Jump to content

geno368

Members
  • Content Count

    29
  • Joined

  • Last visited

About geno368

  • Rank
    Member
  1. I have a brother who has a netgear router and it will not work right. I did an ipconfig and the default gateway states 10.0.0.1 and I don't know what to do from there. The system doesn't recognize the wireless adapter at all. Is it trashed?
  2. Katana, Thank you very much for your reply, but it is already fixed. I am a computer ASP, but viruses are not my specialty. How can I get more trained in this subject?
  3. RSIT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:32:02 PM, on 4/9/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader2.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 6700 bytes
  4. I have a Dell Inspiron 6000 that had some trojans on it which I sent to chest with Avast. I have run Spybot as well. This is the HJT log after my scanning. I will also do a RSIT on my next post. Thank you for your help. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:32:02 PM, on 4/9/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader2.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 6700 bytes
  5. Thanks again for your assistance..I made a donation to the site...
  6. It seems to be running fine now...Please define which files were the malware or virus. Also, do you have any idea how this got in the computer? I am very careful about downloading anything. The only thing I remember is I kept getting a popup from AV360 antivirus but I never downloaded it but it was in my system.
  7. here ya go... _____________________________________________________ Malwarebytes' Anti-Malware 1.33 Database version: 1659 Windows 5.1.2600 Service Pack 2 1/16/2009 2:12:50 PM mbam-log-2009-01-16 (14-12-50).txt Scan type: Quick Scan Objects scanned: 59474 Time elapsed: 2 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Bob\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 360.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\TDSSfxmp.dll (Rootkit.Agent) -> Quarantined and deleted successfully. __________________________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:14:51 PM, on 1/16/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\QUICKENW\QWDLLS.EXE C:\Program Files\IncrediMail\bin\IMApp.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Bob\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- End of file - 7623 bytes
  8. I am nearly afraid to try anything..lol...here are the latest logs _______________________________________________ ComboFix 09-01-13.04 - Bob 2009-01-16 8:08:00.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.677 [GMT -6:00] Running from: c:\documents and settings\Bob\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Bob\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 ))))))))))))))))))))))))))))))) . 2009-01-15 22:12 . 2009-01-15 22:12 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll 2009-01-15 22:12 . 2009-01-15 22:12 73,728 --a------ c:\windows\SYSTEM32\javacpl.cpl 2009-01-15 11:33 . 2009-01-15 11:34 <DIR> d-------- c:\documents and settings\Bob\Application Data\GARMIN 2009-01-15 11:21 . 2009-01-15 11:28 <DIR> d-------- c:\documents and settings\Bob\Application Data\mjusbsp 2009-01-15 11:21 . 2004-08-04 00:07 59,264 --a------ c:\windows\SYSTEM32\DRIVERS\USBAUDIO.sys 2009-01-15 11:21 . 2004-08-04 00:07 59,264 --a------ c:\windows\SYSTEM32\DLLCACHE\usbaudio.sys 2009-01-14 10:36 . 2009-01-14 10:36 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-14 10:36 . 2009-01-14 10:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-14 10:36 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys 2009-01-14 10:36 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys 2009-01-14 01:22 . 2009-01-14 01:24 3,039,899 --a------ C:\ComboFix.exe 2009-01-13 12:27 . 2009-01-13 12:27 <DIR> d-------- C:\rsit 2009-01-13 12:27 . 2009-01-15 09:16 <DIR> d-------- c:\program files\trend micro 2009-01-12 11:11 . 2004-02-18 07:47 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Sonic 2009-01-12 11:11 . 2004-02-18 07:49 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Jasc Software Inc 2009-01-12 11:11 . 2009-01-12 11:11 <DIR> d-------- c:\documents and settings\Administrator 2009-01-11 23:07 . 2009-01-11 23:07 <DIR> d-------- c:\program files\IObit 2009-01-11 23:07 . 2009-01-11 23:07 <DIR> d-------- c:\documents and settings\Bob\Application Data\IObit 2008-12-19 08:18 . 2009-01-15 09:04 2,712 --a------ c:\windows\SYSTEM32\TDSSfxmp.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-16 06:31 --------- d-----w c:\documents and settings\Bob\Application Data\HPAppData 2009-01-16 04:12 --------- d-----w c:\program files\Java 2009-01-16 03:50 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee 2009-01-12 15:43 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-01-12 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-12 05:08 --------- d-----w c:\program files\OpenOffice.org1.1.1 2009-01-08 20:48 --------- d-----w c:\program files\Lavasoft 2009-01-08 20:48 --------- d-----w c:\documents and settings\Peggy\Application Data\Lavasoft 2009-01-08 19:36 --------- d-----w c:\program files\DYMO Label 2009-01-08 18:44 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore 2008-12-12 17:27 3,067,392 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-11 11:57 333,184 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys 2008-11-24 18:59 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-24 18:38 --------- d-----w c:\documents and settings\Bob\Application Data\ArcSoft 2008-10-24 11:10 453,632 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys 2008-10-23 13:01 283,648 ----a-w c:\windows\SYSTEM32\gdi32.dll 2008-10-23 13:01 283,648 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll 2008-10-16 20:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll 2008-10-16 20:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll 2008-10-16 20:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll 2008-10-16 20:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll 2008-10-16 20:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll 2008-10-16 20:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll 2008-10-16 20:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll 2008-10-16 20:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll 2008-10-16 20:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll 2008-10-16 20:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll 2008-10-16 20:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe 2008-10-16 20:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe 2008-10-16 20:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll 2008-10-16 20:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll 2008-10-16 20:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll 2007-09-20 13:48 171,144 ----a-w c:\documents and settings\Bob\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( [email protected]_13.58.58.50 ))))))))))))))))))))))))))))))))))))))))) . + 2008-10-22 09:47:25 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP2QFE\tzchange.exe + 2008-10-23 10:06:59 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3GDR\tzchange.exe + 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll + 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll + 2008-10-23 12:51:04 284,160 ----a-w c:\windows\$hf_mig$\KB956802\SP2QFE\gdi32.dll + 2008-10-23 12:36:14 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3GDR\gdi32.dll + 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll + 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll + 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe + 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll + 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe + 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll - 2006-05-05 09:41:45 453,120 ------w c:\windows\Driver Cache\I386\mrxsmb.sys + 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\I386\mrxsmb.sys - 2007-02-28 09:08:48 2,136,064 ------w c:\windows\Driver Cache\I386\ntkrnlmp.exe + 2008-08-14 09:58:27 2,136,064 ------w c:\windows\Driver Cache\I386\ntkrnlmp.exe - 2007-02-28 08:38:55 2,057,600 ------w c:\windows\Driver Cache\I386\ntkrnlpa.exe + 2008-08-14 09:22:13 2,057,728 ------w c:\windows\Driver Cache\I386\ntkrnlpa.exe - 2007-02-28 08:38:57 2,015,744 ------w c:\windows\Driver Cache\I386\ntkrpamp.exe + 2008-08-14 09:22:14 2,015,744 ------w c:\windows\Driver Cache\I386\ntkrpamp.exe - 2007-02-28 09:10:57 2,180,352 ------w c:\windows\Driver Cache\I386\ntoskrnl.exe + 2008-08-14 10:00:45 2,180,352 ------w c:\windows\Driver Cache\I386\ntoskrnl.exe + 2009-01-16 06:33:33 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe - 2008-06-23 16:11:40 1,024,000 ----a-w c:\windows\SYSTEM32\browseui.dll + 2008-10-16 10:20:52 1,024,000 ----a-w c:\windows\SYSTEM32\browseui.dll - 2008-06-23 16:11:40 151,040 ----a-w c:\windows\SYSTEM32\cdfview.dll + 2008-10-16 10:20:42 151,040 ----a-w c:\windows\SYSTEM32\cdfview.dll - 2009-01-15 19:03:41 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT + 2009-01-16 02:49:59 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT - 2009-01-15 19:03:41 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT + 2009-01-16 02:49:59 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT - 2009-01-15 19:03:41 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT + 2009-01-16 02:49:59 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT - 2008-06-23 16:11:42 1,054,208 ----a-w c:\windows\SYSTEM32\danim.dll + 2008-10-16 10:20:45 1,054,208 ----a-w c:\windows\SYSTEM32\danim.dll - 2008-06-20 10:44:38 138,368 ------w c:\windows\SYSTEM32\DLLCACHE\afd.sys + 2008-08-14 09:51:43 138,368 ------w c:\windows\SYSTEM32\DLLCACHE\afd.sys - 2008-06-23 16:11:40 1,024,000 ------w c:\windows\SYSTEM32\DLLCACHE\browseui.dll + 2008-10-16 10:20:52 1,024,000 ------w c:\windows\SYSTEM32\DLLCACHE\browseui.dll - 2008-06-23 16:11:40 151,040 ------w c:\windows\SYSTEM32\DLLCACHE\cdfview.dll + 2008-10-16 10:20:42 151,040 ------w c:\windows\SYSTEM32\DLLCACHE\cdfview.dll - 2008-06-23 16:11:42 1,054,208 ------w c:\windows\SYSTEM32\DLLCACHE\danim.dll + 2008-10-16 10:20:45 1,054,208 ------w c:\windows\SYSTEM32\DLLCACHE\danim.dll - 2008-06-23 16:11:43 357,888 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll + 2008-10-16 10:20:45 357,888 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll - 2008-06-23 16:11:43 205,312 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll + 2008-10-16 10:20:45 205,312 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll - 2008-06-23 16:11:43 55,808 ----a-w c:\windows\SYSTEM32\DLLCACHE\extmgr.dll + 2008-10-16 10:20:46 55,808 ----a-w c:\windows\SYSTEM32\DLLCACHE\extmgr.dll - 2008-06-23 09:53:58 18,432 ----a-w c:\windows\SYSTEM32\DLLCACHE\iedw.exe + 2008-10-15 14:18:21 18,432 ----a-w c:\windows\SYSTEM32\DLLCACHE\iedw.exe - 2008-06-23 16:11:52 251,904 ----a-w c:\windows\SYSTEM32\DLLCACHE\iepeers.dll + 2008-10-16 10:20:46 251,904 ----a-w c:\windows\SYSTEM32\DLLCACHE\iepeers.dll - 2008-06-23 16:11:52 96,256 ----a-w c:\windows\SYSTEM32\DLLCACHE\inseng.dll + 2008-10-16 10:20:46 96,256 ----a-w c:\windows\SYSTEM32\DLLCACHE\inseng.dll - 2008-06-23 16:11:52 16,384 ----a-w c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll + 2008-10-16 10:20:50 16,384 ----a-w c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll - 2006-10-19 02:03:58 100,864 ----a-w c:\windows\SYSTEM32\DLLCACHE\logagent.exe + 2008-06-18 07:09:22 100,864 ----a-w c:\windows\SYSTEM32\DLLCACHE\logagent.exe - 2008-06-23 16:12:00 449,024 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll + 2008-10-16 10:20:50 449,024 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll - 2008-06-23 16:12:02 146,432 ----a-w c:\windows\SYSTEM32\DLLCACHE\msrating.dll + 2008-10-16 10:20:46 146,432 ----a-w c:\windows\SYSTEM32\DLLCACHE\msrating.dll - 2008-06-23 16:12:02 532,480 ----a-w c:\windows\SYSTEM32\DLLCACHE\mstime.dll + 2008-10-16 10:20:46 532,480 ----a-w c:\windows\SYSTEM32\DLLCACHE\mstime.dll - 2007-06-26 06:08:16 1,104,896 ------w c:\windows\SYSTEM32\DLLCACHE\msxml3.dll + 2008-09-04 16:42:02 1,106,944 ------w c:\windows\SYSTEM32\DLLCACHE\msxml3.dll - 2006-08-17 12:28:27 332,288 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll + 2008-10-15 16:57:55 332,800 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll - 2007-02-28 09:08:48 2,136,064 ------w c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe + 2008-08-14 09:58:27 2,136,064 ------w c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe - 2007-02-28 08:38:55 2,057,600 ------w c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe + 2008-08-14 09:22:13 2,057,728 ------w c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe - 2007-02-28 08:38:57 2,015,744 ------w c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe + 2008-08-14 09:22:14 2,015,744 ------w c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe - 2007-02-28 09:10:57 2,180,352 ------w c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe + 2008-08-14 10:00:45 2,180,352 ------w c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe - 2008-06-23 16:12:02 39,424 ----a-w c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll + 2008-10-16 10:20:46 39,424 ----a-w c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll - 2008-06-23 16:12:05 1,499,136 ----a-w c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll + 2008-10-16 10:20:48 1,499,136 ----a-w c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll - 2008-06-23 16:12:05 474,112 ------w c:\windows\SYSTEM32\DLLCACHE\shlwapi.dll + 2008-10-16 10:20:51 474,112 ------w c:\windows\SYSTEM32\DLLCACHE\shlwapi.dll - 2006-08-21 15:52:08 246,814 ------w c:\windows\SYSTEM32\DLLCACHE\strmdll.dll + 2008-10-03 10:15:47 247,326 ------w c:\windows\SYSTEM32\DLLCACHE\strmdll.dll - 2008-06-23 16:12:06 618,496 ----a-w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll + 2008-10-16 10:20:53 619,008 ----a-w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll - 2007-03-08 13:47:48 1,843,584 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys + 2008-09-15 11:57:41 1,846,016 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys - 2008-06-23 16:12:08 667,136 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll + 2008-10-16 10:20:49 667,648 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll - 2006-10-19 03:47:20 937,984 ----a-w c:\windows\SYSTEM32\DLLCACHE\WMNetMgr.dll + 2008-06-18 11:03:08 938,496 ----a-w c:\windows\SYSTEM32\DLLCACHE\WMNetmgr.dll - 2006-10-19 03:47:22 2,450,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wmvcore.dll + 2008-06-18 11:03:14 2,458,112 ----a-w c:\windows\SYSTEM32\DLLCACHE\WMVCore.dll - 2008-06-20 10:44:38 138,368 ----a-w c:\windows\SYSTEM32\DRIVERS\afd.sys + 2008-08-14 09:51:43 138,368 ----a-w c:\windows\SYSTEM32\DRIVERS\afd.sys - 2006-05-05 09:41:45 453,120 ----a-w c:\windows\SYSTEM32\DRIVERS\mrxsmb.sys + 2008-10-24 11:10:42 453,632 ----a-w c:\windows\SYSTEM32\DRIVERS\mrxsmb.sys - 2008-06-23 16:11:43 357,888 ----a-w c:\windows\SYSTEM32\dxtmsft.dll + 2008-10-16 10:20:45 357,888 ----a-w c:\windows\SYSTEM32\dxtmsft.dll - 2008-06-23 16:11:43 205,312 ----a-w c:\windows\SYSTEM32\dxtrans.dll + 2008-10-16 10:20:45 205,312 ----a-w c:\windows\SYSTEM32\dxtrans.dll - 2008-06-23 16:11:43 55,808 ----a-w c:\windows\SYSTEM32\extmgr.dll + 2008-10-16 10:20:46 55,808 ----a-w c:\windows\SYSTEM32\extmgr.dll - 2007-04-16 17:54:33 506,600 ----a-w c:\windows\SYSTEM32\FNTCACHE.DAT + 2009-01-16 13:51:37 506,600 ----a-w c:\windows\SYSTEM32\FNTCACHE.DAT - 2008-06-23 16:11:52 251,904 ----a-w c:\windows\SYSTEM32\iepeers.dll + 2008-10-16 10:20:46 251,904 ----a-w c:\windows\SYSTEM32\iepeers.dll - 2008-06-23 16:11:52 96,256 ----a-w c:\windows\SYSTEM32\inseng.dll + 2008-10-16 10:20:46 96,256 ----a-w c:\windows\SYSTEM32\inseng.dll - 2004-02-18 13:32:17 24,670 -c--a-w c:\windows\SYSTEM32\java.exe + 2009-01-16 04:12:17 144,792 ----a-w c:\windows\SYSTEM32\java.exe - 2004-02-18 13:32:17 28,768 -c--a-w c:\windows\SYSTEM32\javaw.exe + 2009-01-16 04:12:17 144,792 ----a-w c:\windows\SYSTEM32\javaw.exe + 2009-01-16 04:12:17 148,888 ----a-w c:\windows\SYSTEM32\javaws.exe - 2008-06-23 16:11:52 16,384 ----a-w c:\windows\SYSTEM32\jsproxy.dll + 2008-10-16 10:20:50 16,384 ----a-w c:\windows\SYSTEM32\jsproxy.dll - 2006-10-19 02:03:58 100,864 ----a-w c:\windows\SYSTEM32\logagent.exe + 2008-06-18 07:09:22 100,864 ----a-w c:\windows\SYSTEM32\logagent.exe - 2008-08-05 16:11:02 15,888,504 ----a-w c:\windows\SYSTEM32\MRT.exe + 2009-01-09 23:35:30 20,853,704 ----a-w c:\windows\SYSTEM32\MRT.exe - 2008-06-23 16:11:58 3,067,392 ----a-w c:\windows\SYSTEM32\mshtml.dll + 2008-12-12 17:27:54 3,067,392 ----a-w c:\windows\SYSTEM32\mshtml.dll - 2008-06-23 16:12:00 449,024 ----a-w c:\windows\SYSTEM32\mshtmled.dll + 2008-10-16 10:20:50 449,024 ----a-w c:\windows\SYSTEM32\mshtmled.dll - 2008-06-23 16:12:02 146,432 ----a-w c:\windows\SYSTEM32\msrating.dll + 2008-10-16 10:20:46 146,432 ----a-w c:\windows\SYSTEM32\msrating.dll - 2008-06-23 16:12:02 532,480 ----a-w c:\windows\SYSTEM32\mstime.dll + 2008-10-16 10:20:46 532,480 ----a-w c:\windows\SYSTEM32\mstime.dll - 2007-06-26 06:08:16 1,104,896 ----a-w c:\windows\SYSTEM32\msxml3.dll + 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\SYSTEM32\msxml3.dll - 2007-05-08 20:03:04 1,275,392 ----a-w c:\windows\SYSTEM32\msxml4.dll + 2008-09-30 22:43:34 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll - 2006-08-17 12:28:27 332,288 ----a-w c:\windows\SYSTEM32\netapi32.dll + 2008-10-15 16:57:55 332,800 ----a-w c:\windows\SYSTEM32\netapi32.dll - 2007-02-28 08:38:55 2,057,600 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe + 2008-08-14 09:22:13 2,057,728 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe - 2007-02-28 09:10:57 2,180,352 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe + 2008-08-14 10:00:45 2,180,352 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe - 2008-06-23 16:12:02 39,424 ----a-w c:\windows\SYSTEM32\pngfilt.dll + 2008-10-16 10:20:46 39,424 ----a-w c:\windows\SYSTEM32\pngfilt.dll - 2008-06-23 16:12:05 1,499,136 ----a-w c:\windows\SYSTEM32\shdocvw.dll + 2008-10-16 10:20:48 1,499,136 ----a-w c:\windows\SYSTEM32\shdocvw.dll - 2008-06-23 16:12:05 474,112 ----a-w c:\windows\SYSTEM32\shlwapi.dll + 2008-10-16 10:20:51 474,112 ----a-w c:\windows\SYSTEM32\shlwapi.dll - 2007-11-30 12:39:22 17,272 ------w c:\windows\SYSTEM32\spmsg.dll + 2007-11-30 11:18:51 17,272 ------w c:\windows\SYSTEM32\spmsg.dll - 2006-08-21 15:52:08 246,814 ----a-w c:\windows\SYSTEM32\strmdll.dll + 2008-10-03 10:15:47 247,326 ----a-w c:\windows\SYSTEM32\strmdll.dll - 2008-07-14 11:09:18 62,976 ------w c:\windows\SYSTEM32\tzchange.exe + 2008-10-22 09:47:07 62,976 ------w c:\windows\SYSTEM32\tzchange.exe - 2008-06-23 16:12:06 618,496 ----a-w c:\windows\SYSTEM32\urlmon.dll + 2008-10-16 10:20:53 619,008 ----a-w c:\windows\SYSTEM32\urlmon.dll - 2007-03-08 13:47:48 1,843,584 ----a-w c:\windows\SYSTEM32\win32k.sys + 2008-09-15 11:57:41 1,846,016 ----a-w c:\windows\SYSTEM32\win32k.sys - 2008-06-23 16:12:08 667,136 ----a-w c:\windows\SYSTEM32\wininet.dll + 2008-10-16 10:20:49 667,648 ----a-w c:\windows\SYSTEM32\wininet.dll - 2006-10-19 03:47:20 937,984 ----a-w c:\windows\SYSTEM32\wmnetmgr.dll + 2008-06-18 11:03:08 938,496 ----a-w c:\windows\SYSTEM32\WMNetmgr.dll - 2006-10-19 03:47:20 295,936 ------w c:\windows\SYSTEM32\wmpeffects.dll + 2008-06-25 00:12:58 295,936 ------w c:\windows\SYSTEM32\wmpeffects.dll - 2006-10-19 03:47:22 2,450,944 ----a-w c:\windows\SYSTEM32\wmvcore.dll + 2008-06-18 11:03:14 2,458,112 ----a-w c:\windows\SYSTEM32\WMVCore.dll - 2008-07-03 09:14:02 351,744 ----a-w c:\windows\SYSTEM32\xpsp3res.dll + 2008-10-15 14:00:41 351,744 ----a-w c:\windows\SYSTEM32\xpsp3res.dll + 2009-01-16 13:52:05 16,384 ----atw c:\windows\temp\Perflib_Perfdata_650.dat + 2008-09-30 22:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll + 2008-09-30 22:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll + 2008-04-15 17:54:19 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-07-24 243072] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-12 68856] "Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-01-07 2262352] "cdloader"="c:\documents and settings\Bob\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-02-18 77824] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-15 136600] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Quicken Startup.lnk - c:\program files\QUICKENW\QWDLLS.EXE [2007-01-15 36864] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk backup=c:\windows\pss\Billminder.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Date Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Date Manager.lnk backup=c:\windows\pss\Date Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GStartup.lnk backup=c:\windows\pss\GStartup.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PrecisionTime.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PrecisionTime.lnk backup=c:\windows\pss\PrecisionTime.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Weatherscope.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Weatherscope.lnk backup=c:\windows\pss\Weatherscope.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Bob^Start Menu^Programs^Startup^HotSync Manager.lnk] path=c:\documents and settings\Bob\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Bob^Start Menu^Programs^Startup^OpenOffice.org 1.1.1.lnk] path=c:\documents and settings\Bob\Start Menu\Programs\Startup\OpenOffice.org 1.1.1.lnk backup=c:\windows\pss\OpenOffice.org 1.1.1.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Bob^Start Menu^Programs^Startup^Webshots.lnk] path=c:\documents and settings\Bob\Start Menu\Programs\Startup\Webshots.lnk backup=c:\windows\pss\Webshots.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] --a------ 2003-08-06 01:04 114741 c:\windows\SYSTEM32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry] --a------ 2003-08-13 10:27 28672 c:\windows\SYSTEM32\DSentry.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2005-09-20 08:32 77824 c:\windows\SYSTEM32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2005-09-20 08:35 94208 c:\windows\SYSTEM32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail] --a------ 2008-07-24 13:22 243072 c:\progra~1\INCRED~1\bin\IncMail.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 10:24 1694208 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --------- 2003-08-26 19:47 204800 c:\program files\Dell\Media Experience\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] --a------ 2008-02-25 19:23 443968 c:\program files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2004-02-18 07:43 77824 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-07-12 15:15 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] --a------ 2003-08-19 00:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "MSK80Service"=2 (0x2) "MpfService"=2 (0x2) "McSysmon"=3 (0x3) "McShield"=2 (0x2) "McProxy"=2 (0x2) "McODS"=3 (0x3) "McNASvc"=2 (0x2) "mcmscsvc"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "c:\\Documents and Settings\\Bob\\Application Data\\mjusbsp\\magicJack.exe"= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2008-12-06 c:\windows\Tasks\EasyShare Registration Task.job - c:\windows\system32\rundll32.exe [2004-08-04 01:56] 2004-07-20 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1082996482.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52] . . ------- Supplementary Scan ------- . uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uSearch Bar = hxxp://www.google.com/ie mStart Page = hxxp://www.dell4me.com/myway uInternet Settings,ProxyOverride = localhost uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Add animation to IncrediMail Style Box - c:\progra~1\INCRED~1\bin\resources\WebMenuImg.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-16 08:10:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-01-16 8:11:45 ComboFix-quarantined-files.txt 2009-01-16 14:11:38 ComboFix2.txt 2009-01-16 06:20:02 ComboFix3.txt 2009-01-16 03:55:22 ComboFix4.txt 2009-01-15 19:59:58 Pre-Run: 100,257,398,784 bytes free Post-Run: 100,242,313,216 bytes free 404 --- E O F --- 2009-01-16 06:35:37 __________________________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:17:46 AM, on 1/16/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\QUICKENW\QWDLLS.EXE C:\Program Files\IncrediMail\bin\IMApp.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Bob\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- End of file - 7531 bytes
  9. I'm nearly scared to try anything...lol Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:17:46 AM, on 1/16/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\QUICKENW\QWDLLS.EXE C:\Program Files\IncrediMail\bin\IMApp.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Bob\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- End of file - 7531 bytes ComboFix 09-01-13.04 - Bob 2009-01-16 8:08:00.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.677 [GMT -6:00] Running from: c:\documents and settings\Bob\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Bob\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 ))))))))))))))))))))))))))))))) . 2009-01-15 22:12 . 2009-01-15 22:12 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll 2009-01-15 22:12 . 2009-01-15 22:12 73,728 --a------ c:\windows\SYSTEM32\javacpl.cpl 2009-01-15 11:33 . 2009-01-15 11:34 <DIR> d-------- c:\documents and settings\Bob\Application Data\GARMIN 2009-01-15 11:21 . 2009-01-15 11:28 <DIR> d-------- c:\documents and settings\Bob\Application Data\mjusbsp 2009-01-15 11:21 . 2004-08-04 00:07 59,264 --a------ c:\windows\SYSTEM32\DRIVERS\USBAUDIO.sys 2009-01-15 11:21 . 2004-08-04 00:07 59,264 --a------ c:\windows\SYSTEM32\DLLCACHE\usbaudio.sys 2009-01-14 10:36 . 2009-01-14 10:36 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-14 10:36 . 2009-01-14 10:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-14 10:36 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys 2009-01-14 10:36 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys 2009-01-14 01:22 . 2009-01-14 01:24 3,039,899 --a------ C:\ComboFix.exe 2009-01-13 12:27 . 2009-01-13 12:27 <DIR> d-------- C:\rsit 2009-01-13 12:27 . 2009-01-15 09:16 <DIR> d-------- c:\program files\trend micro 2009-01-12 11:11 . 2004-02-18 07:47 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Sonic 2009-01-12 11:11 . 2004-02-18 07:49 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Jasc Software Inc 2009-01-12 11:11 . 2009-01-12 11:11 <DIR> d-------- c:\documents and settings\Administrator 2009-01-11 23:07 . 2009-01-11 23:07 <DIR> d-------- c:\program files\IObit 2009-01-11 23:07 . 2009-01-11 23:07 <DIR> d-------- c:\documents and settings\Bob\Application Data\IObit 2008-12-19 08:18 . 2009-01-15 09:04 2,712 --a------ c:\windows\SYSTEM32\TDSSfxmp.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-16 06:31 --------- d-----w c:\documents and settings\Bob\Application Data\HPAppData 2009-01-16 04:12 --------- d-----w c:\program files\Java 2009-01-16 03:50 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee 2009-01-12 15:43 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-01-12 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-12 05:08 --------- d-----w c:\program files\OpenOffice.org1.1.1 2009-01-08 20:48 --------- d-----w c:\program files\Lavasoft 2009-01-08 20:48 --------- d-----w c:\documents and settings\Peggy\Application Data\Lavasoft 2009-01-08 19:36 --------- d-----w c:\program files\DYMO Label 2009-01-08 18:44 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore 2008-12-12 17:27 3,067,392 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-11 11:57 333,184 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys 2008-11-24 18:59 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-24 18:38 --------- d-----w c:\documents and settings\Bob\Application Data\ArcSoft 2008-10-24 11:10 453,632 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys 2008-10-23 13:01 283,648 ----a-w c:\windows\SYSTEM32\gdi32.dll 2008-10-23 13:01 283,648 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll 2008-10-16 20:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll 2008-10-16 20:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll 2008-10-16 20:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll 2008-10-16 20:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll 2008-10-16 20:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll 2008-10-16 20:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll 2008-10-16 20:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll 2008-10-16 20:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll 2008-10-16 20:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll 2008-10-16 20:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll 2008-10-16 20:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe 2008-10-16 20:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe 2008-10-16 20:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll 2008-10-16 20:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll 2008-10-16 20:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll 2007-09-20 13:48 171,144 ----a-w c:\documents and settings\Bob\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( [email protected]_13.58.58.50 ))))))))))))))))))))))))))))))))))))))))) . + 2008-10-22 09:47:25 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP2QFE\tzchange.exe + 2008-10-23 10:06:59 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3GDR\tzchange.exe + 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll + 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll + 2008-10-23 12:51:04 284,160 ----a-w c:\windows\$hf_mig$\KB956802\SP2QFE\gdi32.dll + 2008-10-23 12:36:14 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3GDR\gdi32.dll + 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll + 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll + 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe + 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll + 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe + 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll - 2006-05-05 09:41:45 453,120 ------w c:\windows\Driver Cache\I386\mrxsmb.sys + 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\I386\mrxsmb.sys - 2007-02-28 09:08:48 2,136,064 ------w c:\windows\Driver Cache\I386\ntkrnlmp.exe + 2008-08-14 09:58:27 2,136,064 ------w c:\windows\Driver Cache\I386\ntkrnlmp.exe - 2007-02-28 08:38:55 2,057,600 ------w c:\windows\Driver Cache\I386\ntkrnlpa.exe + 2008-08-14 09:22:13 2,057,728 ------w c:\windows\Driver Cache\I386\ntkrnlpa.exe - 2007-02-28 08:38:57 2,015,744 ------w c:\windows\Driver Cache\I386\ntkrpamp.exe + 2008-08-14 09:22:14 2,015,744 ------w c:\windows\Driver Cache\I386\ntkrpamp.exe - 2007-02-28 09:10:57 2,180,352 ------w c:\windows\Driver Cache\I386\ntoskrnl.exe + 2008-08-14 10:00:45 2,180,352 ------w c:\windows\Driver Cache\I386\ntoskrnl.exe + 2009-01-16 06:33:33 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe - 2008-06-23 16:11:40 1,024,000 ----a-w c:\windows\SYSTEM32\browseui.dll + 2008-10-16 10:20:52 1,024,000 ----a-w c:\windows\SYSTEM32\browseui.dll - 2008-06-23 16:11:40 151,040 ----a-w c:\windows\SYSTEM32\cdfview.dll + 2008-10-16 10:20:42 151,040 ----a-w c:\windows\SYSTEM32\cdfview.dll - 2009-01-15 19:03:41 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT + 2009-01-16 02:49:59 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT - 2009-01-15 19:03:41 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT + 2009-01-16 02:49:59 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT - 2009-01-15 19:03:41 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT + 2009-01-16 02:49:59 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT - 2008-06-23 16:11:42 1,054,208 ----a-w c:\windows\SYSTEM32\danim.dll + 2008-10-16 10:20:45 1,054,208 ----a-w c:\windows\SYSTEM32\danim.dll - 2008-06-20 10:44:38 138,368 ------w c:\windows\SYSTEM32\DLLCACHE\afd.sys + 2008-08-14 09:51:43 138,368 ------w c:\windows\SYSTEM32\DLLCACHE\afd.sys - 2008-06-23 16:11:40 1,024,000 ------w c:\windows\SYSTEM32\DLLCACHE\browseui.dll + 2008-10-16 10:20:52 1,024,000 ------w c:\windows\SYSTEM32\DLLCACHE\browseui.dll - 2008-06-23 16:11:40 151,040 ------w c:\windows\SYSTEM32\DLLCACHE\cdfview.dll + 2008-10-16 10:20:42 151,040 ------w c:\windows\SYSTEM32\DLLCACHE\cdfview.dll - 2008-06-23 16:11:42 1,054,208 ------w c:\windows\SYSTEM32\DLLCACHE\danim.dll + 2008-10-16 10:20:45 1,054,208 ------w c:\windows\SYSTEM32\DLLCACHE\danim.dll - 2008-06-23 16:11:43 357,888 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll + 2008-10-16 10:20:45 357,888 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll - 2008-06-23 16:11:43 205,312 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll + 2008-10-16 10:20:45 205,312 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll - 2008-06-23 16:11:43 55,808 ----a-w c:\windows\SYSTEM32\DLLCACHE\extmgr.dll + 2008-10-16 10:20:46 55,808 ----a-w c:\windows\SYSTEM32\DLLCACHE\extmgr.dll - 2008-06-23 09:53:58 18,432 ----a-w c:\windows\SYSTEM32\DLLCACHE\iedw.exe + 2008-10-15 14:18:21 18,432 ----a-w c:\windows\SYSTEM32\DLLCACHE\iedw.exe - 2008-06-23 16:11:52 251,904 ----a-w c:\windows\SYSTEM32\DLLCACHE\iepeers.dll + 2008-10-16 10:20:46 251,904 ----a-w c:\windows\SYSTEM32\DLLCACHE\iepeers.dll - 2008-06-23 16:11:52 96,256 ----a-w c:\windows\SYSTEM32\DLLCACHE\inseng.dll + 2008-10-16 10:20:46 96,256 ----a-w c:\windows\SYSTEM32\DLLCACHE\inseng.dll - 2008-06-23 16:11:52 16,384 ----a-w c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll + 2008-10-16 10:20:50 16,384 ----a-w c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll - 2006-10-19 02:03:58 100,864 ----a-w c:\windows\SYSTEM32\DLLCACHE\logagent.exe + 2008-06-18 07:09:22 100,864 ----a-w c:\windows\SYSTEM32\DLLCACHE\logagent.exe - 2008-06-23 16:12:00 449,024 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll + 2008-10-16 10:20:50 449,024 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll - 2008-06-23 16:12:02 146,432 ----a-w c:\windows\SYSTEM32\DLLCACHE\msrating.dll + 2008-10-16 10:20:46 146,432 ----a-w c:\windows\SYSTEM32\DLLCACHE\msrating.dll - 2008-06-23 16:12:02 532,480 ----a-w c:\windows\SYSTEM32\DLLCACHE\mstime.dll + 2008-10-16 10:20:46 532,480 ----a-w c:\windows\SYSTEM32\DLLCACHE\mstime.dll - 2007-06-26 06:08:16 1,104,896 ------w c:\windows\SYSTEM32\DLLCACHE\msxml3.dll + 2008-09-04 16:42:02 1,106,944 ------w c:\windows\SYSTEM32\DLLCACHE\msxml3.dll - 2006-08-17 12:28:27 332,288 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll + 2008-10-15 16:57:55 332,800 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll - 2007-02-28 09:08:48 2,136,064 ------w c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe + 2008-08-14 09:58:27 2,136,064 ------w c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe - 2007-02-28 08:38:55 2,057,600 ------w c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe + 2008-08-14 09:22:13 2,057,728 ------w c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe - 2007-02-28 08:38:57 2,015,744 ------w c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe + 2008-08-14 09:22:14 2,015,744 ------w c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe - 2007-02-28 09:10:57 2,180,352 ------w c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe + 2008-08-14 10:00:45 2,180,352 ------w c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe - 2008-06-23 16:12:02 39,424 ----a-w c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll + 2008-10-16 10:20:46 39,424 ----a-w c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll - 2008-06-23 16:12:05 1,499,136 ----a-w c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll + 2008-10-16 10:20:48 1,499,136 ----a-w c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll - 2008-06-23 16:12:05 474,112 ------w c:\windows\SYSTEM32\DLLCACHE\shlwapi.dll + 2008-10-16 10:20:51 474,112 ------w c:\windows\SYSTEM32\DLLCACHE\shlwapi.dll - 2006-08-21 15:52:08 246,814 ------w c:\windows\SYSTEM32\DLLCACHE\strmdll.dll + 2008-10-03 10:15:47 247,326 ------w c:\windows\SYSTEM32\DLLCACHE\strmdll.dll - 2008-06-23 16:12:06 618,496 ----a-w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll + 2008-10-16 10:20:53 619,008 ----a-w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll - 2007-03-08 13:47:48 1,843,584 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys + 2008-09-15 11:57:41 1,846,016 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys - 2008-06-23 16:12:08 667,136 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll + 2008-10-16 10:20:49 667,648 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll - 2006-10-19 03:47:20 937,984 ----a-w c:\windows\SYSTEM32\DLLCACHE\WMNetMgr.dll + 2008-06-18 11:03:08 938,496 ----a-w c:\windows\SYSTEM32\DLLCACHE\WMNetmgr.dll - 2006-10-19 03:47:22 2,450,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wmvcore.dll + 2008-06-18 11:03:14 2,458,112 ----a-w c:\windows\SYSTEM32\DLLCACHE\WMVCore.dll - 2008-06-20 10:44:38 138,368 ----a-w c:\windows\SYSTEM32\DRIVERS\afd.sys + 2008-08-14 09:51:43 138,368 ----a-w c:\windows\SYSTEM32\DRIVERS\afd.sys - 2006-05-05 09:41:45 453,120 ----a-w c:\windows\SYSTEM32\DRIVERS\mrxsmb.sys + 2008-10-24 11:10:42 453,632 ----a-w c:\windows\SYSTEM32\DRIVERS\mrxsmb.sys - 2008-06-23 16:11:43 357,888 ----a-w c:\windows\SYSTEM32\dxtmsft.dll + 2008-10-16 10:20:45 357,888 ----a-w c:\windows\SYSTEM32\dxtmsft.dll - 2008-06-23 16:11:43 205,312 ----a-w c:\windows\SYSTEM32\dxtrans.dll + 2008-10-16 10:20:45 205,312 ----a-w c:\windows\SYSTEM32\dxtrans.dll - 2008-06-23 16:11:43 55,808 ----a-w c:\windows\SYSTEM32\extmgr.dll + 2008-10-16 10:20:46 55,808 ----a-w c:\windows\SYSTEM32\extmgr.dll - 2007-04-16 17:54:33 506,600 ----a-w c:\windows\SYSTEM32\FNTCACHE.DAT + 2009-01-16 13:51:37 506,600 ----a-w c:\windows\SYSTEM32\FNTCACHE.DAT - 2008-06-23 16:11:52 251,904 ----a-w c:\windows\SYSTEM32\iepeers.dll + 2008-10-16 10:20:46 251,904 ----a-w c:\windows\SYSTEM32\iepeers.dll - 2008-06-23 16:11:52 96,256 ----a-w c:\windows\SYSTEM32\inseng.dll + 2008-10-16 10:20:46 96,256 ----a-w c:\windows\SYSTEM32\inseng.dll - 2004-02-18 13:32:17 24,670 -c--a-w c:\windows\SYSTEM32\java.exe + 2009-01-16 04:12:17 144,792 ----a-w c:\windows\SYSTEM32\java.exe - 2004-02-18 13:32:17 28,768 -c--a-w c:\windows\SYSTEM32\javaw.exe + 2009-01-16 04:12:17 144,792 ----a-w c:\windows\SYSTEM32\javaw.exe + 2009-01-16 04:12:17 148,888 ----a-w c:\windows\SYSTEM32\javaws.exe - 2008-06-23 16:11:52 16,384 ----a-w c:\windows\SYSTEM32\jsproxy.dll + 2008-10-16 10:20:50 16,384 ----a-w c:\windows\SYSTEM32\jsproxy.dll - 2006-10-19 02:03:58 100,864 ----a-w c:\windows\SYSTEM32\logagent.exe + 2008-06-18 07:09:22 100,864 ----a-w c:\windows\SYSTEM32\logagent.exe - 2008-08-05 16:11:02 15,888,504 ----a-w c:\windows\SYSTEM32\MRT.exe + 2009-01-09 23:35:30 20,853,704 ----a-w c:\windows\SYSTEM32\MRT.exe - 2008-06-23 16:11:58 3,067,392 ----a-w c:\windows\SYSTEM32\mshtml.dll + 2008-12-12 17:27:54 3,067,392 ----a-w c:\windows\SYSTEM32\mshtml.dll - 2008-06-23 16:12:00 449,024 ----a-w c:\windows\SYSTEM32\mshtmled.dll + 2008-10-16 10:20:50 449,024 ----a-w c:\windows\SYSTEM32\mshtmled.dll - 2008-06-23 16:12:02 146,432 ----a-w c:\windows\SYSTEM32\msrating.dll + 2008-10-16 10:20:46 146,432 ----a-w c:\windows\SYSTEM32\msrating.dll - 2008-06-23 16:12:02 532,480 ----a-w c:\windows\SYSTEM32\mstime.dll + 2008-10-16 10:20:46 532,480 ----a-w c:\windows\SYSTEM32\mstime.dll - 2007-06-26 06:08:16 1,104,896 ----a-w c:\windows\SYSTEM32\msxml3.dll + 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\SYSTEM32\msxml3.dll - 2007-05-08 20:03:04 1,275,392 ----a-w c:\windows\SYSTEM32\msxml4.dll + 2008-09-30 22:43:34 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll - 2006-08-17 12:28:27 332,288 ----a-w c:\windows\SYSTEM32\netapi32.dll + 2008-10-15 16:57:55 332,800 ----a-w c:\windows\SYSTEM32\netapi32.dll - 2007-02-28 08:38:55 2,057,600 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe + 2008-08-14 09:22:13 2,057,728 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe - 2007-02-28 09:10:57 2,180,352 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe + 2008-08-14 10:00:45 2,180,352 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe - 2008-06-23 16:12:02 39,424 ----a-w c:\windows\SYSTEM32\pngfilt.dll + 2008-10-16 10:20:46 39,424 ----a-w c:\windows\SYSTEM32\pngfilt.dll - 2008-06-23 16:12:05 1,499,136 ----a-w c:\windows\SYSTEM32\shdocvw.dll + 2008-10-16 10:20:48 1,499,136 ----a-w c:\windows\SYSTEM32\shdocvw.dll - 2008-06-23 16:12:05 474,112 ----a-w c:\windows\SYSTEM32\shlwapi.dll + 2008-10-16 10:20:51 474,112 ----a-w c:\windows\SYSTEM32\shlwapi.dll - 2007-11-30 12:39:22 17,272 ------w c:\windows\SYSTEM32\spmsg.dll + 2007-11-30 11:18:51 17,272 ------w c:\windows\SYSTEM32\spmsg.dll - 2006-08-21 15:52:08 246,814 ----a-w c:\windows\SYSTEM32\strmdll.dll + 2008-10-03 10:15:47 247,326 ----a-w c:\windows\SYSTEM32\strmdll.dll - 2008-07-14 11:09:18 62,976 ------w c:\windows\SYSTEM32\tzchange.exe + 2008-10-22 09:47:07 62,976 ------w c:\windows\SYSTEM32\tzchange.exe - 2008-06-23 16:12:06 618,496 ----a-w c:\windows\SYSTEM32\urlmon.dll + 2008-10-16 10:20:53 619,008 ----a-w c:\windows\SYSTEM32\urlmon.dll - 2007-03-08 13:47:48 1,843,584 ----a-w c:\windows\SYSTEM32\win32k.sys + 2008-09-15 11:57:41 1,846,016 ----a-w c:\windows\SYSTEM32\win32k.sys - 2008-06-23 16:12:08 667,136 ----a-w c:\windows\SYSTEM32\wininet.dll + 2008-10-16 10:20:49 667,648 ----a-w c:\windows\SYSTEM32\wininet.dll - 2006-10-19 03:47:20 937,984 ----a-w c:\windows\SYSTEM32\wmnetmgr.dll + 2008-06-18 11:03:08 938,496 ----a-w c:\windows\SYSTEM32\WMNetmgr.dll - 2006-10-19 03:47:20 295,936 ------w c:\windows\SYSTEM32\wmpeffects.dll + 2008-06-25 00:12:58 295,936 ------w c:\windows\SYSTEM32\wmpeffects.dll - 2006-10-19 03:47:22 2,450,944 ----a-w c:\windows\SYSTEM32\wmvcore.dll + 2008-06-18 11:03:14 2,458,112 ----a-w c:\windows\SYSTEM32\WMVCore.dll - 2008-07-03 09:14:02 351,744 ----a-w c:\windows\SYSTEM32\xpsp3res.dll + 2008-10-15 14:00:41 351,744 ----a-w c:\windows\SYSTEM32\xpsp3res.dll + 2009-01-16 13:52:05 16,384 ----atw c:\windows\temp\Perflib_Perfdata_650.dat + 2008-09-30 22:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll + 2008-09-30 22:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll + 2008-04-15 17:54:19 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-07-24 243072] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-12 68856] "Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-01-07 2262352] "cdloader"="c:\documents and settings\Bob\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-02-18 77824] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-15 136600] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Quicken Startup.lnk - c:\program files\QUICKENW\QWDLLS.EXE [2007-01-15 36864] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk backup=c:\windows\pss\Billminder.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Date Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Date Manager.lnk backup=c:\windows\pss\Date Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GStartup.lnk backup=c:\windows\pss\GStartup.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PrecisionTime.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PrecisionTime.lnk backup=c:\windows\pss\PrecisionTime.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Weatherscope.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Weatherscope.lnk backup=c:\windows\pss\Weatherscope.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Bob^Start Menu^Programs^Startup^HotSync Manager.lnk] path=c:\documents and settings\Bob\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Bob^Start Menu^Programs^Startup^OpenOffice.org 1.1.1.lnk] path=c:\documents and settings\Bob\Start Menu\Programs\Startup\OpenOffice.org 1.1.1.lnk backup=c:\windows\pss\OpenOffice.org 1.1.1.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Bob^Start Menu^Programs^Startup^Webshots.lnk] path=c:\documents and settings\Bob\Start Menu\Programs\Startup\Webshots.lnk backup=c:\windows\pss\Webshots.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] --a------ 2003-08-06 01:04 114741 c:\windows\SYSTEM32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry] --a------ 2003-08-13 10:27 28672 c:\windows\SYSTEM32\DSentry.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2005-09-20 08:32 77824 c:\windows\SYSTEM32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2005-09-20 08:35 94208 c:\windows\SYSTEM32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail] --a------ 2008-07-24 13:22 243072 c:\progra~1\INCRED~1\bin\IncMail.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 10:24 1694208 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --------- 2003-08-26 19:47 204800 c:\program files\Dell\Media Experience\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] --a------ 2008-02-25 19:23 443968 c:\program files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2004-02-18 07:43 77824 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-07-12 15:15 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] --a------ 2003-08-19 00:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "MSK80Service"=2 (0x2) "MpfService"=2 (0x2) "McSysmon"=3 (0x3) "McShield"=2 (0x2) "McProxy"=2 (0x2) "McODS"=3 (0x3) "McNASvc"=2 (0x2) "mcmscsvc"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "c:\\Documents and Settings\\Bob\\Application Data\\mjusbsp\\magicJack.exe"= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2008-12-06 c:\windows\Tasks\EasyShare Registration Task.job - c:\windows\system32\rundll32.exe [2004-08-04 01:56] 2004-07-20 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1082996482.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52] . . ------- Supplementary Scan ------- . uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uSearch Bar = hxxp://www.google.com/ie mStart Page = hxxp://www.dell4me.com/myway uInternet Settings,ProxyOverride = localhost uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Add animation to IncrediMail Style Box - c:\progra~1\INCRED~1\bin\resources\WebMenuImg.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-16 08:10:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-01-16 8:11:45 ComboFix-quarantined-files.txt 2009-01-16 14:11:38 ComboFix2.txt 2009-01-16 06:20:02 ComboFix3.txt 2009-01-16 03:55:22 ComboFix4.txt 2009-01-15 19:59:58 Pre-Run: 100,257,398,784 bytes free Post-Run: 100,242,313,216 bytes free 404 --- E O F --- 2009-01-16 06:35:37
  10. KASPERSKY ONLINE SCANNER 7 REPORT Friday, January 16, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Friday, January 16, 2009 03:27:41 Records in database: 1628921 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer A:\ C:\ D:\ E:\ F:\ Scan statistics Files scanned 93098 Threat name 7 Infected objects 8 Suspicious objects 0 Duration of the scan 01:21:37 File name Threat name Threats count C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\TDSScfum.dll.vir Infected: Rootkit.Win32.TDSS.dbg 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1468\A0124135.exe Infected: not-a-virus:FraudTool.Win32.AntiVirus360.aa 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1468\A0124189.dll Infected: Backdoor.Win32.TDSS.asz 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1468\A0124190.dll Infected: Backdoor.Win32.TDSS.blh 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1468\A0124191.dll Infected: Backdoor.Win32.TDSS.atb 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1468\A0124192.sys Infected: Backdoor.Win32.TDSS.bkw 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1468\A0124195.dll Infected: Rootkit.Win32.TDSS.dbg 1 C:\WINDOWS\Downloaded Program Files\imloader.exe Infected: not-a-virus:Downloader.Win32.ImLoader.b 1 The selected area was scanned.
  11. ComboFix 09-01-13.04 - Bob 2009-01-15 21:51:39.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.670 [GMT -6:00] Running from: c:\documents and settings\Bob\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Bob\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 ))))))))))))))))))))))))))))))) . 2009-01-15 11:33 . 2009-01-15 11:34 <DIR> d-------- c:\documents and settings\Bob\Application Data\GARMIN 2009-01-15 11:21 . 2009-01-15 11:28 <DIR> d-------- c:\documents and settings\Bob\Application Data\mjusbsp 2009-01-15 11:21 . 2004-08-04 00:07 59,264 --a------ c:\windows\SYSTEM32\DRIVERS\USBAUDIO.sys 2009-01-15 11:21 . 2004-08-04 00:07 59,264 --a------ c:\windows\SYSTEM32\DLLCACHE\usbaudio.sys 2009-01-14 10:36 . 2009-01-14 10:36 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-14 10:36 . 2009-01-14 10:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-14 10:36 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys 2009-01-14 10:36 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys 2009-01-14 01:22 . 2009-01-14 01:24 3,039,899 --a------ C:\ComboFix.exe 2009-01-13 12:27 . 2009-01-13 12:27 <DIR> d-------- C:\rsit 2009-01-13 12:27 . 2009-01-15 09:16 <DIR> d-------- c:\program files\trend micro 2009-01-12 11:11 . 2004-02-18 07:47 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Sonic 2009-01-12 11:11 . 2004-02-18 07:49 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Jasc Software Inc 2009-01-12 11:11 . 2009-01-12 11:11 <DIR> d-------- c:\documents and settings\Administrator 2009-01-11 23:07 . 2009-01-11 23:07 <DIR> d-------- c:\program files\IObit 2009-01-11 23:07 . 2009-01-11 23:07 <DIR> d-------- c:\documents and settings\Bob\Application Data\IObit 2008-12-19 08:18 . 2009-01-15 09:04 2,712 --a------ c:\windows\SYSTEM32\TDSSfxmp.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-16 03:50 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee 2009-01-15 17:31 --------- d-----w c:\documents and settings\Bob\Application Data\HPAppData 2009-01-12 15:43 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-01-12 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-12 05:08 --------- d-----w c:\program files\OpenOffice.org1.1.1 2009-01-08 20:48 --------- d-----w c:\program files\Lavasoft 2009-01-08 20:48 --------- d-----w c:\documents and settings\Peggy\Application Data\Lavasoft 2009-01-08 19:36 --------- d-----w c:\program files\DYMO Label 2009-01-08 18:44 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore 2008-11-24 18:59 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-24 18:38 --------- d-----w c:\documents and settings\Bob\Application Data\ArcSoft 2008-10-16 20:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll 2008-10-16 20:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll 2008-10-16 20:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll 2008-10-16 20:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll 2008-10-16 20:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll 2008-10-16 20:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll 2008-10-16 20:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll 2008-10-16 20:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll 2008-10-16 20:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll 2008-10-16 20:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll 2008-10-16 20:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe 2008-10-16 20:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe 2008-10-16 20:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll 2008-10-16 20:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll 2008-10-16 20:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll 2007-09-20 13:48 171,144 ----a-w c:\documents and settings\Bob\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( [email protected]_13.58.58.50 ))))))))))))))))))))))))))))))))))))))))) . - 2009-01-15 19:03:41 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT + 2009-01-16 02:49:59 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT - 2009-01-15 19:03:41 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT + 2009-01-16 02:49:59 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT - 2009-01-15 19:03:41 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT + 2009-01-16 02:49:59 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-07-24 243072] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-12 68856] "Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-01-07 2262352] "cdloader"="c:\documents and settings\Bob\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-02-18 77824] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Quicken Startup.lnk - c:\program files\QUICKENW\QWDLLS.EXE [2007-01-15 36864] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk backup=c:\windows\pss\Billminder.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Date Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Date Manager.lnk backup=c:\windows\pss\Date Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GStartup.lnk backup=c:\windows\pss\GStartup.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PrecisionTime.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PrecisionTime.lnk backup=c:\windows\pss\PrecisionTime.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Weatherscope.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Weatherscope.lnk backup=c:\windows\pss\Weatherscope.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Bob^Start Menu^Programs^Startup^HotSync Manager.lnk] path=c:\documents and settings\Bob\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Bob^Start Menu^Programs^Startup^OpenOffice.org 1.1.1.lnk] path=c:\documents and settings\Bob\Start Menu\Programs\Startup\OpenOffice.org 1.1.1.lnk backup=c:\windows\pss\OpenOffice.org 1.1.1.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Bob^Start Menu^Programs^Startup^Webshots.lnk] path=c:\documents and settings\Bob\Start Menu\Programs\Startup\Webshots.lnk backup=c:\windows\pss\Webshots.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] --a------ 2003-08-06 01:04 114741 c:\windows\SYSTEM32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry] --a------ 2003-08-13 10:27 28672 c:\windows\SYSTEM32\DSentry.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2005-09-20 08:32 77824 c:\windows\SYSTEM32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2005-09-20 08:35 94208 c:\windows\SYSTEM32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail] --a------ 2008-07-24 13:22 243072 c:\progra~1\INCRED~1\bin\IncMail.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 10:24 1694208 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --------- 2003-08-26 19:47 204800 c:\program files\Dell\Media Experience\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] --a------ 2008-02-25 19:23 443968 c:\program files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2004-02-18 07:43 77824 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-07-12 15:15 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] --a------ 2003-08-19 00:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "MSK80Service"=2 (0x2) "MpfService"=2 (0x2) "McSysmon"=3 (0x3) "McShield"=2 (0x2) "McProxy"=2 (0x2) "McODS"=3 (0x3) "McNASvc"=2 (0x2) "mcmscsvc"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "c:\\Documents and Settings\\Bob\\Application Data\\mjusbsp\\magicJack.exe"= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2008-12-06 c:\windows\Tasks\EasyShare Registration Task.job - c:\windows\system32\rundll32.exe [2004-08-04 01:56] 2004-07-20 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1082996482.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-MCAgentExe - c:\progra~1\mcafee.com\agent\mcagent.exe MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\McUpdate.exe . ------- Supplementary Scan ------- . uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uSearch Bar = hxxp://www.google.com/ie mStart Page = hxxp://www.dell4me.com/myway uInternet Settings,ProxyOverride = localhost uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Add animation to IncrediMail Style Box - c:\progra~1\INCRED~1\bin\resources\WebMenuImg.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-15 21:53:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-01-15 21:55:21 ComboFix-quarantined-files.txt 2009-01-16 03:55:12 ComboFix2.txt 2009-01-15 19:59:58 Pre-Run: 100,653,883,392 bytes free Post-Run: 100,640,268,288 bytes free 225 --- E O F --- 2008-09-09 20:06:39
  12. Here are the 2 logs..combofix and hijack this ComboFix 09-01-13.04 - Bob 2009-01-15 13:50:38.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.600 [GMT -6:00] Running from: c:\documents and settings\Bob\Desktop\Combo-Fix.exe AV: McAfee VirusScan *On-access scanning enabled* (Updated) FW: McAfee Personal Firewall *disabled* * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Starware408 c:\documents and settings\All Users\Application Data\Starware408\buttons\1223_button_1b_def.bmp c:\documents and settings\All Users\Application Data\Starware408\buttons\1223_button_1b_over.bmp c:\documents and settings\All Users\Application Data\Starware408\buttons\1229_button_1b_def.bmp c:\documents and settings\All Users\Application Data\Starware408\buttons\1229_button_1b_over.bmp c:\documents and settings\All Users\Application Data\Starware408\buttons\FindIt.bmp c:\documents and settings\All Users\Application Data\Starware408\buttons\FindItHot.bmp c:\documents and settings\All Users\Application Data\Starware408\buttons\findithotxp.png c:\documents and settings\All Users\Application Data\Starware408\buttons\finditxp.png c:\documents and settings\All Users\Application Data\Starware408\buttons\logo.bmp c:\documents and settings\All Users\Application Data\Starware408\buttons\logoxp.bmp c:\documents and settings\All Users\Application Data\Starware408\buttons\Weather.bmp c:\documents and settings\All Users\Application Data\Starware408\buttons\WeatherHot.bmp c:\documents and settings\All Users\Application Data\Starware408\buttons\weatherhotxp.png c:\documents and settings\All Users\Application Data\Starware408\buttons\weatherxp.png c:\documents and settings\All Users\Application Data\Starware408\contexts\error.xml c:\documents and settings\All Users\Application Data\Starware408\contexts\related.xml c:\documents and settings\All Users\Application Data\Starware408\contexts\travel.xml c:\documents and settings\Bob\Start Menu\Antivirus 360 c:\documents and settings\Bob\Start Menu\Antivirus 360\Help.lnk c:\program files\Starware408 c:\program files\Starware408\icons\star_16.ico c:\program files\Starware408\Starware408Config.xml c:\windows\system32\ban_list.txt c:\windows\system32\ieupdates.exe.tmp c:\windows\system32\TDSScfum.dll c:\windows\system32\TDSSosvd.dat c:\windows\system32\TDSStkdv.log . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV.SYS -------\Service_TDSSserv.sys ((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 ))))))))))))))))))))))))))))))) . 2009-01-15 11:33 . 2009-01-15 11:34 <DIR> d-------- c:\documents and settings\Bob\Application Data\GARMIN 2009-01-15 11:21 . 2009-01-15 11:28 <DIR> d-------- c:\documents and settings\Bob\Application Data\mjusbsp 2009-01-15 11:21 . 2004-08-04 00:07 59,264 --a------ c:\windows\SYSTEM32\DRIVERS\USBAUDIO.sys 2009-01-15 11:21 . 2004-08-04 00:07 59,264 --a------ c:\windows\SYSTEM32\DLLCACHE\usbaudio.sys 2009-01-14 10:36 . 2009-01-14 10:36 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-14 10:36 . 2009-01-14 10:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-14 10:36 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys 2009-01-14 10:36 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys 2009-01-14 01:22 . 2009-01-14 01:24 3,039,899 --a------ C:\ComboFix.exe 2009-01-13 12:27 . 2009-01-13 12:27 <DIR> d-------- C:\rsit 2009-01-13 12:27 . 2009-01-15 09:16 <DIR> d-------- c:\program files\trend micro 2009-01-12 11:11 . 2004-02-18 07:47 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Sonic 2009-01-12 11:11 . 2004-02-18 07:49 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Jasc Software Inc 2009-01-12 11:11 . 2009-01-12 11:11 <DIR> d-------- c:\documents and settings\Administrator 2009-01-11 23:07 . 2009-01-11 23:07 <DIR> d-------- c:\program files\IObit 2009-01-11 23:07 . 2009-01-11 23:07 <DIR> d-------- c:\documents and settings\Bob\Application Data\IObit 2008-12-19 08:18 . 2009-01-15 09:04 2,712 --a------ c:\windows\SYSTEM32\TDSSfxmp.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-15 17:31 --------- d-----w c:\documents and settings\Bob\Application Data\HPAppData 2009-01-12 15:43 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-01-12 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-12 05:08 --------- d-----w c:\program files\OpenOffice.org1.1.1 2009-01-08 20:48 --------- d-----w c:\program files\Lavasoft 2009-01-08 20:48 --------- d-----w c:\documents and settings\Peggy\Application Data\Lavasoft 2009-01-08 19:36 --------- d-----w c:\program files\DYMO Label 2009-01-08 18:44 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore 2008-12-10 14:25 --------- d-----w c:\program files\McAfee 2008-11-24 18:59 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-24 18:38 --------- d-----w c:\documents and settings\Bob\Application Data\ArcSoft 2007-09-20 13:48 171,144 ----a-w c:\documents and settings\Bob\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-07-24 243072] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-12 68856] "Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-01-07 2262352] "cdloader"="c:\documents and settings\Bob\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-02-18 77824] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Quicken Startup.lnk - c:\program files\QUICKENW\QWDLLS.EXE [2007-01-15 36864] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk backup=c:\windows\pss\Billminder.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Date Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Date Manager.lnk backup=c:\windows\pss\Date Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GStartup.lnk backup=c:\windows\pss\GStartup.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PrecisionTime.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PrecisionTime.lnk backup=c:\windows\pss\PrecisionTime.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Weatherscope.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Weatherscope.lnk backup=c:\windows\pss\Weatherscope.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Bob^Start Menu^Programs^Startup^HotSync Manager.lnk] path=c:\documents and settings\Bob\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Bob^Start Menu^Programs^Startup^OpenOffice.org 1.1.1.lnk] path=c:\documents and settings\Bob\Start Menu\Programs\Startup\OpenOffice.org 1.1.1.lnk backup=c:\windows\pss\OpenOffice.org 1.1.1.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Bob^Start Menu^Programs^Startup^Webshots.lnk] path=c:\documents and settings\Bob\Start Menu\Programs\Startup\Webshots.lnk backup=c:\windows\pss\Webshots.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] --a------ 2003-08-06 01:04 114741 c:\windows\SYSTEM32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry] --a------ 2003-08-13 10:27 28672 c:\windows\SYSTEM32\DSentry.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2005-09-20 08:32 77824 c:\windows\SYSTEM32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2005-09-20 08:35 94208 c:\windows\SYSTEM32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail] --a------ 2008-07-24 13:22 243072 c:\progra~1\INCRED~1\bin\IncMail.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe] --a------ 2008-07-11 17:48 641208 c:\progra~1\McAfee.com\Agent\mcagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe] --a------ 2008-11-04 14:01 558808 c:\progra~1\McAfee.com\Agent\mcupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 10:24 1694208 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --------- 2003-08-26 19:47 204800 c:\program files\Dell\Media Experience\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] --a------ 2008-02-25 19:23 443968 c:\program files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2004-02-18 07:43 77824 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-07-12 15:15 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] --a------ 2003-08-19 00:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "c:\\Documents and Settings\\Bob\\Application Data\\mjusbsp\\magicJack.exe"= R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-08-28 206096] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2008-12-06 c:\windows\Tasks\EasyShare Registration Task.job - c:\windows\system32\rundll32.exe [2004-08-04 01:56] 2004-07-20 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1082996482.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52] 2008-10-15 c:\windows\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10] 2008-11-01 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-mmtask - c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe MSConfigStartUp-MMTray - c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe MSConfigStartUp-MoneyAgent - c:\program files\Microsoft Money\System\mnyexpr.exe MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe MSConfigStartUp-VirusScan Online - c:\progra~1\mcafee.com\vso\mcvsshld.exe MSConfigStartUp-VSOCheckTask - c:\progra~1\mcafee.com\vso\mcmnhdlr.exe . ------- Supplementary Scan ------- . uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://www.dell4me.com/myway uInternet Settings,ProxyOverride = localhost uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: &Add animation to IncrediMail Style Box - c:\progra~1\INCRED~1\bin\resources\WebMenuImg.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-15 13:56:12 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\program files\Common Files\McAfee\MNA\McNASvc.exe c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe c:\program files\McAfee\MPF\MpfSrv.exe c:\program files\McAfee\MSK\msksrver.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\program files\IncrediMail\bin\ImApp.exe c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Completion time: 2009-01-15 13:59:56 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-15 19:59:48 Pre-Run: 100,531,748,864 bytes free Post-Run: 100,461,084,672 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 272 --- E O F --- 2008-09-09 20:06:39 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:06:55 PM, on 1/15/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\System32\svchost.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\QUICKENW\QWDLLS.EXE C:\Program Files\IncrediMail\bin\IMApp.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Bob\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- End of file - 8980 bytes
  13. I don't see a folder"ieupdates.exe.tmp Sould I do a search for it?
  14. Yes, I can use a flash drive and can run some cd's. but it seem like when I run some of my utility cd's like spybot or avg, it won't run them. I will do your suggestions above and report back....and thanks again
×
×
  • Create New...