:\Program Files\SpywareBlaster

2008-03-27 10:35:12 0 d-------- C:\Program Files\CCleaner

2008-03-27 07:34:06 0 dr------- C:\Documents and Settings\NetworkService\Favorites

2008-03-26 21:27:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-03-26 21:27:53 0 d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-03-26 21:21:09 0 d-------- C:\Program Files\EsetOnlineScanner

2008-03-26 21:20:19 0 d---s---- C:\WINDOWS\Downloaded Program Files

2008-03-26 19:39:08 0 d-------- C:\HijackThis

2008-03-26 19:36:52 0 d-------- C:\WINDOWS\pss

2008-03-26 19:32:42 0 d-------- C:\Program Files\Lavasoft

2008-03-26 19:32:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-03-26 19:31:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-03-26 19:18:47 0 d-------- C:\WINDOWS\system32\LogFiles

2008-03-26 19:06:27 2855 --a------ C:\WINDOWS\system32\ntsystem.PIF

2008-03-26 19:05:30 0 d--h----- C:\WINDOWS\PIF

2008-03-26 18:58:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Dell

-- Find3M Report ---------------------------------------------------------------

2008-03-31 11:06:34 0 d-------- C:\Program Files\Common Files

2008-03-31 10:48:07 0 d-------- C:\Program Files\Common Files\Adobe

2008-03-31 10:42:54 0 d-------- C:\Documents and Settings\Lindy Calkins\Application Data\Adobe

2008-02-11 09:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>

2008-02-11 09:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>

2008-02-08 13:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>

2008-02-05 08:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HostManager"="C:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exe" [08/02/2005 03:33 PM]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [03/27/2008 05:55 PM]

"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [09/14/2004 09:50 AM]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/28/2007 09:14 AM]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 10:35 AM]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 10:36 AM]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 10:32 AM]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 02:05 AM]

"DellMCM"="C:\Program Files\Dell Photo AIO Printer 942\memcard.exe" [07/27/2004 10:08 AM]

"Dell Photo AIO Printer 942"="C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe" [08/31/2004 10:18 AM]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]

"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [04/13/2005 02:45 AM]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 04:42 PM]

"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 02:01 AM]

"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 09:24 AM]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim6"="" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=1 (0x1)

"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=1 (0x1)

"HideStartupScripts"=0 (0x0)

"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

-- End of Deckard's System Scanner: finished at 2008-03-31 18:28:16 ------------

Link to post
Share on other sites
s it time to return this darn Dell and yell at the kids to stop downloading crap?

Yes it is....to both.

I tried to post yesterday and had some major issues, sorry for the delay.

Time for some housekeeping

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    • CF_Cleanup.png

The above procedure will:

  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present

    [*] Reset the clock settings.

    [*] Hide file extensions, if required.

    [*] Hide System/Hidden files, if required.

    [*] Reset System Restore.

I'm going to forgot the USUAL closing speech for you for couple of reasons. You've got most tools already. You've read enough of then here over last few year you know as well I do.

You also know you own mind and know what your system (read kid) needs on it.

One thing I did say in the post that never made it on yesterday is the following.

Result: 0 malware found

In the many months I've been using this scanner this is a 1st for me.

LOTS of times I'll get a result of 1 found (cookies) but never a zero...even on my own boxes.

Good job

Glad I was able to help you a bit..if you need any other help/question let me know.

Edited by jwbirdsong
Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.