Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 20 of 41 Posts

·
Registered
Joined
·
34 Posts
Discussion Starter · #1 ·
I'm trying to fix my girlfriends lap top she had never updated it etc so spent a few hours doing the basics, getting rid of cookies tmp files unsused downloaded programs etc.

Now every time you turn it on I get two messages related too the same thing;

windows cannot find 'C;\windows\system32\awvvw.exe'
followed by
windows cannot load or run 'C;\windows\system32\awvvw.exe'

I think this means I have deleted it How can i stop the lap top looking for it everytime it boots up also, now my desk top keeps crashing and I'm having to reset the desk top is this linked?
 

·
Administrator
Joined
·
123,519 Posts
Hi and welcome to TSG,

Click here to download HJTsetup.exe.
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.
 

·
Registered
Joined
·
34 Posts
Discussion Starter · #5 ·
Hi Cookiegal

Thanks for the help.

Below is the content of the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:47:44, on 02/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\awvvw.exe
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe .exe .exe .exe .exe .exe .exe .exe .exe .exe .exe .exe .exe .exe .exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Windows Taskmanager] svchost.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Rachels\Local Settings\Temporary Internet Files\Content.IE5\81UFSDUZ\install_sbd_en[1].exe
O4 - HKLM\..\Run: [StorageProtector] C:\Program Files\StorageProtector\SysRep.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\StorageProtector\strpmon.exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [081429e8] rundll32.exe "C:\WINDOWS\system32\eiklscql.dll",b
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O23 - Service: McAfee Application Installer Cleanup (0055681204466152) (0055681204466152mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\005568~1.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9963 bytes
 

·
Administrator
Joined
·
123,519 Posts
Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of SDFix and make sure you are disconnected from the Internet after downloading the program but before extracting the files.

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix and remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re-enable the protection again afterwards before connecting to the Internet.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
  • Instead of Windows loading as normal, the Advanced Options Menu should appear
  • Select the first option, to run Windows in Safe Mode, then press Enter
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to the clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
 

·
Registered
Joined
·
34 Posts
Discussion Starter · #7 ·
Hi cookiegal

below is the SDfix report, then after that is the HJT log

SDFix: Version 1.150

Run by Rachels on 02/03/2008 at 18:03

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\svchost.exe - Deleted

Folder C:\Documents and Settings\All Users\Application Data\SalesMon - Removed

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 18:40:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"

Remaining Files :

File Backups: - C:\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 18 Mar 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Thu 18 Mar 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Thu 18 Mar 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Sun 10 Feb 2008 19,846 ..SH. --- "C:\WINDOWS\system32\bmtipysd.dllbox"
Mon 17 Oct 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 24 Jan 2006 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv14.bak"
Sun 2 Mar 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
Sun 2 Mar 2008 211 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
Sat 1 Mar 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 4 Jan 2008 50,688 ...H. --- "C:\Documents and Settings\Rachels\My Documents\pe specialism coursework\~WRL3861.tmp"
Mon 12 Mar 2007 24,064 A..H. --- "C:\Documents and Settings\Rachels\My Documents\RE COURSEWORK\~WRL2905.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Rachels\Application Data\U3\temp\Launchpad Removal.exe"
Sat 16 Feb 2008 48,128 A..H. --- "C:\Documents and Settings\Rachels\My Documents\MEMORY STICK BACK UP\core coursework\~WRL0004.tmp"
Wed 20 Feb 2008 32,256 A..H. --- "C:\Documents and Settings\Rachels\My Documents\MEMORY STICK BACK UP\core coursework\~WRL1526.tmp"
Tue 19 Feb 2008 31,744 A..H. --- "C:\Documents and Settings\Rachels\My Documents\MEMORY STICK BACK UP\core coursework\~WRL3812.tmp"
Mon 17 Apr 2006 26,112 A..H. --- "C:\Documents and Settings\Rachels\My Documents\MEMORY STICK BACK UP\Coursework\~WRL0327.tmp"
Mon 17 Apr 2006 42,496 A..H. --- "C:\Documents and Settings\Rachels\My Documents\MEMORY STICK BACK UP\Coursework\~WRL0924.tmp"
Thu 6 Apr 2006 40,448 A..H. --- "C:\Documents and Settings\Rachels\My Documents\MEMORY STICK BACK UP\Coursework\~WRL4035.tmp"
Sun 29 Jan 2006 38,400 A..H. --- "C:\Documents and Settings\Rachels\My Documents\MEMORY STICK BACK UP\ict\~WRL2388.tmp"
Wed 23 Jan 2008 30,720 A..H. --- "C:\Documents and Settings\Rachels\My Documents\MEMORY STICK BACK UP\Mottingham primary school\Foundation subjects at mottingham\~WRL2205.tmp"
Thu 24 Jan 2008 30,720 A..H. --- "C:\Documents and Settings\Rachels\My Documents\MEMORY STICK BACK UP\Mottingham primary school\Foundation subjects at mottingham\~WRL2527.tmp"
Fri 15 Feb 2008 64,000 A..H. --- "C:\Documents and Settings\Rachels\My Documents\MEMORY STICK BACK UP\Mottingham primary school\homework\~WRL0005.tmp"
Sun 20 Jan 2008 68,608 A..H. --- "C:\Documents and Settings\Rachels\My Documents\MEMORY STICK BACK UP\Mottingham primary school\numeracy at mottingham\~WRL0451.tmp"
Sun 20 Jan 2008 68,608 A..H. --- "C:\Documents and Settings\Rachels\My Documents\MEMORY STICK BACK UP\Mottingham primary school\numeracy at mottingham\~WRL0610.tmp"
Sun 20 Jan 2008 69,120 A..H. --- "C:\Documents and Settings\Rachels\My Documents\MEMORY STICK BACK UP\Mottingham primary school\numeracy at mottingham\~WRL1242.tmp"
Sun 13 Jan 2008 34,304 A..H. --- "C:\Documents and Settings\Rachels\My Documents\MEMORY STICK BACK UP\Mottingham primary school\literacy at mottingham\literacy at mottingham 2\~WRL2549.tmp"
Mon 27 Aug 2007 8 A..H. --- "C:\Documents and Settings\Rachels\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Mon 27 Aug 2007 8 A..H. --- "C:\Documents and Settings\Rachels\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Mon 27 Aug 2007 8 A..H. --- "C:\Documents and Settings\Rachels\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Mon 27 Aug 2007 8 A..H. --- "C:\Documents and Settings\Rachels\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Fri 11 Jan 2008 8 A..H. --- "C:\Documents and Settings\Rachels\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u5\lock.tmp"

Finished!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:02:25, on 02/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe .exe .exe .exe .exe .exe .exe .exe .exe .exe .exe .exe .exe .exe .exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [StorageProtector] C:\Program Files\StorageProtector\SysRep.exe
O4 - HKLM\..\Run: [081429e8] rundll32.exe "C:\WINDOWS\system32\eiklscql.dll",b
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O23 - Service: McAfee Application Installer Cleanup (0055681204466152) (0055681204466152mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\005568~1.EXE (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9482 bytes

I hope this is what you asked for!
 

·
Administrator
Joined
·
123,519 Posts
Please visit Combofix Guide & Instructions for instructions for downloading and running ComboFix:

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Combofix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know.
 

·
Registered
Joined
·
34 Posts
Discussion Starter · #9 ·
Hey cookiegal that was a little scary but all seems ok combofix report below, HJT after that!

Again thanks for the help.

ComboFix 08-03-03.4 - Rachels 2008-03-02 21:48:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.493 [GMT 0:00]
Running from: C:\Documents and Settings\Rachels\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ALLUSE~1\APPLIC~1\storageprotector
C:\DOCUME~1\ALLUSE~1\APPLIC~1\storageprotector\Data\ac
C:\DOCUME~1\ALLUSE~1\APPLIC~1\storageprotector\Data\em
C:\DOCUME~1\ALLUSE~1\APPLIC~1\storageprotector\Data\oid
C:\DOCUME~1\ALLUSE~1\APPLIC~1\storageprotector\Data\user
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\StorageProtector
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\StorageProtector\Contact Customer Service.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\StorageProtector\Uninstall StorageProtector.lnk
C:\Documents and Settings\Rachels\Application Data\storageprotector
C:\Documents and Settings\Rachels\Application Data\storageprotector\Logs\update.log
C:\Documents and Settings\Rachels\My Documents\MalwareAlarm.lnk
C:\Documents and Settings\Rachels\My Documents\StorageProtector.lnk
C:\PROGRA~1\McAfee\MHN\McENUI.exe
C:\Program Files\Common Files\StorageProtector
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MHN\McENUI.exe
C:\Program Files\StorageProtector
C:\Program Files\StorageProtector\atl71.dll
C:\Program Files\StorageProtector\kernel.dll
C:\Program Files\StorageProtector\License.rtf
C:\Program Files\StorageProtector\mfc71.dll
C:\Program Files\StorageProtector\msvcp71.dll
C:\Program Files\StorageProtector\msvcr71.dll
C:\Program Files\StorageProtector\Readme.rtf
C:\Program Files\StorageProtector\Res\Main.ico
C:\Program Files\StorageProtector\Res\RecycleBin.ico
C:\Program Files\StorageProtector\rm.url
C:\Program Files\StorageProtector\sr.log
C:\Program Files\StorageProtector\swupd.log
C:\Program Files\StorageProtector\SysRep.exe.cer
C:\Program Files\StorageProtector\SysRep.exe.Log
C:\Program Files\StorageProtector\SysRep.exe.xml
C:\Program Files\StorageProtector\SysRep.url
C:\Program Files\StorageProtector\transpaid.exe
C:\Program Files\StorageProtector\unins000.dat
C:\Program Files\StorageProtector\unins000.exe
C:\Program Files\StorageProtector\urls.ini
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\aeibuaof.dll
C:\WINDOWS\system32\amsdtule.ini
C:\WINDOWS\system32\awvvw.dll
C:\WINDOWS\system32\awvvw.exe
C:\WINDOWS\system32\bilqjxga.dll
C:\WINDOWS\system32\bmtipysd.dllbox
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\deoahwqn.dll
C:\WINDOWS\system32\dtlgbodq.ini
C:\WINDOWS\system32\ehsvkbur.ini
C:\WINDOWS\system32\eiarbngl.dll
C:\WINDOWS\system32\eiklscql.dll
C:\WINDOWS\system32\exxkdrtc.ini
C:\WINDOWS\system32\gffxnqci.dll
C:\WINDOWS\system32\gpspmbhe.dll
C:\WINDOWS\system32\grausahv.ini
C:\WINDOWS\system32\heouuohw.dll
C:\WINDOWS\system32\hkamdugp.dll
C:\WINDOWS\system32\hpyjgwse.ini
C:\WINDOWS\system32\juvxmeah.ini
C:\WINDOWS\system32\kfnyswvk.ini
C:\WINDOWS\system32\lgnbraie.ini
C:\WINDOWS\system32\lqcslkie.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\npkpfkwd.dll
C:\WINDOWS\system32\nqyuiblc.dll
C:\WINDOWS\system32\PSDrvCheck.exe
C:\WINDOWS\system32\qcvbrmtj.ini
C:\WINDOWS\system32\qtkvxgkg.ini
C:\WINDOWS\system32\rrvvoobw.dll
C:\WINDOWS\system32\sicyfbae.ini
C:\WINDOWS\system32\siflopwy.ini
C:\WINDOWS\system32\sifwloof.ini
C:\WINDOWS\system32\sigllwvb.ini
C:\WINDOWS\system32\soutopht.ini
C:\WINDOWS\system32\sxhummbv.ini
C:\WINDOWS\system32\tgllojah.dll
C:\WINDOWS\system32\tjjmdxmx.ini
C:\WINDOWS\system32\usjlejmh.ini
C:\WINDOWS\system32\vnsxfewr.dll
C:\WINDOWS\system32\vrxlqkir.ini
C:\WINDOWS\system32\wqfndiax.ini
C:\WINDOWS\system32\wrnsyqpg.dll
C:\WINDOWS\system32\wvvwa.ini
C:\WINDOWS\system32\wvvwa.ini2
C:\WINDOWS\system32\ybablxve.dll
C:\WINDOWS\system32\yjlikjno.ini
C:\WINDOWS\system32\ypdnymcd.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.

2008-03-02 17:58 . 2008-03-02 17:58 d-------- C:\WINDOWS\ERUNT
2008-03-02 17:48 . 2008-03-02 17:48 d-------- C:\SDFix
2008-03-02 15:46 . 2008-03-02 15:46 d-------- C:\Program Files\Trend Micro
2008-03-01 12:14 . 2008-03-01 12:14 d-------- C:\Program Files\Microsoft Silverlight
2008-03-01 12:12 . 2008-03-01 12:12 d-------- C:\Program Files\MSBuild
2008-03-01 12:08 . 2008-03-01 12:53 d-------- C:\WINDOWS\system32\XPSViewer
2008-03-01 12:06 . 2008-03-01 12:06 d-------- C:\Program Files\Reference Assemblies
2008-03-01 12:05 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-03-01 12:04 . 2008-03-01 12:04 d-------- C:\Program Files\MSXML 6.0
2008-03-01 12:04 . 2008-03-01 12:04 d-------- C:\fb6c7ff3d5c9c97686a60507
2008-03-01 12:03 . 2006-10-04 14:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-03-01 12:03 . 2006-10-04 14:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-03-01 12:03 . 2006-10-04 14:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-03-01 12:01 . 2008-03-01 12:02 d-------- C:\Program Files\Windows Media Connect 2
2008-03-01 11:57 . 2008-03-01 11:59 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-01 11:39 . 2006-11-13 06:02 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2008-03-01 11:39 . 2006-11-13 06:02 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2008-03-01 11:39 . 2006-11-13 06:02 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2008-03-01 11:08 . 2008-03-02 17:55 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-03-01 11:06 . 2008-03-01 11:57 d-------- C:\WINDOWS\system32\LogFiles
2008-02-29 22:23 . 2007-12-07 02:21 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-29 22:23 . 2007-07-01 03:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-29 22:23 . 2007-07-01 03:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-29 22:23 . 2007-12-07 02:21 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-29 22:23 . 2007-12-07 02:21 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-29 22:23 . 2007-12-07 02:21 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-29 22:23 . 2007-12-07 02:21 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-29 22:23 . 2007-12-07 02:21 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-29 22:23 . 2007-12-06 11:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-29 22:12 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2008-02-26 22:33 . 2008-02-28 23:22 99,651 --a------ C:\WINDOWS\BM0b271a74.xml
2008-02-26 22:33 . 2008-02-28 23:45 22 --a------ C:\WINDOWS\pskt.ini
2008-02-21 21:20 . 2008-02-26 22:15 d-------- C:\Documents and Settings\Rachels\Application Data\U3
2008-02-19 16:41 . 2008-02-19 16:41 d-------- C:\Documents and Settings\Rachels\Application Data\MSNInstaller
2008-02-18 20:00 . 2008-02-18 20:00 d-------- C:\Documents and Settings\Rachels\Application Data\Template
2008-02-17 17:12 . 2008-02-17 17:12 d-------- C:\Documents and Settings\Rachels\Application Data\McAfee
2008-02-10 21:59 . 2008-02-10 21:59 d-------- C:\Program Files\Windows Live Favorites
2008-02-10 20:20 . 2008-02-10 20:55 d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-10 20:19 . 2008-02-10 20:58 d-------- C:\Program Files\Windows Live
2008-02-10 20:19 . 2008-02-28 15:39 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2008-02-10 17:46 . 2008-02-11 21:19 d-------- C:\WINDOWS\SxsCaPendDel
2008-02-06 20:12 . 2008-02-06 20:12 d-------- C:\Dow?

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-03 21:54 --------- d-----w C:\Documents and Settings\Rachels\Application Data\SiteAdvisor
2008-03-01 11:54 --------- d-----w C:\Program Files\Windows Desktop Search
2008-02-20 00:25 --------- d-----w C:\Program Files\McAfee
2008-02-17 17:12 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2008-02-10 22:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-02-10 17:45 --------- d-----w C:\Program Files\MSN Messenger
2008-01-25 11:36 --------- d-----w C:\Program Files\DellSupport
2008-01-25 11:36 --------- d-----w C:\Program Files\Dell Photo AIO Printer 922
2008-01-25 11:36 --------- d-----w C:\Program Files\Apoint
2008-01-25 11:27 --------- d-----w C:\Program Files\SiteAdvisor
2008-01-25 11:22 --------- d-----w C:\Program Files\QuickTime
2008-01-24 00:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-01-23 22:01 --------- d-----w C:\Program Files\Common Files\McAfee
2008-01-23 21:25 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2008-01-23 21:14 --------- d-----w C:\Program Files\McAfee.com
2008-01-23 20:58 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2008-01-23 20:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-23 20:05 --------- d-----w C:\Documents and Settings\Rachels\Application Data\Symantec
2008-01-23 19:44 --------- d-----w C:\Program Files\Google
2008-01-20 18:57 8,411 ----a-w C:\is151296.exe
2008-01-14 18:20 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Dell
2008-01-11 16:04 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\SupportSoft
2008-01-11 16:03 --------- d-----w C:\Program Files\Dell Support Center
2008-01-11 16:03 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-01-11 15:48 --------- d-----w C:\Program Files\Huawei technologies
.
Code:
<pre>
----a-w           155,648 2008-01-23 20:07:34  C:\Program Files\Apoint\Apoint .exe
----a-w           344,064 2008-01-23 20:07:45  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w           147,456 2008-01-23 20:08:12  C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler .exe
----a-w            81,920 2008-01-23 20:08:40  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w           221,184 2008-01-23 20:08:36  C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
----a-w           517,768 2008-01-23 20:07:26  C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
----a-w            53,248 2008-01-23 20:07:55  C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe
----a-w            86,016 2008-01-23 20:08:19  C:\Program Files\Dell\Media Experience\DMXLauncher .exe
----a-w           606,208 2008-01-23 22:48:53  C:\Program Files\Dell\QuickSet\quickset .exe
----a-w           290,816 2008-01-23 20:08:45  C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr .exe
----a-w           202,544 2008-01-23 20:09:28  C:\Program Files\Dell Support Center\bin\sprtcmd .exe
----a-w            16,384 2008-01-23 20:09:07  C:\Program Files\Dell Support Center\gs_agent\custom\dsca .exe
----a-w           460,784 2008-01-23 20:09:16  C:\Program Files\DellSupport\DSAgnt .exe
----a-w           171,448 2008-01-23 20:09:22  C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe
----a-w           385,024 2008-01-23 20:07:47  C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
----a-w            32,881 2008-01-23 20:07:37  C:\Program Files\Java\j2re1.4.2_03\bin\jusched .exe
----a-w         1,160,480 2008-02-28 23:45:53  C:\Program Files\McAfee\MHN\McENUI .exe
----a-w           582,992 2008-03-02 17:53:30  C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w         5,674,352 2008-02-04 21:15:41  C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w           282,624 2008-01-23 22:57:08  C:\Program Files\QuickTime\qttask             .exe
----a-w           282,624 2008-01-23 22:57:09  C:\Program Files\QuickTime\qttask            .exe
----a-w           282,624 2008-01-23 22:57:09  C:\Program Files\QuickTime\qttask           .exe
----a-w           282,624 2008-01-23 22:57:13  C:\Program Files\QuickTime\qttask          .exe
----a-w           282,624 2008-01-23 22:57:15  C:\Program Files\QuickTime\qttask         .exe
----a-w           282,624 2008-01-23 22:57:16  C:\Program Files\QuickTime\qttask        .exe
----a-w           282,624 2008-01-23 22:57:16  C:\Program Files\QuickTime\qttask       .exe
----a-w           282,624 2008-01-23 22:57:17  C:\Program Files\QuickTime\qttask      .exe
----a-w           282,624 2008-01-23 22:57:17  C:\Program Files\QuickTime\qttask     .exe
----a-w           282,624 2008-01-23 22:57:18  C:\Program Files\QuickTime\qttask    .exe
----a-w           282,624 2008-01-23 22:57:19  C:\Program Files\QuickTime\qttask   .exe
----a-w           282,624 2008-01-23 22:57:20  C:\Program Files\QuickTime\qttask  .exe
----a-w           282,624 2008-01-23 22:57:21  C:\Program Files\QuickTime\qttask .exe
----a-w            26,112 2008-01-23 20:07:57  C:\Program Files\Real\RealPlayer\RealPlay .exe
----a-w         5,724,184 2008-02-22 10:22:58  C:\Program Files\Windows Live\Messenger\msnmsgr  .exe
----a-w         5,724,184 2008-02-15 20:25:50  C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w            15,360 2008-03-02 17:55:44  C:\WINDOWS\system32\ctfmon .exe
----a-w           406,016 2008-02-06 20:11:43  C:\WINDOWS\system32\PSDrvCheck .exe
----a-w           127,035 2008-01-23 20:08:31  C:\WINDOWS\system32\dla\tfswctrl .exe
</pre>
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [ ]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [ ]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [ ]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [ ]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [ ]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [ ]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [ ]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [ ]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [ ]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [ ]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [ ]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2005-10-04 20:16:36 156784]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-10-04 20:12:34 24576]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-02-20 04:10:26 282624]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 22:44:08 262944]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-11-21 14:50 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bmtipysd]
bmtipysd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 15:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 09:23]
S2 0055681204466152mcinstcleanup;McAfee Application Installer Cleanup (0055681204466152);C:\WINDOWS\TEMP\005568~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a7534c2-c045-11dc-9643-00038a000015}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cd611ea-e0c0-11dc-9680-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 21:57:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\McAfee\MSC\mcupdmgr.exe
C:\Program Files\McAfee\MSC\mcupdui.exe
.
**************************************************************************
.
Completion time: 2008-03-03 22:04:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-03 22:04:48
.
2008-02-29 22:27:16 --- E O F ---

I'll post the HJT log in another post
 

·
Registered
Joined
·
34 Posts
Discussion Starter · #10 ·
Attached below is the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:09:16, on 03/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe .exe .exe .exe .exe .exe .exe .exe .exe .exe .exe .exe .exe .exe .exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O20 - Winlogon Notify: bmtipysd - bmtipysd.dll (file missing)
O23 - Service: McAfee Application Installer Cleanup (0232511204581945) (0232511204581945mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\023251~1.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10080 bytes

What happens next?
 

·
Administrator
Joined
·
123,519 Posts
Open Notepad and copy and paste the text in the code box below into it:

Code:
File::
C:\WINDOWS\BM0b271a74.xml
C:\WINDOWS\pskt.ini
C:\is151296.exe

DirLook::
C:\fb6c7ff3d5c9c97686a60507
C:\Dow?

RenV::
C:\Program Files\Apoint\Apoint .exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler .exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe
C:\Program Files\Dell\Media Experience\DMXLauncher .exe
C:\Program Files\Dell\QuickSet\quickset .exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr .exe
C:\Program Files\Dell Support Center\bin\sprtcmd .exe
C:\Program Files\Dell Support Center\gs_agent\custom\dsca .exe
C:\Program Files\DellSupport\DSAgnt .exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched .exe
C:\Program Files\McAfee\MHN\McENUI .exe
C:\Program Files\McAfee.com\Agent\mcagent .exe
C:\Program Files\MSN Messenger\MsnMsgr .Exe
C:\Program Files\QuickTime\qttask             .exe
C:\Program Files\QuickTime\qttask            .exe
C:\Program Files\QuickTime\qttask           .exe
C:\Program Files\QuickTime\qttask          .exe
C:\Program Files\QuickTime\qttask         .exe
C:\Program Files\QuickTime\qttask        .exe
C:\Program Files\QuickTime\qttask       .exe
C:\Program Files\QuickTime\qttask      .exe
C:\Program Files\QuickTime\qttask     .exe
C:\Program Files\QuickTime\qttask    .exe
C:\Program Files\QuickTime\qttask   .exe
C:\Program Files\QuickTime\qttask  .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Real\RealPlayer\RealPlay .exe
C:\Program Files\Windows Live\Messenger\msnmsgr  .exe
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\PSDrvCheck .exe
C:\WINDOWS\system32\dla\tfswctrl .exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bmtipysd]
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.



This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
 

·
Registered
Joined
·
34 Posts
Discussion Starter · #12 ·
Hi cookiegal

This seems to be improving things as on start up the error messga has gone. I'll do the above and post the reports/logs shortly.

thanks TSG (Gal) is brilliant
 

·
Registered
Joined
·
34 Posts
Discussion Starter · #13 ·
Hi cookiegal

I'll post the logs in two entries below is the Combofix report

ComboFix 08-03-03.4 - Rachels 2008-03-04 23:05:59.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.571 [GMT 0:00]
Running from: C:\Documents and Settings\Rachels\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rachels\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\is151296.exe
C:\WINDOWS\BM0b271a74.xml
C:\WINDOWS\pskt.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\is151296.exe
C:\WINDOWS\BM0b271a74.xml
C:\WINDOWS\pskt.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))
.

2008-03-02 17:58 . 2008-03-02 17:58 d-------- C:\WINDOWS\ERUNT
2008-03-02 17:48 . 2008-03-02 17:48 d-------- C:\SDFix
2008-03-02 15:46 . 2008-03-02 15:46 d-------- C:\Program Files\Trend Micro
2008-03-01 12:14 . 2008-03-01 12:14 d-------- C:\Program Files\Microsoft Silverlight
2008-03-01 12:12 . 2008-03-01 12:12 d-------- C:\Program Files\MSBuild
2008-03-01 12:08 . 2008-03-01 12:53 d-------- C:\WINDOWS\system32\XPSViewer
2008-03-01 12:06 . 2008-03-01 12:06 d-------- C:\Program Files\Reference Assemblies
2008-03-01 12:05 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-03-01 12:04 . 2008-03-01 12:04 d-------- C:\Program Files\MSXML 6.0
2008-03-01 12:04 . 2008-03-01 12:04 d-------- C:\fb6c7ff3d5c9c97686a60507
2008-03-01 12:03 . 2006-10-04 14:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-03-01 12:03 . 2006-10-04 14:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-03-01 12:03 . 2006-10-04 14:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-03-01 12:01 . 2008-03-01 12:02 d-------- C:\Program Files\Windows Media Connect 2
2008-03-01 11:57 . 2008-03-01 11:59 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-01 11:39 . 2006-11-13 06:02 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2008-03-01 11:39 . 2006-11-13 06:02 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2008-03-01 11:39 . 2006-11-13 06:02 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2008-03-01 11:08 . 2008-03-02 17:55 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-03-01 11:06 . 2008-03-01 11:57 d-------- C:\WINDOWS\system32\LogFiles
2008-02-29 22:23 . 2007-12-07 02:21 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-29 22:23 . 2007-07-01 03:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-29 22:23 . 2007-07-01 03:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-29 22:23 . 2007-12-07 02:21 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-29 22:23 . 2007-12-07 02:21 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-29 22:23 . 2007-12-07 02:21 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-29 22:23 . 2007-12-07 02:21 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-29 22:23 . 2007-12-07 02:21 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-29 22:23 . 2007-12-06 11:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-29 22:12 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2008-02-21 21:20 . 2008-02-26 22:15 d-------- C:\Documents and Settings\Rachels\Application Data\U3
2008-02-19 16:41 . 2008-02-19 16:41 d-------- C:\Documents and Settings\Rachels\Application Data\MSNInstaller
2008-02-18 20:00 . 2008-02-18 20:00 d-------- C:\Documents and Settings\Rachels\Application Data\Template
2008-02-17 17:12 . 2008-02-17 17:12 d-------- C:\Documents and Settings\Rachels\Application Data\McAfee
2008-02-10 21:59 . 2008-02-10 21:59 d-------- C:\Program Files\Windows Live Favorites
2008-02-10 20:20 . 2008-02-10 20:55 d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-10 20:19 . 2008-02-10 20:58 d-------- C:\Program Files\Windows Live
2008-02-10 20:19 . 2008-02-28 15:39 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2008-02-10 17:46 . 2008-02-11 21:19 d-------- C:\WINDOWS\SxsCaPendDel
2008-02-06 20:12 . 2008-02-06 20:12 d-------- C:\Dow?

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 23:01 --------- d-----w C:\Documents and Settings\Rachels\Application Data\SiteAdvisor
2008-03-01 11:54 --------- d-----w C:\Program Files\Windows Desktop Search
2008-02-20 00:25 --------- d-----w C:\Program Files\McAfee
2008-02-17 17:12 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2008-02-10 22:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-02-10 17:45 --------- d-----w C:\Program Files\MSN Messenger
2008-02-06 20:11 406,016 ----a-w C:\WINDOWS\system32\PSDrvCheck .exe
2008-01-25 11:36 --------- d-----w C:\Program Files\DellSupport
2008-01-25 11:36 --------- d-----w C:\Program Files\Dell Photo AIO Printer 922
2008-01-25 11:36 --------- d-----w C:\Program Files\Apoint
2008-01-25 11:27 --------- d-----w C:\Program Files\SiteAdvisor
2008-01-25 11:22 --------- d-----w C:\Program Files\QuickTime
2008-01-24 00:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-01-23 22:01 --------- d-----w C:\Program Files\Common Files\McAfee
2008-01-23 21:25 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2008-01-23 21:14 --------- d-----w C:\Program Files\McAfee.com
2008-01-23 20:58 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2008-01-23 20:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-23 20:05 --------- d-----w C:\Documents and Settings\Rachels\Application Data\Symantec
2008-01-23 19:44 --------- d-----w C:\Program Files\Google
2008-01-14 18:20 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Dell
2008-01-11 16:04 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\SupportSoft
2008-01-11 16:03 --------- d-----w C:\Program Files\Dell Support Center
2008-01-11 16:03 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-01-11 15:48 --------- d-----w C:\Program Files\Huawei technologies
2008-01-11 05:53 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 23:01 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 10:51 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-07 00:44 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-12-07 00:44 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-12-07 00:44 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-12-07 00:44 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-12-07 00:44 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
.
Code:
<pre>
----a-w           155,648 2008-01-23 20:07:34  C:\Program Files\Apoint\Apoint .exe
----a-w           344,064 2008-01-23 20:07:45  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w           147,456 2008-01-23 20:08:12  C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler .exe
----a-w            81,920 2008-01-23 20:08:40  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w           221,184 2008-01-23 20:08:36  C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
----a-w           517,768 2008-01-23 20:07:26  C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
----a-w            53,248 2008-01-23 20:07:55  C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe
----a-w            86,016 2008-01-23 20:08:19  C:\Program Files\Dell\Media Experience\DMXLauncher .exe
----a-w           606,208 2008-01-23 22:48:53  C:\Program Files\Dell\QuickSet\quickset .exe
----a-w           290,816 2008-01-23 20:08:45  C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr .exe
----a-w           202,544 2008-01-23 20:09:28  C:\Program Files\Dell Support Center\bin\sprtcmd .exe
----a-w            16,384 2008-01-23 20:09:07  C:\Program Files\Dell Support Center\gs_agent\custom\dsca .exe
----a-w           460,784 2008-01-23 20:09:16  C:\Program Files\DellSupport\DSAgnt .exe
----a-w           171,448 2008-01-23 20:09:22  C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe
----a-w           385,024 2008-01-23 20:07:47  C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
----a-w            32,881 2008-01-23 20:07:37  C:\Program Files\Java\j2re1.4.2_03\bin\jusched .exe
----a-w         1,160,480 2008-02-28 23:45:53  C:\Program Files\McAfee\MHN\McENUI .exe
----a-w           582,992 2008-03-02 17:53:30  C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w         5,674,352 2008-02-04 21:15:41  C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w           282,624 2008-01-23 22:57:08  C:\Program Files\QuickTime\qttask             .exe
----a-w           282,624 2008-01-23 22:57:09  C:\Program Files\QuickTime\qttask            .exe
----a-w           282,624 2008-01-23 22:57:09  C:\Program Files\QuickTime\qttask           .exe
----a-w           282,624 2008-01-23 22:57:13  C:\Program Files\QuickTime\qttask          .exe
----a-w           282,624 2008-01-23 22:57:15  C:\Program Files\QuickTime\qttask         .exe
----a-w           282,624 2008-01-23 22:57:16  C:\Program Files\QuickTime\qttask        .exe
----a-w           282,624 2008-01-23 22:57:16  C:\Program Files\QuickTime\qttask       .exe
----a-w           282,624 2008-01-23 22:57:17  C:\Program Files\QuickTime\qttask      .exe
----a-w           282,624 2008-01-23 22:57:17  C:\Program Files\QuickTime\qttask     .exe
----a-w           282,624 2008-01-23 22:57:18  C:\Program Files\QuickTime\qttask    .exe
----a-w           282,624 2008-01-23 22:57:19  C:\Program Files\QuickTime\qttask   .exe
----a-w           282,624 2008-01-23 22:57:20  C:\Program Files\QuickTime\qttask  .exe
----a-w           282,624 2008-01-23 22:57:21  C:\Program Files\QuickTime\qttask .exe
----a-w            26,112 2008-01-23 20:07:57  C:\Program Files\Real\RealPlayer\RealPlay .exe
----a-w         5,724,184 2008-02-22 10:22:58  C:\Program Files\Windows Live\Messenger\msnmsgr  .exe
----a-w         5,724,184 2008-02-15 20:25:50  C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w            15,360 2008-03-02 17:55:44  C:\WINDOWS\system32\ctfmon .exe
----a-w           406,016 2008-02-06 20:11:43  C:\WINDOWS\system32\PSDrvCheck .exe
----a-w           127,035 2008-01-23 20:08:31  C:\WINDOWS\system32\dla\tfswctrl .exe
</pre>
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Dow? ----

2008-02-06 20:12 0 d-------- C:\Dow?\

---- Directory of C:\fb6c7ff3d5c9c97686a60507 ----

2008-03-01 12:04 40676 --a------ C:\fb6c7ff3d5c9c97686a60507\%temp%dd_msxml_retMSI.txt

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [ ]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [ ]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [ ]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [ ]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [ ]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [ ]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [ ]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [ ]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [ ]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-07-22 20:29 1160480]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2005-10-04 20:16:36 156784]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-10-04 20:12:34 24576]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-02-20 04:10:26 282624]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 22:44:08 262944]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-11-21 14:50 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bmtipysd]
bmtipysd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 15:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 09:23]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a7534c2-c045-11dc-9643-00038a000015}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cd611ea-e0c0-11dc-9680-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 23:09:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-04 23:10:04
ComboFix-quarantined-files.txt 2008-03-04 23:09:44
ComboFix2.txt 2008-03-03 22:04:54
.
2008-02-29 22:27:16 --- E O F ---
 

·
Registered
Joined
·
34 Posts
Discussion Starter · #14 ·
Heres the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:13:15, on 04/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe .exe .exe .exe .exe .exe .exe .exe .exe .exe .exe .exe .exe .exe .exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O20 - Winlogon Notify: bmtipysd - bmtipysd.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9995 bytes

What's next!
 

·
Administrator
Joined
·
123,519 Posts
Open Notepad and copy and paste the text in the code box below into it:

Code:
RenV::
C:\Program Files\Apoint\Apoint .exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler .exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe
C:\Program Files\Dell\Media Experience\DMXLauncher .exe
C:\Program Files\Dell\QuickSet\quickset .exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr .exe
C:\Program Files\Dell Support Center\bin\sprtcmd .exe
C:\Program Files\Dell Support Center\gs_agent\custom\dsca .exe
C:\Program Files\DellSupport\DSAgnt .exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched .exe
C:\Program Files\McAfee\MHN\McENUI .exe
C:\Program Files\McAfee.com\Agent\mcagent .exe
C:\Program Files\MSN Messenger\MsnMsgr .Exe
C:\Program Files\QuickTime\qttask             .exe
C:\Program Files\QuickTime\qttask            .exe
C:\Program Files\QuickTime\qttask           .exe
C:\Program Files\QuickTime\qttask          .exe
C:\Program Files\QuickTime\qttask         .exe
C:\Program Files\QuickTime\qttask        .exe
C:\Program Files\QuickTime\qttask       .exe
C:\Program Files\QuickTime\qttask      .exe
C:\Program Files\QuickTime\qttask     .exe
C:\Program Files\QuickTime\qttask    .exe
C:\Program Files\QuickTime\qttask   .exe
C:\Program Files\QuickTime\qttask  .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Real\RealPlayer\RealPlay .exe
C:\Program Files\Windows Live\Messenger\msnmsgr  .exe
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\PSDrvCheck .exe
C:\WINDOWS\system32\dla\tfswctrl .exe
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.



This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
 

·
Registered
Joined
·
34 Posts
Discussion Starter · #16 ·
Hey Cookiegal

Got to say the lap top is running alot quicker already!

below CFS report
ComboFix 08-03-03.4 - Rachels 2008-03-05 19:26:56.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.581 [GMT 0:00]
Running from: C:\Documents and Settings\Rachels\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rachels\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-02-05 to 2008-03-05 )))))))))))))))))))))))))))))))
.

2008-03-05 19:07 . 2008-03-05 19:07 d-------- C:\WINDOWS\LastGood
2008-03-02 17:58 . 2008-03-02 17:58 d-------- C:\WINDOWS\ERUNT
2008-03-02 17:48 . 2008-03-02 17:48 d-------- C:\SDFix
2008-03-02 15:46 . 2008-03-02 15:46 d-------- C:\Program Files\Trend Micro
2008-03-01 12:14 . 2008-03-01 12:14 d-------- C:\Program Files\Microsoft Silverlight
2008-03-01 12:12 . 2008-03-01 12:12 d-------- C:\Program Files\MSBuild
2008-03-01 12:08 . 2008-03-01 12:53 d-------- C:\WINDOWS\system32\XPSViewer
2008-03-01 12:06 . 2008-03-01 12:06 d-------- C:\Program Files\Reference Assemblies
2008-03-01 12:05 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-03-01 12:04 . 2008-03-01 12:04 d-------- C:\Program Files\MSXML 6.0
2008-03-01 12:04 . 2008-03-01 12:04 d-------- C:\fb6c7ff3d5c9c97686a60507
2008-03-01 12:03 . 2006-10-04 14:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-03-01 12:03 . 2006-10-04 14:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-03-01 12:03 . 2006-10-04 14:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-03-01 12:01 . 2008-03-01 12:02 d-------- C:\Program Files\Windows Media Connect 2
2008-03-01 11:57 . 2008-03-01 11:59 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-01 11:39 . 2006-11-13 06:02 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2008-03-01 11:39 . 2006-11-13 06:02 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2008-03-01 11:39 . 2006-11-13 06:02 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2008-03-01 11:08 . 2008-03-02 17:55 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-03-01 11:06 . 2008-03-01 11:57 d-------- C:\WINDOWS\system32\LogFiles
2008-02-29 22:23 . 2007-12-07 02:21 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-29 22:23 . 2007-07-01 03:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-29 22:23 . 2007-07-01 03:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-29 22:23 . 2007-12-07 02:21 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-29 22:23 . 2007-12-07 02:21 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-29 22:23 . 2007-12-07 02:21 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-29 22:23 . 2007-12-07 02:21 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-29 22:23 . 2007-12-07 02:21 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-29 22:23 . 2007-12-06 11:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-29 22:12 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2008-02-21 21:20 . 2008-02-26 22:15 d-------- C:\Documents and Settings\Rachels\Application Data\U3
2008-02-19 16:41 . 2008-02-19 16:41 d-------- C:\Documents and Settings\Rachels\Application Data\MSNInstaller
2008-02-18 20:00 . 2008-02-18 20:00 d-------- C:\Documents and Settings\Rachels\Application Data\Template
2008-02-17 17:12 . 2008-02-17 17:12 d-------- C:\Documents and Settings\Rachels\Application Data\McAfee
2008-02-10 21:59 . 2008-02-10 21:59 d-------- C:\Program Files\Windows Live Favorites
2008-02-10 20:20 . 2008-02-10 20:55 d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-10 20:19 . 2008-02-10 20:58 d-------- C:\Program Files\Windows Live
2008-02-10 20:19 . 2008-02-28 15:39 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2008-02-10 17:46 . 2008-02-11 21:19 d-------- C:\WINDOWS\SxsCaPendDel
2008-02-06 20:12 . 2008-02-06 20:12 d-------- C:\Dow?

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 19:24 --------- d-----w C:\Documents and Settings\Rachels\Application Data\SiteAdvisor
2008-03-01 11:54 --------- d-----w C:\Program Files\Windows Desktop Search
2008-02-20 00:25 --------- d-----w C:\Program Files\McAfee
2008-02-17 17:12 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2008-02-10 22:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-02-10 17:45 --------- d-----w C:\Program Files\MSN Messenger
2008-02-06 20:11 406,016 ----a-w C:\WINDOWS\system32\PSDrvCheck .exe
2008-01-25 11:36 --------- d-----w C:\Program Files\DellSupport
2008-01-25 11:36 --------- d-----w C:\Program Files\Dell Photo AIO Printer 922
2008-01-25 11:36 --------- d-----w C:\Program Files\Apoint
2008-01-25 11:27 --------- d-----w C:\Program Files\SiteAdvisor
2008-01-25 11:22 --------- d-----w C:\Program Files\QuickTime
2008-01-24 00:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-01-23 22:01 --------- d-----w C:\Program Files\Common Files\McAfee
2008-01-23 21:25 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2008-01-23 21:14 --------- d-----w C:\Program Files\McAfee.com
2008-01-23 20:58 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2008-01-23 20:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-23 20:05 --------- d-----w C:\Documents and Settings\Rachels\Application Data\Symantec
2008-01-23 19:44 --------- d-----w C:\Program Files\Google
2008-01-14 18:20 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Dell
2008-01-11 16:04 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\SupportSoft
2008-01-11 16:03 --------- d-----w C:\Program Files\Dell Support Center
2008-01-11 16:03 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-01-11 15:48 --------- d-----w C:\Program Files\Huawei technologies
2008-01-11 05:53 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 23:01 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 10:51 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-07 00:44 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-12-07 00:44 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-12-07 00:44 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-12-07 00:44 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-12-07 00:44 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.
Code:
<pre>
----a-w           155,648 2008-01-23 20:07:34  C:\Program Files\Apoint\Apoint .exe
----a-w           344,064 2008-01-23 20:07:45  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w           147,456 2008-01-23 20:08:12  C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler .exe
----a-w            81,920 2008-01-23 20:08:40  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w           221,184 2008-01-23 20:08:36  C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
----a-w           517,768 2008-01-23 20:07:26  C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
----a-w            53,248 2008-01-23 20:07:55  C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe
----a-w            86,016 2008-01-23 20:08:19  C:\Program Files\Dell\Media Experience\DMXLauncher .exe
----a-w           606,208 2008-01-23 22:48:53  C:\Program Files\Dell\QuickSet\quickset .exe
----a-w           290,816 2008-01-23 20:08:45  C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr .exe
----a-w           202,544 2008-01-23 20:09:28  C:\Program Files\Dell Support Center\bin\sprtcmd .exe
----a-w            16,384 2008-01-23 20:09:07  C:\Program Files\Dell Support Center\gs_agent\custom\dsca .exe
----a-w           460,784 2008-01-23 20:09:16  C:\Program Files\DellSupport\DSAgnt .exe
----a-w           171,448 2008-01-23 20:09:22  C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe
----a-w           385,024 2008-01-23 20:07:47  C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
----a-w            32,881 2008-01-23 20:07:37  C:\Program Files\Java\j2re1.4.2_03\bin\jusched .exe
----a-w         1,160,480 2008-02-28 23:45:53  C:\Program Files\McAfee\MHN\McENUI .exe
----a-w           582,992 2008-03-02 17:53:30  C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w         5,674,352 2008-02-04 21:15:41  C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w           282,624 2008-01-23 22:57:08  C:\Program Files\QuickTime\qttask             .exe
----a-w           282,624 2008-01-23 22:57:09  C:\Program Files\QuickTime\qttask            .exe
----a-w           282,624 2008-01-23 22:57:09  C:\Program Files\QuickTime\qttask           .exe
----a-w           282,624 2008-01-23 22:57:13  C:\Program Files\QuickTime\qttask          .exe
----a-w           282,624 2008-01-23 22:57:15  C:\Program Files\QuickTime\qttask         .exe
----a-w           282,624 2008-01-23 22:57:16  C:\Program Files\QuickTime\qttask        .exe
----a-w           282,624 2008-01-23 22:57:16  C:\Program Files\QuickTime\qttask       .exe
----a-w           282,624 2008-01-23 22:57:17  C:\Program Files\QuickTime\qttask      .exe
----a-w           282,624 2008-01-23 22:57:17  C:\Program Files\QuickTime\qttask     .exe
----a-w           282,624 2008-01-23 22:57:18  C:\Program Files\QuickTime\qttask    .exe
----a-w           282,624 2008-01-23 22:57:19  C:\Program Files\QuickTime\qttask   .exe
----a-w           282,624 2008-01-23 22:57:20  C:\Program Files\QuickTime\qttask  .exe
----a-w           282,624 2008-01-23 22:57:21  C:\Program Files\QuickTime\qttask .exe
----a-w            26,112 2008-01-23 20:07:57  C:\Program Files\Real\RealPlayer\RealPlay .exe
----a-w         5,724,184 2008-02-22 10:22:58  C:\Program Files\Windows Live\Messenger\msnmsgr  .exe
----a-w         5,724,184 2008-02-15 20:25:50  C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w            15,360 2008-03-02 17:55:44  C:\WINDOWS\system32\ctfmon .exe
----a-w           406,016 2008-02-06 20:11:43  C:\WINDOWS\system32\PSDrvCheck .exe
----a-w           127,035 2008-01-23 20:08:31  C:\WINDOWS\system32\dla\tfswctrl .exe
</pre>
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [ ]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [ ]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [ ]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [ ]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [ ]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [ ]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [ ]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [ ]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [ ]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-07-22 20:29 1160480]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2005-10-04 20:16:36 156784]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-10-04 20:12:34 24576]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-02-20 04:10:26 282624]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 22:44:08 262944]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-11-21 14:50 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bmtipysd]
bmtipysd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 15:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 09:23]
S2 0283791204744065mcinstcleanup;McAfee Application Installer Cleanup (0283791204744065);C:\WINDOWS\TEMP\028379~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a7534c2-c045-11dc-9643-00038a000015}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cd611ea-e0c0-11dc-9680-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 19:30:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-05 19:31:03
ComboFix-quarantined-files.txt 2008-03-05 19:30:46
ComboFix2.txt 2008-03-04 23:10:05
ComboFix3.txt 2008-03-03 22:04:54
.
2008-02-29 22:27:16 --- E O F ---

HJT to follow
 

·
Registered
Joined
·
34 Posts
Discussion Starter · #17 ·
HJT log below

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:08:34, on 05/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe .exe .exe .exe .exe .exe .exe .exe .exe .exe .exe .exe .exe .exe .exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O20 - Winlogon Notify: bmtipysd - bmtipysd.dll (file missing)
O23 - Service: McAfee Application Installer Cleanup (0283791204744065) (0283791204744065mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\028379~1.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10153 bytes

Got to say the tech guy (gal) rules
 

·
Administrator
Joined
·
123,519 Posts
There's still a problem that ComboFix should be able to fix but it's not working so let's approach it differently.

Download RenV.exe to your Desktop.

Double-Click on RenV.exe.

It shall produce a log, please post the log in your next reply.
 

·
Registered
Joined
·
34 Posts
Discussion Starter · #19 ·
Hey cookiegal

as requested RenV log below

Code:
Ran on 05/03/2008 - 21:36:43.84

----a-w           155,648 2008-01-23 20:07:34  C:\Program Files\Apoint\Apoint .exe
----a-w           344,064 2008-01-23 20:07:45  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w           147,456 2008-01-23 20:08:12  C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler .exe
----a-w            81,920 2008-01-23 20:08:40  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w           221,184 2008-01-23 20:08:36  C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
----a-w           517,768 2008-01-23 20:07:26  C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
----a-w            53,248 2008-01-23 20:07:55  C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe
----a-w            86,016 2008-01-23 20:08:19  C:\Program Files\Dell\Media Experience\DMXLauncher .exe
----a-w           606,208 2008-01-23 22:48:53  C:\Program Files\Dell\QuickSet\quickset .exe
----a-w           290,816 2008-01-23 20:08:45  C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr .exe
----a-w           202,544 2008-01-23 20:09:28  C:\Program Files\Dell Support Center\bin\sprtcmd .exe
----a-w            16,384 2008-01-23 20:09:07  C:\Program Files\Dell Support Center\gs_agent\custom\dsca .exe
----a-w           460,784 2008-01-23 20:09:16  C:\Program Files\DellSupport\DSAgnt .exe
----a-w           171,448 2008-01-23 20:09:22  C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe
----a-w           385,024 2008-01-23 20:07:47  C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
----a-w            32,881 2008-01-23 20:07:37  C:\Program Files\Java\j2re1.4.2_03\bin\jusched .exe
----a-w         1,160,480 2008-02-28 23:45:53  C:\Program Files\McAfee\MHN\McENUI .exe
----a-w           582,992 2008-03-02 17:53:30  C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w         5,674,352 2008-02-04 21:15:41  C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w           282,624 2008-01-23 22:57:08  C:\Program Files\QuickTime\qttask             .exe
----a-w           282,624 2008-01-23 22:57:09  C:\Program Files\QuickTime\qttask            .exe
----a-w           282,624 2008-01-23 22:57:09  C:\Program Files\QuickTime\qttask           .exe
----a-w           282,624 2008-01-23 22:57:13  C:\Program Files\QuickTime\qttask          .exe
----a-w           282,624 2008-01-23 22:57:15  C:\Program Files\QuickTime\qttask         .exe
----a-w           282,624 2008-01-23 22:57:16  C:\Program Files\QuickTime\qttask        .exe
----a-w           282,624 2008-01-23 22:57:16  C:\Program Files\QuickTime\qttask       .exe
----a-w           282,624 2008-01-23 22:57:17  C:\Program Files\QuickTime\qttask      .exe
----a-w           282,624 2008-01-23 22:57:17  C:\Program Files\QuickTime\qttask     .exe
----a-w           282,624 2008-01-23 22:57:18  C:\Program Files\QuickTime\qttask    .exe
----a-w           282,624 2008-01-23 22:57:19  C:\Program Files\QuickTime\qttask   .exe
----a-w           282,624 2008-01-23 22:57:20  C:\Program Files\QuickTime\qttask  .exe
----a-w           282,624 2008-01-23 22:57:21  C:\Program Files\QuickTime\qttask .exe
----a-w            26,112 2008-01-23 20:07:57  C:\Program Files\Real\RealPlayer\RealPlay .exe
----a-w         5,724,184 2008-02-22 10:22:58  C:\Program Files\Windows Live\Messenger\msnmsgr  .exe
----a-w         5,724,184 2008-02-15 20:25:50  C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w            15,360 2008-03-02 17:55:44  C:\WINDOWS\system32\ctfmon .exe
----a-w           406,016 2008-02-06 20:11:43  C:\WINDOWS\system32\PSDrvCheck .exe
----a-w           127,035 2008-01-23 20:08:31  C:\WINDOWS\system32\dla\tfswctrl .exe

 Entries:               38  (38)
 Directories:            0  Files:            38
 Bytes:         26,888,220  Blocks:       52,522
Should I be worried?
 

·
Administrator
Joined
·
123,519 Posts
  • Copy the entire contents of the Code Box below to Notepad.
  • Name the file as Log.txt (Overwrite the existing one)
  • Change the Save as Type to All Files
  • and Save it on the desktop
Code:
----a-w           155,648 2008-01-23 20:07:34  C:\Program Files\Apoint\Apoint .exe
----a-w           344,064 2008-01-23 20:07:45  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w           147,456 2008-01-23 20:08:12  C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler .exe
----a-w            81,920 2008-01-23 20:08:40  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w           221,184 2008-01-23 20:08:36  C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
----a-w           517,768 2008-01-23 20:07:26  C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
----a-w            53,248 2008-01-23 20:07:55  C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe
----a-w            86,016 2008-01-23 20:08:19  C:\Program Files\Dell\Media Experience\DMXLauncher .exe
----a-w           606,208 2008-01-23 22:48:53  C:\Program Files\Dell\QuickSet\quickset .exe
----a-w           290,816 2008-01-23 20:08:45  C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr .exe
----a-w           202,544 2008-01-23 20:09:28  C:\Program Files\Dell Support Center\bin\sprtcmd .exe
----a-w            16,384 2008-01-23 20:09:07  C:\Program Files\Dell Support Center\gs_agent\custom\dsca .exe
----a-w           460,784 2008-01-23 20:09:16  C:\Program Files\DellSupport\DSAgnt .exe
----a-w           171,448 2008-01-23 20:09:22  C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe
----a-w           385,024 2008-01-23 20:07:47  C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
----a-w            32,881 2008-01-23 20:07:37  C:\Program Files\Java\j2re1.4.2_03\bin\jusched .exe
----a-w         1,160,480 2008-02-28 23:45:53  C:\Program Files\McAfee\MHN\McENUI .exe
----a-w           582,992 2008-03-02 17:53:30  C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w         5,674,352 2008-02-04 21:15:41  C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w           282,624 2008-01-23 22:57:08  C:\Program Files\QuickTime\qttask             .exe
----a-w           282,624 2008-01-23 22:57:09  C:\Program Files\QuickTime\qttask            .exe
----a-w           282,624 2008-01-23 22:57:09  C:\Program Files\QuickTime\qttask           .exe
----a-w           282,624 2008-01-23 22:57:13  C:\Program Files\QuickTime\qttask          .exe
----a-w           282,624 2008-01-23 22:57:15  C:\Program Files\QuickTime\qttask         .exe
----a-w           282,624 2008-01-23 22:57:16  C:\Program Files\QuickTime\qttask        .exe
----a-w           282,624 2008-01-23 22:57:16  C:\Program Files\QuickTime\qttask       .exe
----a-w           282,624 2008-01-23 22:57:17  C:\Program Files\QuickTime\qttask      .exe
----a-w           282,624 2008-01-23 22:57:17  C:\Program Files\QuickTime\qttask     .exe
----a-w           282,624 2008-01-23 22:57:18  C:\Program Files\QuickTime\qttask    .exe
----a-w           282,624 2008-01-23 22:57:19  C:\Program Files\QuickTime\qttask   .exe
----a-w           282,624 2008-01-23 22:57:20  C:\Program Files\QuickTime\qttask  .exe
----a-w           282,624 2008-01-23 22:57:21  C:\Program Files\QuickTime\qttask .exe
----a-w            26,112 2008-01-23 20:07:57  C:\Program Files\Real\RealPlayer\RealPlay .exe
----a-w         5,724,184 2008-02-22 10:22:58  C:\Program Files\Windows Live\Messenger\msnmsgr  .exe
----a-w         5,724,184 2008-02-15 20:25:50  C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w            15,360 2008-03-02 17:55:44  C:\WINDOWS\system32\ctfmon .exe
----a-w           406,016 2008-02-06 20:11:43  C:\WINDOWS\system32\PSDrvCheck .exe
----a-w           127,035 2008-01-23 20:08:31  C:\WINDOWS\system32\dla\tfswctrl .exe


Refering to the picture above, drag Log.txt into RenV.exe and post back the resulting report.
 
1 - 20 of 41 Posts
Status
Not open for further replies.
Top