Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
Virus knocking out network card
-
08-02-2008 2:46pm#1Hi
I got spyware the other night, dont know the name of it for sure. I was getting the following error
During a scan of files at system startup, potential errors in the system registry were found.
p-07-0100 irql: 1f SYSVER 0xff0024
NT_Kernel error 1256
KMODE_EXCEPTION_NOT_HANDLED
So i installed spybot and adaware along with Fixvundo. After running these in safe mode, all looked good. i rebooted.
After a short while, in normal mode, i ran avg and it picked up more viruses. At this stage, my network connection was lost. It says drivers not working.
I have been able to get the correct drivers at work for the network card but i am wondering am i snookered??
Should i keep running all the virus scanners in safe mode until nothing appears and then try to reinstall the drivers??
Any help would be great. I just hope i dont have to reinstall the OS, that would be a nightmare
Cheers0
Comments
-
Do this
Please download Deckard's System Scanner (DSS) and save it to your Desktop.- Close all other windows before proceeding.
- Double-click on dss.exe and follow the prompts.
- If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
- When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
0 -
i am having trouble posting the full reply so i will do it in parts, hope thats ok0
-
Deckard's System Scanner v20071014.68
Run by Gene on 2008-02-08 20:11:48
Computer is in Normal Mode.
-- System Restore
Successfully created a Deckard's System Scanner Restore Point.0 -
-- Last 5 Restore Point(s) --
65: 2008-02-08 20:12:03 UTC - RP283 - Deckard's System Scanner Restore Point
64: 2008-02-07 20:45:20 UTC - RP282 - Installed Ad-Aware 2007
63: 2008-02-07 20:06:45 UTC - RP281 - Software Distribution Service 3.0
62: 2008-02-06 18:40:30 UTC - RP280 - Last known good configuration
61: 2008-02-06 18:40:22 UTC - RP279 - System Checkpoint
-- First Restore Point --
1: 2008-02-06 18:40:09 UTC - RP219 - System Checkpoint0 -
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 8.77 GiB (less than 15%) free.
-- HijackThis Clone
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-08 20:14:41
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explor0 -
Advertisement
-
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe0 -
That isn't going to work
You should be able to fit the main.txt in one post, and extra.txt in another0 -
is there anyway i can mail them onto you to post up?
my connection just keeps timing out not allowing me to post0 -
Try attach them here0
-
this is the extra one0
-
Advertisement
-
and here is main. i tried this earlier and it didnt work but how bad
thanks0 -
Hello
Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):
AntiSpywareShield
1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):
O2 - BHO: {a3d633b0-64ca-7ff9-0ef4-622ad08e6e72} - {27e6e80d-a226-4fe0-9ff7-ac460b336d3a} - C:\WINDOWS\system32\dwuetdyv.dll
O2 - BHO: (no name) - {5dfd6426-2c53-44ed-82df-9f62fb49e698} - (no file)
O2 - BHO: (no name) - {618EBB22-8BF5-4DE0-B331-9177BF0612C7} - C:\WINDOWS\system32\pmnll.dll (file missing)
O2 - BHO: (no name) - {731CA0CF-2D3D-4D56-A08C-0A50439E6C4D} - C:\WINDOWS\system32\vtutt.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - C:\WINDOWS\system32\byxuttq.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - C:\Program Files\Helper\1202341629.dll (file missing)
O4 - HKLM\..\Run: [9887bb29] rundll32.exe "C:\WINDOWS\system32\tohosmdn.dll",b
O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
O20 - Winlogon Notify: byxuttq - C:\WINDOWS\system32\byxuttq.dll
2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
Please download the OTMoveIt2 by OldTimer.- Save it to your desktop.
- Please double-click OTMoveIt2.exe to run it.
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
C:\WINDOWS\system32\tohosmdn.dll C:\WINDOWS\system32\dwuetdyv.dll C:\WINDOWS\system32\ttutv.ini2 C:\d.exe C:\jupss.exe C:\WINDOWS\CSC C:\WINDOWS\system32\enxuwegf.dll C:\WINDOWS\system32\7293842ld.exe C:\-1735935098 C:\qrwkjyd.exe C:\exujd.exe C:\WINDOWS\system32\jnhjkfrn C:\wpohl.exe C:\WINDOWS\system32\qyeydnqa.dll C:\WINDOWS\system32\rxjydied.dll C:\WINDOWS\system32\qmfmlqxr.dll C:\WINDOWS\system32\llnmp.ini2 C:\WINDOWS\system32\byxuttq.dll C:\WINDOWS\system32\dwuetdyv.dll C:\Program Files\Helper C:\WINDOWS\system32\byxuttq.dll C:\Program Files\AntiSpywareShield
- Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
purity
- Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTMoveIt2
Reboot and post a new DSS log, try not to attach it if possible0 -
it is still timing out for me when i try to paste so i just attached it. hope thats ok.
only one file was created this time, main.txt0 -
Deckard's System Scanner v20071014.68
Run by Gene on 2008-02-10 16:35:39
Computer is in Normal Mode.
System Drive C: has 9.12 GiB (less than 15%) free.
-- HijackThis Clone
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-10 16:36:15
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\Program Files\McAfee.com\VSO\McShield.exe
C:\Program Files\McAfee.com\Agent\McTskshd.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\McAfee\SpamKiller\MSKAgent.exe
C:\Program Files\McAfee.com\VSO\McVSEscn.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\McAfee.com\VSO\mcvsftsn.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\msiexec.exe
E:\dss.exe
C:\Documents and Settings\Gene\Desktop\dss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.6.12.1:3128
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {27e6e80d-a226-4fe0-9ff7-ac460b336d3a} - (no file)
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - C:\Program Files\McAfee\SpamKiller\McApfBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {5dfd6426-2c53-44ed-82df-9f62fb49e698} - (no file)
O2 - BHO: (no name) - {618EBB22-8BF5-4DE0-B331-9177BF0612C7} - (no file)
O2 - BHO: (no name) - {731CA0CF-2D3D-4D56-A08C-0A50439E6C4D} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - C:\WINDOWS\system32\byxuttq.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\Program Files\McAfee.com\VSO\mcvsshl.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\Program Files\McAfee\SpamKiller\McApfBHO.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\Program Files\McAfee\SpamKiller\McApfBHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - Winlogon Notify: byxuttq - C:\WINDOWS\system32\byxuttq.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\Mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - C:\Program Files\McAfee.com\VSO\McShield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\McTskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell
--
End of file - 13282 bytes
-- Files created between 2008-01-10 and 2008-02-10
2008-02-09 13:23:40 0 dr-h
C:\Documents and Settings\Gene\Recent
2008-02-07 20:45:29 0 d
C:\Program Files\Lavasoft
2008-02-07 20:45:27 0 d
C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-07 19:47:09 0 d
C:\Program Files\Common Files\Wise Installation Wizard
2008-02-07 18:40:56 0 d
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-06 18:34:41 40960 --a
C:\WINDOWS\system32\byxuttq.dll
2008-02-06 18:32:23 217127 --a
C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-02-06 18:32:23 208935 --a
C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-02-06 18:32:23 176165 --a
C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-02-06 18:28:21 47360 --a
C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-02-06 18:28:21 0 d
C:\Documents and Settings\Gene\Application Data\Vso
2008-02-06 18:28:21 47360 --a
C:\Documents and Settings\Gene\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-02-06 18:28:10 0 d
C:\Program Files\VSO
2008-02-05 22:10:31 0 d
C:\Documents and Settings\Gene\Application Data\Nero
2008-01-22 20:45:14 0 d
C:\Program Files\HomePlug
2008-01-22 20:37:46 102912 -ra
C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-01-18 12:03:38 0 d
C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-16 21:28:37 0 d
C:\Program Files\Windows Live Favorites
2008-01-16 21:21:13 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-16 21:21:05 0 d
C:\Program Files\Windows Live
2008-01-16 21:20:54 0 d
C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-15 21:49:38 32768 --a
C:\WINDOWS\VMZoom.exe <Not Verified; Vimicro; >
2008-01-15 21:49:38 24576 --a
C:\WINDOWS\VMPipe.dll <Not Verified; ; ZSMCSecret Dynamic Link Library>
2008-01-15 21:49:38 307200 --a
C:\WINDOWS\vidcap32.Exe <Not Verified; Microsoft Corporation; Microsoft Windows>
2008-01-15 21:49:37 0 d
C:\WINDOWS\CatRoot
2008-01-15 21:49:36 0 d
C:\WINDOWS\EffectResources
2008-01-15 21:45:47 0 d
C:\Program Files\Vimicro
2008-01-15 21:24:16 0 d
C:\Documents and Settings\LocalService\Start Menu
2008-01-15 21:16:56 0 d
C:\Documents and Settings\Gene\Application Data\InstallShield
2008-01-15 20:55:35 0 d
C:\Program Files\Common Files\Logitech
2008-01-15 20:55:04 0 d
C:\Program Files\Logitech
2008-01-15 19:54:16 0 d
C:\WINDOWS\Options
2008-01-15 19:44:17 0 d
C:\Program Files\GLOBEYES
2008-01-15 19:28:36 0 d
C:\Webcam
-- Find3M Report
2008-02-09 14:38:37 0 d
C:\Program Files\Intel
2008-02-06 23:46:47 1324 --a
C:\WINDOWS\system32\d3d9caps.dat
2008-02-06 23:00:36 0 d
C:\Program Files\Winamp
2008-02-06 22:31:31 0 d
C:\Documents and Settings\Gene\Application Data\uTorrent
2008-02-06 18:28:33 34 --a
C:\Documents and Settings\Gene\Application Data\pcouffin.log
2008-02-06 18:28:21 1144 --a
C:\Documents and Settings\Gene\Application Data\pcouffin.inf
2008-02-06 18:28:21 7887 --a
C:\Documents and Settings\Gene\Application Data\pcouffin.cat
2008-02-05 20:14:43 0 d
C:\Program Files\iTunes
2008-01-29 22:32:44 0 d
C:\Documents and Settings\Gene\Application Data\Skype
2008-01-23 00:08:21 3350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-23 00:08:16 56 -r-hs---- C:\WINDOWS\system32\CF63BE4652.sys
2008-01-17 00:07:05 0 d
C:\Program Files\GemMaster
2008-01-17 00:05:28 0 d--h
C:\Program Files\InstallShield Installation Information
2008-01-16 21:29:50 0 d
C:\Program Files\Windows Live Toolbar
2008-01-16 21:21:13 0 d
C:\Program Files\Common Files
2008-01-15 20:00:41 0 d
C:\Program Files\Common Files\InstallShield
2007-12-23 12:54:53 0 d
C:\Program Files\Dell Support Center
2007-12-23 12:54:43 0 d
C:\Program Files\Common Files\supportsoft
2007-12-17 20:04:43 0 d
C:\Documents and Settings\Gene\Application Data\AdobeUM
2007-12-16 16:16:28 0 d
C:\Documents and Settings\Gene\Application Data\Adobe
2007-12-15 19:08:01 0 d
C:\Program Files\SmartDVDCreator
2007-12-10 21:22:38 0 d
C:\Program Files\uTorrent
2007-11-14 19:30:09 4538 --a
C:\WINDOWS\system32\tmp.reg
-- Registry Dump
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{27e6e80d-a226-4fe0-9ff7-ac460b336d3a}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dfd6426-2c53-44ed-82df-9f62fb49e698}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{618EBB22-8BF5-4DE0-B331-9177BF0612C7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{731CA0CF-2D3D-4D56-A08C-0A50439E6C4D}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}]
06/02/2008 18:34 40960 --a
C:\WINDOWS\system32\byxuttq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-ABCD-7DD20B8622FF}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [08/07/2005 18:18]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [10/08/2005 12:49]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" []
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [11/08/2005 22:02]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 16:40]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [07/11/2006 14:49]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [26/09/2005 10:26]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [11/11/2005 16:00]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [11/01/2006 12:05]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [22/09/2005 18:29]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/06/2005 10:44]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [10/06/2005 10:44]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [03/09/2003 20:12]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [14/10/2005 20:49]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [14/10/2005 20:50]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [14/10/2005 20:46]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [29/09/2005 14:01]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [08/09/2005 05:20]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [31/08/2005 11:06]
"BluetoothAuthenticationAgent"="bthprops.cpl" [10/08/2004 05:00 C:\WINDOWS\system32\bthprops.cpl]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [04/05/2005 16:21]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23/03/2007 12:20]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [20/11/2006 21:42]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15/11/2007 09:24]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [16/12/2005 16:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [15/03/2007 10:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 05:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [21/04/2006 17:03]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 16:45]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [15/11/2007 09:23]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [05/11/2006 18:44:29]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [18/02/1999 04:05:56]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E180F496-8A4B-44E2-9FE0-0364E345DB7F}"= C:\WINDOWS\system32\byxuttq.dll [06/02/2008 18:34 40960]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxuttq]
byxuttq.dll 06/02/2008 18:34 40960 C:\WINDOWS\system32\byxuttq.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtutt.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL index.htm
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9643e6c-d681-11dc-801f-e90a6744b5ce}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL index.htm
-- End of Deckard's System Scanner: finished at 2008-02-10 16:37:04
0 -
Do this
Download ComboFix from one of the locations below, and save it to your Desktop. Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall0 -
here is the comnbofix one
ComboFix 08-02.05.3 - Gene 2008-02-10 17:21:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.473 [GMT 0:00]
Running from: E:\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\byxuttq.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Gene\Application Data\inst.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\aqndyeyq.ini
C:\WINDOWS\system32\byxuttq.dll
C:\WINDOWS\system32\drivers\NdisWon.sys
C:\WINDOWS\system32\llnmp.ini
C:\WINDOWS\system32\ndmsohot.ini
C:\WINDOWS\system32\nhnnetli.ini
C:\WINDOWS\system32\ttutv.ini
E:\Autorun.inf
BITS: Possible infected sites
hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
\LEGACY_NDISWON
((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))
.
2008-02-10 16:29 . 2008-02-10 16:29 <DIR> d
C:\_OTMoveIt
2008-02-09 14:38 . 2006-01-12 14:52 1,904 --a
C:\WINDOWS\system32\SetupBD.din
2008-02-08 20:11 . 2008-02-08 20:11 <DIR> d
C:\Deckard
2008-02-07 20:59 . 2008-02-07 20:59 54,156 --ah
C:\WINDOWS\QTFont.qfn
2008-02-07 20:59 . 2008-02-07 20:59 1,409 --a
C:\WINDOWS\QTFont.for
2008-02-07 20:45 . 2008-02-07 20:45 <DIR> d
C:\Program Files\Lavasoft
2008-02-07 20:45 . 2008-02-07 20:46 <DIR> d
C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-07 19:47 . 2008-02-07 19:47 <DIR> d
C:\Program Files\Common Files\Wise Installation Wizard
2008-02-07 18:40 . 2008-02-07 18:41 <DIR> d
C:\Program Files\Spybot - Search & Destroy
2008-02-07 18:40 . 2008-02-07 19:27 <DIR> d
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-06 18:32 . 2006-09-29 11:24 217,127 --a
C:\WINDOWS\system32\drv43260.dll
2008-02-06 18:32 . 2006-09-29 11:25 208,935 --a
C:\WINDOWS\system32\drv33260.dll
2008-02-06 18:32 . 2006-09-29 11:26 176,165 --a
C:\WINDOWS\system32\drv23260.dll
2008-02-06 18:28 . 2008-02-06 18:32 <DIR> d
C:\Program Files\VSO
2008-02-06 18:28 . 2008-02-06 23:46 <DIR> d
C:\Documents and Settings\Gene\Application Data\Vso
2008-02-06 18:28 . 2008-02-06 18:28 47,360 --a
C:\WINDOWS\system32\drivers\pcouffin.sys
2008-02-06 18:28 . 2008-02-06 18:28 47,360 --a
C:\Documents and Settings\Gene\Application Data\pcouffin.sys
2008-02-05 22:10 . 2008-02-05 22:10 <DIR> d
C:\Documents and Settings\Gene\Application Data\Nero
2008-01-22 20:45 . 2008-01-22 21:01 <DIR> d
C:\Program Files\HomePlug
2008-01-22 20:40 . 2008-01-22 21:18 0 --a
C:\uk_o.bmp
2008-01-22 20:40 . 2008-01-22 21:18 0 --a
C:\uk_c.bmp
2008-01-22 20:39 . 2008-01-22 21:18 0 --a
C:\save_o.jpg
2008-01-22 20:39 . 2008-01-22 21:18 0 --a
C:\save_c.jpg
2008-01-22 20:39 . 2008-01-22 21:18 0 --a
C:\home_o.jpg
2008-01-22 20:39 . 2008-01-22 21:18 0 --a
C:\home_c.jpg
2008-01-22 20:39 . 2008-01-22 21:18 0 --a
C:\exit_o.jpg
2008-01-22 20:39 . 2008-01-22 21:18 0 --a
C:\exit_c.jpg
2008-01-22 20:37 . 2005-08-16 12:33 108,336 -ra
C:\WINDOWS\system32\MSWINSCK.OCX
2008-01-22 20:37 . 1998-06-17 16:00 102,912 -ra
C:\WINDOWS\system32\VB6STKIT.DLL
2008-01-18 12:03 . 2008-01-18 12:03 <DIR> d
C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-18 11:40 . 2007-07-30 19:19 271,224 --a
C:\WINDOWS\system32\mucltui.dll
2008-01-18 11:40 . 2007-07-30 19:19 207,736 --a
C:\WINDOWS\system32\muweb.dll
2008-01-18 11:40 . 2007-07-30 19:19 30,072 --a
C:\WINDOWS\system32\mucltui.dll.mui
2008-01-16 21:28 . 2008-01-16 21:28 <DIR> d
C:\Program Files\Windows Live Favorites
2008-01-16 21:21 . 2008-01-16 21:27 <DIR> d
C:\Program Files\Windows Live
2008-01-16 21:21 . 2008-01-16 21:27 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-16 21:20 . 2008-01-16 21:20 <DIR> d
C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-15 21:45 . 2008-01-15 21:51 <DIR> d
C:\Program Files\Vimicro
2008-01-15 21:34 . 2005-12-13 10:12 172,032 --a
C:\WINDOWS\amcap.exe
2008-01-15 21:16 . 2008-01-15 21:16 <DIR> d
C:\Documents and Settings\Gene\Application Data\InstallShield
2008-01-15 20:55 . 2008-01-15 20:55 <DIR> d
C:\Program Files\Logitech
2008-01-15 20:55 . 2008-01-15 21:25 <DIR> d
C:\Program Files\Common Files\Logitech
2008-01-15 20:55 . 2005-12-07 09:55 1,645,320 --a
C:\WINDOWS\system32\gdiplus.dll
2008-01-15 19:54 . 2008-01-15 19:54 <DIR> d
C:\WINDOWS\Options
2008-01-15 19:44 . 2008-01-17 00:11 <DIR> d
C:\Program Files\GLOBEYES
2008-01-15 19:28 . 2008-01-15 19:28 <DIR> d
C:\Webcam
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 16:31 379 ----a-w C:\WINDOWS\system32\drivers\sthdae.log
2008-02-09 14:38
d
w C:\Program Files\Intel
2008-02-07 21:34
d
w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-02-06 23:47 70,528 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-02-06 23:00
d
w C:\Program Files\Winamp
2008-02-06 22:31
d
w C:\Documents and Settings\Gene\Application Data\uTorrent
2008-02-05 20:14
d
w C:\Program Files\iTunes
2008-02-05 18:56
d
w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-29 22:32
d
w C:\Documents and Settings\Gene\Application Data\Skype
2008-01-17 00:07
d
w C:\Program Files\GemMaster
2008-01-17 00:05
d--h--w C:\Program Files\InstallShield Installation Information
2008-01-16 21:29
d
w C:\Program Files\Windows Live Toolbar
2008-01-15 20:00
d
w C:\Program Files\Common Files\InstallShield
2007-12-23 12:55
d
w C:\Documents and Settings\All Users\Application Data\SupportSoft
2007-12-23 12:54
d
w C:\Program Files\Dell Support Center
2007-12-23 12:54
d
w C:\Program Files\Common Files\supportsoft
2007-12-17 20:04
d
w C:\Documents and Settings\Gene\Application Data\AdobeUM
2007-12-15 19:08
d
w C:\Program Files\SmartDVDCreator
2007-12-10 21:22
d
w C:\Program Files\uTorrent
2006-02-07 22:34 251 ----a-w C:\Program Files\wt3d.ini
2004-10-11 19:46 205,312 ----a-w C:\Program Files\ltefx13n.dll
2004-01-19 14:31 153,600 ----a-w C:\Program Files\ltfil13n.DLL
2004-01-19 13:31 27,648 ----a-w C:\Program Files\lfiff13n.dll
2004-01-19 13:31 20,480 ----a-w C:\Program Files\lfCUT13n.dll
2004-01-19 12:31 453,120 ----a-w C:\Program Files\ltkrn13n.dll
2004-01-19 12:12 89,600 ----a-w C:\Program Files\Lfcgm13n.dll
2004-01-19 11:49 278,016 ----a-w C:\Program Files\LFJ2K13n.dll
2004-01-19 11:49 180,736 ----a-w C:\Program Files\Lfpng13n.dll
2004-01-19 11:47 76,800 ----a-w C:\Program Files\Lfwmf13n.dll
2004-01-19 11:47 509,440 ----a-w C:\Program Files\LFCMW13n.dll
2004-01-19 11:45 420,352 ----a-w C:\Program Files\LFCMP13n.DLL
2004-01-19 11:44 143,872 ----a-w C:\Program Files\lftif13n.dll
2004-01-19 11:36 65,536 ----a-w C:\Program Files\Lfpct13n.dll
2004-01-19 11:36 56,832 ----a-w C:\Program Files\lfpsd13n.dll
2004-01-19 11:36 26,624 ----a-w C:\Program Files\lfpcx13n.dll
2004-01-19 11:36 19,968 ----a-w C:\Program Files\lfpcd13n.dll
2004-01-19 11:36 18,944 ----a-w C:\Program Files\lfmsp13n.dll
2004-01-19 11:35 20,992 ----a-w C:\Program Files\lfimg13n.dll
2004-01-19 11:35 18,944 ----a-w C:\Program Files\lfmac13n.dll
2004-01-19 11:34 31,744 ----a-w C:\Program Files\lfclp13n.dll
2004-01-19 11:34 30,208 ----a-w C:\Program Files\lfbmp13n.dll
2004-01-19 11:33 444,928 ----a-w C:\Program Files\ltimg13n.dll
2004-01-19 11:32 265,216 ----a-w C:\Program Files\LTDIS13n.dll
2000-05-02 04:17 212,480 ----a-w C:\Program Files\PCDLIB32.DLL
1999-11-18 23:00 284,032 ----a-w C:\Program Files\XceedZip.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{27e6e80d-a226-4fe0-9ff7-ac460b336d3a}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dfd6426-2c53-44ed-82df-9f62fb49e698}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{618EBB22-8BF5-4DE0-B331-9177BF0612C7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{731CA0CF-2D3D-4D56-A08C-0A50439E6C4D}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-ABCD-7DD20B8622FF}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 17:03 94208]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 14:49 1121280]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 10:26 110592]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 16:00 1005096]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12 221184]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 20:49 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 20:50 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 20:46 77824]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01 67584]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 11:06 106496]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 05:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-05-04 16:21 278528]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 12:20 227328]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2006-11-20 21:42 98304]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [2005-12-16 16:00 61440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 05:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-11-05 18:44:29 278528]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 04:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxuttq]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
R3 ZSMC303;VIMICRO USB PC Camera (ZC0301PLH);C:\WINDOWS\system32\Drivers\usbVM303.sys [2004-11-18 11:28]
S1 jnhjkfrn;jn hjkfrn;C:\WINDOWS\system32\jnhjkfrn []
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCMPR5.SYS []
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCNDIS5.SYS [2004-04-26 10:11]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL index.htm
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-02-10 16:56:30 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-10 17:26:34 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (CRONAN-Gene).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 17:27:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Other Running Processes
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\dllhost.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2008-02-10 17:30:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-10 17:30:30
.
2008-02-07 20:07:27 --- E O F ---0 -
and this is the hijack one
Deckard's System Scanner v20071014.68
Run by Gene on 2008-02-10 17:31:33
Computer is in Normal Mode.
System Drive C: has 9.17 GiB (less than 15%) free.
-- HijackThis Clone
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-10 17:32:13
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\Program Files\McAfee.com\VSO\McShield.exe
C:\Program Files\McAfee.com\Agent\McTskshd.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\McAfee\SpamKiller\MSKAgent.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\McVSEscn.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\McAfee.com\VSO\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Gene\Desktop\dss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.6.12.1:3128
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - C:\Program Files\McAfee\SpamKiller\McApfBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\Program Files\McAfee.com\VSO\mcvsshl.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\Program Files\McAfee\SpamKiller\McApfBHO.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\Program Files\McAfee\SpamKiller\McApfBHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\Mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - C:\Program Files\McAfee.com\VSO\McShield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\McTskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell
--
End of file - 12723 bytes
-- Files created between 2008-01-10 and 2008-02-10
2008-02-10 17:20:13 68096 --a
C:\WINDOWS\system32\zip.exe
2008-02-10 17:20:13 98816 --a
C:\WINDOWS\system32\sed.exe
2008-02-10 17:20:13 80412 --a
C:\WINDOWS\system32\grep.exe
2008-02-10 17:20:13 73728 --a
C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-09 13:23:40 0 dr-h
C:\Documents and Settings\Gene\Recent
2008-02-07 20:45:29 0 d
C:\Program Files\Lavasoft
2008-02-07 20:45:27 0 d
C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-07 19:47:09 0 d
C:\Program Files\Common Files\Wise Installation Wizard
2008-02-07 18:40:56 0 d
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-06 18:32:23 217127 --a
C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-02-06 18:32:23 208935 --a
C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-02-06 18:32:23 176165 --a
C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-02-06 18:28:21 47360 --a
C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-02-06 18:28:21 0 d
C:\Documents and Settings\Gene\Application Data\Vso
2008-02-06 18:28:21 47360 --a
C:\Documents and Settings\Gene\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-02-06 18:28:10 0 d
C:\Program Files\VSO
2008-02-05 22:10:31 0 d
C:\Documents and Settings\Gene\Application Data\Nero
2008-01-22 20:45:14 0 d
C:\Program Files\HomePlug
2008-01-22 20:37:46 102912 -ra
C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-01-18 12:03:38 0 d
C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-16 21:28:37 0 d
C:\Program Files\Windows Live Favorites
2008-01-16 21:21:13 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-16 21:21:05 0 d
C:\Program Files\Windows Live
2008-01-16 21:20:54 0 d
C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-15 21:49:38 32768 --a
C:\WINDOWS\VMZoom.exe <Not Verified; Vimicro; >
2008-01-15 21:49:38 24576 --a
C:\WINDOWS\VMPipe.dll <Not Verified; ; ZSMCSecret Dynamic Link Library>
2008-01-15 21:49:38 307200 --a
C:\WINDOWS\vidcap32.Exe <Not Verified; Microsoft Corporation; Microsoft Windows>
2008-01-15 21:49:37 0 d
C:\WINDOWS\CatRoot
2008-01-15 21:49:36 0 d
C:\WINDOWS\EffectResources
2008-01-15 21:45:47 0 d
C:\Program Files\Vimicro
2008-01-15 21:24:16 0 d
C:\Documents and Settings\LocalService\Start Menu
2008-01-15 21:16:56 0 d
C:\Documents and Settings\Gene\Application Data\InstallShield
2008-01-15 20:55:35 0 d
C:\Program Files\Common Files\Logitech
2008-01-15 20:55:04 0 d
C:\Program Files\Logitech
2008-01-15 19:54:16 0 d
C:\WINDOWS\Options
2008-01-15 19:44:17 0 d
C:\Program Files\GLOBEYES
2008-01-15 19:28:36 0 d
C:\Webcam
-- Find3M Report
2008-02-09 14:38:37 0 d
C:\Program Files\Intel
2008-02-06 23:46:47 1324 --a
C:\WINDOWS\system32\d3d9caps.dat
2008-02-06 23:00:36 0 d
C:\Program Files\Winamp
2008-02-06 22:31:31 0 d
C:\Documents and Settings\Gene\Application Data\uTorrent
2008-02-06 18:28:33 34 --a
C:\Documents and Settings\Gene\Application Data\pcouffin.log
2008-02-06 18:28:21 1144 --a
C:\Documents and Settings\Gene\Application Data\pcouffin.inf
2008-02-06 18:28:21 7887 --a
C:\Documents and Settings\Gene\Application Data\pcouffin.cat
2008-02-05 20:14:43 0 d
C:\Program Files\iTunes
2008-01-29 22:32:44 0 d
C:\Documents and Settings\Gene\Application Data\Skype
2008-01-23 00:08:21 3350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-23 00:08:16 56 -r-hs---- C:\WINDOWS\system32\CF63BE4652.sys
2008-01-17 00:07:05 0 d
C:\Program Files\GemMaster
2008-01-17 00:05:28 0 d--h
C:\Program Files\InstallShield Installation Information
2008-01-16 21:29:50 0 d
C:\Program Files\Windows Live Toolbar
2008-01-16 21:21:13 0 d
C:\Program Files\Common Files
2008-01-15 20:00:41 0 d
C:\Program Files\Common Files\InstallShield
2007-12-23 12:54:53 0 d
C:\Program Files\Dell Support Center
2007-12-23 12:54:43 0 d
C:\Program Files\Common Files\supportsoft
2007-12-17 20:04:43 0 d
C:\Documents and Settings\Gene\Application Data\AdobeUM
2007-12-16 16:16:28 0 d
C:\Documents and Settings\Gene\Application Data\Adobe
2007-12-15 19:08:01 0 d
C:\Program Files\SmartDVDCreator
2007-12-10 21:22:38 0 d
C:\Program Files\uTorrent
2007-11-14 19:30:09 4538 --a
C:\WINDOWS\system32\tmp.reg
-- Registry Dump
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [08/07/2005 18:18]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [10/08/2005 12:49]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" []
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [11/08/2005 22:02]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 16:40]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [07/11/2006 14:49]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [26/09/2005 10:26]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [11/11/2005 16:00]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [11/01/2006 12:05]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [22/09/2005 18:29]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/06/2005 10:44]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [10/06/2005 10:44]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [03/09/2003 20:12]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [14/10/2005 20:49]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [14/10/2005 20:50]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [14/10/2005 20:46]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [29/09/2005 14:01]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [08/09/2005 05:20]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [31/08/2005 11:06]
"BluetoothAuthenticationAgent"="bthprops.cpl" [10/08/2004 05:00 C:\WINDOWS\system32\bthprops.cpl]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [04/05/2005 16:21]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23/03/2007 12:20]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [20/11/2006 21:42]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15/11/2007 09:24]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [16/12/2005 16:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [15/03/2007 10:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 05:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [21/04/2006 17:03]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 16:45]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [15/11/2007 09:23]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [05/11/2006 18:44:29]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [18/02/1999 04:05:56]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL index.htm
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe
-- End of Deckard's System Scanner: finished at 2008-02-10 17:32:43
0 -
Hello
1. Close any open browsers.
2. Open notepad and copy/paste the text in the quotebox below into it:Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxuttq]
Driver::
jnhjkfrn
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Also post a new HijackThis log0 -
this is main.txt
Deckard's System Scanner v20071014.68
Run by Gene on 2008-02-10 18:31:14
Computer is in Normal Mode.
System Drive C: has 9.17 GiB (less than 15%) free.
-- HijackThis Clone
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-10 18:31:48
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\Program Files\McAfee.com\VSO\McShield.exe
C:\Program Files\McAfee.com\Agent\McTskshd.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\McAfee.com\VSO\McVSEscn.exe
C:\Program Files\McAfee\SpamKiller\MSKAgent.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\qttask.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\McAfee.com\VSO\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Gene\Desktop\dss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.6.12.1:3128
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - C:\Program Files\McAfee\SpamKiller\McApfBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\Program Files\McAfee.com\VSO\mcvsshl.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\Program Files\McAfee\SpamKiller\McApfBHO.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\Program Files\McAfee\SpamKiller\McApfBHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\Mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - C:\Program Files\McAfee.com\VSO\McShield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\McTskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell
--
End of file - 12697 bytes
-- Files created between 2008-01-10 and 2008-02-10
2008-02-10 17:20:13 68096 --a
C:\WINDOWS\system32\zip.exe
2008-02-10 17:20:13 98816 --a
C:\WINDOWS\system32\sed.exe
2008-02-10 17:20:13 80412 --a
C:\WINDOWS\system32\grep.exe
2008-02-10 17:20:13 73728 --a
C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-09 13:23:40 0 dr-h
C:\Documents and Settings\Gene\Recent
2008-02-07 20:45:29 0 d
C:\Program Files\Lavasoft
2008-02-07 20:45:27 0 d
C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-07 19:47:09 0 d
C:\Program Files\Common Files\Wise Installation Wizard
2008-02-07 18:40:56 0 d
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-06 18:32:23 217127 --a
C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-02-06 18:32:23 208935 --a
C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-02-06 18:32:23 176165 --a
C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-02-06 18:28:21 47360 --a
C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-02-06 18:28:21 0 d
C:\Documents and Settings\Gene\Application Data\Vso
2008-02-06 18:28:21 47360 --a
C:\Documents and Settings\Gene\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-02-06 18:28:10 0 d
C:\Program Files\VSO
2008-02-05 22:10:31 0 d
C:\Documents and Settings\Gene\Application Data\Nero
2008-01-22 20:45:14 0 d
C:\Program Files\HomePlug
2008-01-22 20:37:46 102912 -ra
C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-01-18 12:03:38 0 d
C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-16 21:28:37 0 d
C:\Program Files\Windows Live Favorites
2008-01-16 21:21:13 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-16 21:21:05 0 d
C:\Program Files\Windows Live
2008-01-16 21:20:54 0 d
C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-15 21:49:38 32768 --a
C:\WINDOWS\VMZoom.exe <Not Verified; Vimicro; >
2008-01-15 21:49:38 24576 --a
C:\WINDOWS\VMPipe.dll <Not Verified; ; ZSMCSecret Dynamic Link Library>
2008-01-15 21:49:38 307200 --a
C:\WINDOWS\vidcap32.Exe <Not Verified; Microsoft Corporation; Microsoft Windows>
2008-01-15 21:49:37 0 d
C:\WINDOWS\CatRoot
2008-01-15 21:49:36 0 d
C:\WINDOWS\EffectResources
2008-01-15 21:45:47 0 d
C:\Program Files\Vimicro
2008-01-15 21:24:16 0 d
C:\Documents and Settings\LocalService\Start Menu
2008-01-15 21:16:56 0 d
C:\Documents and Settings\Gene\Application Data\InstallShield
2008-01-15 20:55:35 0 d
C:\Program Files\Common Files\Logitech
2008-01-15 20:55:04 0 d
C:\Program Files\Logitech
2008-01-15 19:54:16 0 d
C:\WINDOWS\Options
2008-01-15 19:44:17 0 d
C:\Program Files\GLOBEYES
2008-01-15 19:28:36 0 d
C:\Webcam
-- Find3M Report
2008-02-09 14:38:37 0 d
C:\Program Files\Intel
2008-02-06 23:46:47 1324 --a
C:\WINDOWS\system32\d3d9caps.dat
2008-02-06 23:00:36 0 d
C:\Program Files\Winamp
2008-02-06 22:31:31 0 d
C:\Documents and Settings\Gene\Application Data\uTorrent
2008-02-06 18:28:33 34 --a
C:\Documents and Settings\Gene\Application Data\pcouffin.log
2008-02-06 18:28:21 1144 --a
C:\Documents and Settings\Gene\Application Data\pcouffin.inf
2008-02-06 18:28:21 7887 --a
C:\Documents and Settings\Gene\Application Data\pcouffin.cat
2008-02-05 20:14:43 0 d
C:\Program Files\iTunes
2008-01-29 22:32:44 0 d
C:\Documents and Settings\Gene\Application Data\Skype
2008-01-23 00:08:21 3350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-23 00:08:16 56 -r-hs---- C:\WINDOWS\system32\CF63BE4652.sys
2008-01-17 00:07:05 0 d
C:\Program Files\GemMaster
2008-01-17 00:05:28 0 d--h
C:\Program Files\InstallShield Installation Information
2008-01-16 21:29:50 0 d
C:\Program Files\Windows Live Toolbar
2008-01-16 21:21:13 0 d
C:\Program Files\Common Files
2008-01-15 20:00:41 0 d
C:\Program Files\Common Files\InstallShield
2007-12-23 12:54:53 0 d
C:\Program Files\Dell Support Center
2007-12-23 12:54:43 0 d
C:\Program Files\Common Files\supportsoft
2007-12-17 20:04:43 0 d
C:\Documents and Settings\Gene\Application Data\AdobeUM
2007-12-16 16:16:28 0 d
C:\Documents and Settings\Gene\Application Data\Adobe
2007-12-15 19:08:01 0 d
C:\Program Files\SmartDVDCreator
2007-12-10 21:22:38 0 d
C:\Program Files\uTorrent
2007-11-14 19:30:09 4538 --a
C:\WINDOWS\system32\tmp.reg
-- Registry Dump
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [08/07/2005 18:18]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [10/08/2005 12:49]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" []
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [11/08/2005 22:02]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 16:40]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [07/11/2006 14:49]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [26/09/2005 10:26]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [11/11/2005 16:00]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [11/01/2006 12:05]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [22/09/2005 18:29]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/06/2005 10:44]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [10/06/2005 10:44]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [03/09/2003 20:12]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [14/10/2005 20:49]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [14/10/2005 20:50]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [14/10/2005 20:46]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [29/09/2005 14:01]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [08/09/2005 05:20]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [31/08/2005 11:06]
"BluetoothAuthenticationAgent"="bthprops.cpl" [10/08/2004 05:00 C:\WINDOWS\system32\bthprops.cpl]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [04/05/2005 16:21]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23/03/2007 12:20]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [20/11/2006 21:42]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15/11/2007 09:24]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [16/12/2005 16:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [15/03/2007 10:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 05:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [21/04/2006 17:03]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 16:45]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [15/11/2007 09:23]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [05/11/2006 18:44:29]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [18/02/1999 04:05:56]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
-- End of Deckard's System Scanner: finished at 2008-02-10 18:32:18
0 -
this is combofix
ComboFix 08-02.05.3 - Gene 2008-02-10 18:23:28.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.518 [GMT 0:00]
Running from: E:\ComboFix.exe
Command switches used :: E:\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))
.
2008-02-10 16:29 . 2008-02-10 16:29 <DIR> d
C:\_OTMoveIt
2008-02-09 14:38 . 2006-01-12 14:52 1,904 --a
C:\WINDOWS\system32\SetupBD.din
2008-02-08 20:11 . 2008-02-08 20:11 <DIR> d
C:\Deckard
2008-02-07 20:59 . 2008-02-07 20:59 54,156 --ah
C:\WINDOWS\QTFont.qfn
2008-02-07 20:59 . 2008-02-07 20:59 1,409 --a
C:\WINDOWS\QTFont.for
2008-02-07 20:45 . 2008-02-07 20:45 <DIR> d
C:\Program Files\Lavasoft
2008-02-07 20:45 . 2008-02-07 20:46 <DIR> d
C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-07 19:47 . 2008-02-07 19:47 <DIR> d
C:\Program Files\Common Files\Wise Installation Wizard
2008-02-07 18:40 . 2008-02-07 18:41 <DIR> d
C:\Program Files\Spybot - Search & Destroy
2008-02-07 18:40 . 2008-02-07 19:27 <DIR> d
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-06 18:32 . 2006-09-29 11:24 217,127 --a
C:\WINDOWS\system32\drv43260.dll
2008-02-06 18:32 . 2006-09-29 11:25 208,935 --a
C:\WINDOWS\system32\drv33260.dll
2008-02-06 18:32 . 2006-09-29 11:26 176,165 --a
C:\WINDOWS\system32\drv23260.dll
2008-02-06 18:28 . 2008-02-06 18:32 <DIR> d
C:\Program Files\VSO
2008-02-06 18:28 . 2008-02-06 23:46 <DIR> d
C:\Documents and Settings\Gene\Application Data\Vso
2008-02-06 18:28 . 2008-02-06 18:28 47,360 --a
C:\WINDOWS\system32\drivers\pcouffin.sys
2008-02-06 18:28 . 2008-02-06 18:28 47,360 --a
C:\Documents and Settings\Gene\Application Data\pcouffin.sys
2008-02-05 22:10 . 2008-02-05 22:10 <DIR> d
C:\Documents and Settings\Gene\Application Data\Nero
2008-01-22 20:45 . 2008-01-22 21:01 <DIR> d
C:\Program Files\HomePlug
2008-01-22 20:40 . 2008-01-22 21:18 0 --a
C:\uk_o.bmp
2008-01-22 20:40 . 2008-01-22 21:18 0 --a
C:\uk_c.bmp
2008-01-22 20:39 . 2008-01-22 21:18 0 --a
C:\save_o.jpg
2008-01-22 20:39 . 2008-01-22 21:18 0 --a
C:\save_c.jpg
2008-01-22 20:39 . 2008-01-22 21:18 0 --a
C:\home_o.jpg
2008-01-22 20:39 . 2008-01-22 21:18 0 --a
C:\home_c.jpg
2008-01-22 20:39 . 2008-01-22 21:18 0 --a
C:\exit_o.jpg
2008-01-22 20:39 . 2008-01-22 21:18 0 --a
C:\exit_c.jpg
2008-01-22 20:37 . 2005-08-16 12:33 108,336 -ra
C:\WINDOWS\system32\MSWINSCK.OCX
2008-01-22 20:37 . 1998-06-17 16:00 102,912 -ra
C:\WINDOWS\system32\VB6STKIT.DLL
2008-01-18 12:03 . 2008-01-18 12:03 <DIR> d
C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-18 11:40 . 2007-07-30 19:19 271,224 --a
C:\WINDOWS\system32\mucltui.dll
2008-01-18 11:40 . 2007-07-30 19:19 207,736 --a
C:\WINDOWS\system32\muweb.dll
2008-01-18 11:40 . 2007-07-30 19:19 30,072 --a
C:\WINDOWS\system32\mucltui.dll.mui
2008-01-16 21:28 . 2008-01-16 21:28 <DIR> d
C:\Program Files\Windows Live Favorites
2008-01-16 21:21 . 2008-01-16 21:27 <DIR> d
C:\Program Files\Windows Live
2008-01-16 21:21 . 2008-01-16 21:27 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-16 21:20 . 2008-01-16 21:20 <DIR> d
C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-15 21:45 . 2008-01-15 21:51 <DIR> d
C:\Program Files\Vimicro
2008-01-15 21:34 . 2005-12-13 10:12 172,032 --a
C:\WINDOWS\amcap.exe
2008-01-15 21:16 . 2008-01-15 21:16 <DIR> d
C:\Documents and Settings\Gene\Application Data\InstallShield
2008-01-15 20:55 . 2008-01-15 20:55 <DIR> d
C:\Program Files\Logitech
2008-01-15 20:55 . 2008-01-15 21:25 <DIR> d
C:\Program Files\Common Files\Logitech
2008-01-15 20:55 . 2005-12-07 09:55 1,645,320 --a
C:\WINDOWS\system32\gdiplus.dll
2008-01-15 19:54 . 2008-01-15 19:54 <DIR> d
C:\WINDOWS\Options
2008-01-15 19:44 . 2008-01-17 00:11 <DIR> d
C:\Program Files\GLOBEYES
2008-01-15 19:28 . 2008-01-15 19:28 <DIR> d
C:\Webcam
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 16:31 379 ----a-w C:\WINDOWS\system32\drivers\sthdae.log
2008-02-09 14:38
d
w C:\Program Files\Intel
2008-02-07 21:34
d
w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-02-06 23:47 70,528 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-02-06 23:00
d
w C:\Program Files\Winamp
2008-02-06 22:31
d
w C:\Documents and Settings\Gene\Application Data\uTorrent
2008-02-05 20:14
d
w C:\Program Files\iTunes
2008-02-05 18:56
d
w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-29 22:32
d
w C:\Documents and Settings\Gene\Application Data\Skype
2008-01-17 00:07
d
w C:\Program Files\GemMaster
2008-01-17 00:05
d--h--w C:\Program Files\InstallShield Installation Information
2008-01-16 21:29
d
w C:\Program Files\Windows Live Toolbar
2008-01-15 20:00
d
w C:\Program Files\Common Files\InstallShield
2007-12-23 12:55
d
w C:\Documents and Settings\All Users\Application Data\SupportSoft
2007-12-23 12:54
d
w C:\Program Files\Dell Support Center
2007-12-23 12:54
d
w C:\Program Files\Common Files\supportsoft
2007-12-17 20:04
d
w C:\Documents and Settings\Gene\Application Data\AdobeUM
2007-12-15 19:08
d
w C:\Program Files\SmartDVDCreator
2007-12-10 21:22
d
w C:\Program Files\uTorrent
2006-02-07 22:34 251 ----a-w C:\Program Files\wt3d.ini
2004-10-11 19:46 205,312 ----a-w C:\Program Files\ltefx13n.dll
2004-01-19 14:31 153,600 ----a-w C:\Program Files\ltfil13n.DLL
2004-01-19 13:31 27,648 ----a-w C:\Program Files\lfiff13n.dll
2004-01-19 13:31 20,480 ----a-w C:\Program Files\lfCUT13n.dll
2004-01-19 12:31 453,120 ----a-w C:\Program Files\ltkrn13n.dll
2004-01-19 12:12 89,600 ----a-w C:\Program Files\Lfcgm13n.dll
2004-01-19 11:49 278,016 ----a-w C:\Program Files\LFJ2K13n.dll
2004-01-19 11:49 180,736 ----a-w C:\Program Files\Lfpng13n.dll
2004-01-19 11:47 76,800 ----a-w C:\Program Files\Lfwmf13n.dll
2004-01-19 11:47 509,440 ----a-w C:\Program Files\LFCMW13n.dll
2004-01-19 11:45 420,352 ----a-w C:\Program Files\LFCMP13n.DLL
2004-01-19 11:44 143,872 ----a-w C:\Program Files\lftif13n.dll
2004-01-19 11:36 65,536 ----a-w C:\Program Files\Lfpct13n.dll
2004-01-19 11:36 56,832 ----a-w C:\Program Files\lfpsd13n.dll
2004-01-19 11:36 26,624 ----a-w C:\Program Files\lfpcx13n.dll
2004-01-19 11:36 19,968 ----a-w C:\Program Files\lfpcd13n.dll
2004-01-19 11:36 18,944 ----a-w C:\Program Files\lfmsp13n.dll
2004-01-19 11:35 20,992 ----a-w C:\Program Files\lfimg13n.dll
2004-01-19 11:35 18,944 ----a-w C:\Program Files\lfmac13n.dll
2004-01-19 11:34 31,744 ----a-w C:\Program Files\lfclp13n.dll
2004-01-19 11:34 30,208 ----a-w C:\Program Files\lfbmp13n.dll
2004-01-19 11:33 444,928 ----a-w C:\Program Files\ltimg13n.dll
2004-01-19 11:32 265,216 ----a-w C:\Program Files\LTDIS13n.dll
2000-05-02 04:17 212,480 ----a-w C:\Program Files\PCDLIB32.DLL
1999-11-18 23:00 284,032 ----a-w C:\Program Files\XceedZip.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 17:03 94208]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 14:49 1121280]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 10:26 110592]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 16:00 1005096]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12 221184]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 20:49 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 20:50 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 20:46 77824]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01 67584]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 11:06 106496]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 05:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-05-04 16:21 278528]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 12:20 227328]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2006-11-20 21:42 98304]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [2005-12-16 16:00 61440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 05:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-11-05 18:44:29 278528]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 04:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
R3 ZSMC303;VIMICRO USB PC Camera (ZC0301PLH);C:\WINDOWS\system32\Drivers\usbVM303.sys [2004-11-18 11:28]
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCMPR5.SYS []
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCNDIS5.SYS [2004-04-26 10:11]
.
Contents of the 'Scheduled Tasks' folder
"2008-02-10 17:56:30 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-10 18:26:55 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (CRONAN-Gene).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 18:27:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Other Running Processes
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\dllhost.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2008-02-10 18:30:44 - machine was rebooted [Gene]
ComboFix-quarantined-files.txt 2008-02-10 18:30:40
ComboFix2.txt 2008-02-10 17:30:34
.
2008-02-07 20:07:27 --- E O F ---0 -
Advertisement
-
Hello
Download and scan with SUPERAntiSpyware Free for Home Users- Double-click SUPERAntiSpyware.exe and use the default settings for installation.
- An icon will be created on your desktop. Double-click that icon to launch the program.
- If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
- Under "Configuration and Preferences", click the Preferences button.
- Click the Scanning Control tab.
- Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
- Click the "Close" button to leave the control center screen.
- Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
- On the left, make sure you check C:\Fixed Drive.
- On the right, under "Complete Scan", choose Perform Complete Scan.
- Click "Next" to start the scan. Please be patient while it scans your computer.
- After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
- Make sure everything has a checkmark next to it and click "Next".
- A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
- If asked if you want to reboot, click "Yes".
- To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
- Click Close to exit the program.
Also post a new HijackThis log and tell me how your PC is running0 -
this main.txt
Deckard's System Scanner v20071014.68
Run by Gene on 2008-02-10 22:04:29
Computer is in Normal Mode.
System Drive C: has 9.11 GiB (less than 15%) free.
-- HijackThis Clone
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-10 22:05:03
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\Program Files\McAfee.com\VSO\McShield.exe
C:\Program Files\McAfee.com\Agent\McTskshd.exe
C:\WINDOWS\explorer.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\McVSEscn.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\McAfee\SpamKiller\MSKAgent.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\McAfee.com\VSO\mcvsftsn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Gene\Desktop\dss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.6.12.1:3128
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - C:\Program Files\McAfee\SpamKiller\McApfBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\Program Files\McAfee.com\VSO\mcvsshl.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\Program Files\McAfee\SpamKiller\McApfBHO.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\Program Files\McAfee\SpamKiller\McApfBHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\Mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - C:\Program Files\McAfee.com\VSO\McShield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\McTskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell
--
End of file - 12899 bytes
-- Files created between 2008-01-10 and 2008-02-10
2008-02-10 21:12:57 0 d
C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-10 21:12:44 0 d
C:\Program Files\SUPERAntiSpyware
2008-02-10 21:12:44 0 d
C:\Documents and Settings\Gene\Application Data\SUPERAntiSpyware.com
2008-02-10 17:20:13 68096 --a
C:\WINDOWS\system32\zip.exe
2008-02-10 17:20:13 98816 --a
C:\WINDOWS\system32\sed.exe
2008-02-10 17:20:13 80412 --a
C:\WINDOWS\system32\grep.exe
2008-02-10 17:20:13 73728 --a
C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-09 13:23:40 0 dr-h
C:\Documents and Settings\Gene\Recent
2008-02-07 20:45:29 0 d
C:\Program Files\Lavasoft
2008-02-07 20:45:27 0 d
C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-07 19:47:09 0 d
C:\Program Files\Common Files\Wise Installation Wizard
2008-02-07 18:40:56 0 d
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-06 18:32:23 217127 --a
C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-02-06 18:32:23 208935 --a
C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-02-06 18:32:23 176165 --a
C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-02-06 18:28:21 47360 --a
C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-02-06 18:28:21 0 d
C:\Documents and Settings\Gene\Application Data\Vso
2008-02-06 18:28:21 47360 --a
C:\Documents and Settings\Gene\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-02-06 18:28:10 0 d
C:\Program Files\VSO
2008-02-05 22:10:31 0 d
C:\Documents and Settings\Gene\Application Data\Nero
2008-01-22 20:45:14 0 d
C:\Program Files\HomePlug
2008-01-22 20:37:46 102912 -ra
C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-01-18 12:03:38 0 d
C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-16 21:28:37 0 d
C:\Program Files\Windows Live Favorites
2008-01-16 21:21:13 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-16 21:21:05 0 d
C:\Program Files\Windows Live
2008-01-16 21:20:54 0 d
C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-15 21:49:38 32768 --a
C:\WINDOWS\VMZoom.exe <Not Verified; Vimicro; >
2008-01-15 21:49:38 24576 --a
C:\WINDOWS\VMPipe.dll <Not Verified; ; ZSMCSecret Dynamic Link Library>
2008-01-15 21:49:38 307200 --a
C:\WINDOWS\vidcap32.Exe <Not Verified; Microsoft Corporation; Microsoft Windows>
2008-01-15 21:49:37 0 d
C:\WINDOWS\CatRoot
2008-01-15 21:49:36 0 d
C:\WINDOWS\EffectResources
2008-01-15 21:45:47 0 d
C:\Program Files\Vimicro
2008-01-15 21:24:16 0 d
C:\Documents and Settings\LocalService\Start Menu
2008-01-15 21:16:56 0 d
C:\Documents and Settings\Gene\Application Data\InstallShield
2008-01-15 20:55:35 0 d
C:\Program Files\Common Files\Logitech
2008-01-15 20:55:04 0 d
C:\Program Files\Logitech
2008-01-15 19:54:16 0 d
C:\WINDOWS\Options
2008-01-15 19:44:17 0 d
C:\Program Files\GLOBEYES
2008-01-15 19:28:36 0 d
C:\Webcam
-- Find3M Report
2008-02-09 14:38:37 0 d
C:\Program Files\Intel
2008-02-06 23:46:47 1324 --a
C:\WINDOWS\system32\d3d9caps.dat
2008-02-06 23:00:36 0 d
C:\Program Files\Winamp
2008-02-06 22:31:31 0 d
C:\Documents and Settings\Gene\Application Data\uTorrent
2008-02-06 18:28:33 34 --a
C:\Documents and Settings\Gene\Application Data\pcouffin.log
2008-02-06 18:28:21 1144 --a
C:\Documents and Settings\Gene\Application Data\pcouffin.inf
2008-02-06 18:28:21 7887 --a
C:\Documents and Settings\Gene\Application Data\pcouffin.cat
2008-02-05 20:14:43 0 d
C:\Program Files\iTunes
2008-01-29 22:32:44 0 d
C:\Documents and Settings\Gene\Application Data\Skype
2008-01-23 00:08:21 3350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-23 00:08:16 56 -r-hs---- C:\WINDOWS\system32\CF63BE4652.sys
2008-01-17 00:07:05 0 d
C:\Program Files\GemMaster
2008-01-17 00:05:28 0 d--h
C:\Program Files\InstallShield Installation Information
2008-01-16 21:29:50 0 d
C:\Program Files\Windows Live Toolbar
2008-01-16 21:21:13 0 d
C:\Program Files\Common Files
2008-01-15 20:00:41 0 d
C:\Program Files\Common Files\InstallShield
2007-12-23 12:54:53 0 d
C:\Program Files\Dell Support Center
2007-12-23 12:54:43 0 d
C:\Program Files\Common Files\supportsoft
2007-12-17 20:04:43 0 d
C:\Documents and Settings\Gene\Application Data\AdobeUM
2007-12-16 16:16:28 0 d
C:\Documents and Settings\Gene\Application Data\Adobe
2007-12-15 19:08:01 0 d
C:\Program Files\SmartDVDCreator
2007-12-10 21:22:38 0 d
C:\Program Files\uTorrent
2007-11-14 19:30:09 4538 --a
C:\WINDOWS\system32\tmp.reg
-- Registry Dump
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [08/07/2005 18:18]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [10/08/2005 12:49]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" []
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [11/08/2005 22:02]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 16:40]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [07/11/2006 14:49]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [26/09/2005 10:26]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [11/11/2005 16:00]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [11/01/2006 12:05]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [22/09/2005 18:29]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/06/2005 10:44]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [10/06/2005 10:44]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [03/09/2003 20:12]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [14/10/2005 20:49]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [14/10/2005 20:50]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [14/10/2005 20:46]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [29/09/2005 14:01]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [08/09/2005 05:20]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [31/08/2005 11:06]
"BluetoothAuthenticationAgent"="bthprops.cpl" [10/08/2004 05:00 C:\WINDOWS\system32\bthprops.cpl]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [04/05/2005 16:21]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23/03/2007 12:20]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [20/11/2006 21:42]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15/11/2007 09:24]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [16/12/2005 16:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [15/03/2007 10:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 05:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [21/04/2006 17:03]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 16:45]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [15/11/2007 09:23]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [21/06/2007 14:06]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [05/11/2006 18:44:29]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [18/02/1999 04:05:56]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
-- End of Deckard's System Scanner: finished at 2008-02-10 22:05:37
0 -
this is the other log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/10/2008 at 09:53 PM
Application Version : 3.9.1008
Core Rules Database Version : 3259
Trace Rules Database Version: 1270
Scan type : Complete Scan
Total Scan Time : 00:37:00
Memory items scanned : 548
Memory threats detected : 0
Registry items scanned : 6811
Registry threats detected : 0
File items scanned : 33668
File threats detected : 1
Adware.Tracking Cookie
C:\Documents and Settings\Vivienne\Cookies\vivienne@stats[2].txt0 -
Pc is running well. i think i just have too many spyware tools on it now. only problem is my network card got messed up by one of the viruses so its not work, an intel100, even with new drivers etc. so next on the list is to sort that out. hows it looking now?
thanks for all your help!!0 -
Your malware is gone, few things to do
Now lets uninstall Combofix:- Click START then RUN
- Now type Combofix /u in the runbox and click OK
- Delete ComboFix and its associated files and folders.
- Delete VundoFix backups, if present
- Delete the C:\Deckard folder, if present
- Delete the C:_OtMoveIt folder, if present
- Reset the clock settings.
- Hide file extensions, if required.
- Hide System/Hidden files, if required.
- Reset System Restore.
Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com/products/acrobat/readstep2.html
You now need to update your Java and remove your older versions.
Please follow these steps to remove older version Java components.
* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.
Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here
Below I have included a number of recommendations for how to protect your computer against malware infections.
* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here
* SpywareGuard offers realtime protection from spyware installation attempts.
Make Internet Explorer more secure- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here
* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here
Thank you for your patience, and performing all of the procedures requested.0 -
Thanks for all youe help.
One final question, have you ever come across a virus that takes out your network card? i have tried reinstalling the drivers but no luck.
thanks again0 -
No haven't come across anything like that, not sure what caused it.
Somebody else will have to help you with that problem0
Advertisement