1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Slow Program Start and IExplore pop ups. HJT log included

Discussion in 'Virus & Other Malware Removal' started by Clouded, Nov 11, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Clouded

    Clouded Thread Starter

    Joined:
    Nov 8, 2007
    Messages:
    26
    Hey there.

    I currently have a problem with my computer and I don't know if it is due to a virus, trojan, spyware, or anything else.

    Symptoms:
    Slow program start up. When I select an Icon from my desktop, no response is shown for about 20 seconds.

    Also while I have Firefox open, I occassionally get popups opened in internet explorer.

    I've run AVG Anti-spyware 7.5, Spybot search and destroy(both safemode and not), Ad-aware, Trend Micro PC-cillin, and SmitFraudFix(in safe mode), and CCleaner. Non of these has managed to catch or clean out the problem.

    Here is the HJT log. And thanks ahead for anyone who helps out.
     
  2. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Welcome to TSG :)

    Download TrendMicro Hijackthis from Here to your Desktop.
    • Double-Click on HJTInstall.exe
    • Follow the prompts and allow it to create TrendMicro folder in Program Files.
    • Check Create Desktop Icon.
    • On your Desktop, Double-Click on Hijackthis.exe.
    • Click on Do A System Scan and Save a Log File.
    • In your next reply, copy and paste the Hijackthis log.


    ======================================

    Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
    1. Close all applications and windows.
    2. Double-click on dss.exe to run it, and follow the prompts.
    3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
    4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
    5. Please attach extra.txt to your post.
    To attach a file to a new post, simply
    1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
    2. copy and paste the following into the "Upload File from your Computer" box:
      C:\Deckard\System Scanner\extra.txt
    3. Click Upload.
    What DSS will do:
    • create a new System Restore point in Windows XP and Vista.
    • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
    • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.
     
  3. Clouded

    Clouded Thread Starter

    Joined:
    Nov 8, 2007
    Messages:
    26
    Thanks for the help. Here is the HijackThis log.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:25:26 PM, on 11/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton Ghost\Agent\GhostTray.exe
    C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
    C:\WINDOWS\system32\dlcccoms.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\notepad.exe
    C:\WINDOWS\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]
    O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures06.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 10372 bytes
     
  4. Clouded

    Clouded Thread Starter

    Joined:
    Nov 8, 2007
    Messages:
    26
    Deckard's System Scanner v20071014.68
    Run by Tim Ross on 2007-11-11 20:17:56
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 4 Restore Point(s) --
    4: 2007-11-12 01:18:13 UTC - RP4 - Deckard's System Scanner Restore Point
    3: 2007-11-11 20:35:53 UTC - RP3 - Software Distribution Service 3.0
    2: 2007-11-11 19:26:39 UTC - RP2 - Removed EducateU
    1: 2007-11-11 16:16:26 UTC - RP1 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as Tim Ross.exe) --------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:19:23 PM, on 11/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton Ghost\Agent\GhostTray.exe
    C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
    C:\WINDOWS\system32\dlcccoms.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Tim Ross\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Tim Ross.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {063301C6-84E6-437B-B39D-B334EAD2799A} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1DE44C4C-9169-4B9A-BC56-CA626C94AD99} - C:\Program Files\Internet Explorer\hokevowa4444.dll
    O2 - BHO: (no name) - {29A38BD3-6787-480B-B681-629AE16F710C} - (no file)
    O2 - BHO: (no name) - {32ADAAC3-0898-4F64-8D34-BDF4718B4E53} - C:\WINDOWS\system32\geedb.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {60173057-633B-46CD-985C-061B103F1AC0} - C:\Program Files\Internet Explorer\hokevowa555077.dll
    O2 - BHO: (no name) - {634BBAB7-3F60-4426-944F-A62B9007F67F} - C:\WINDOWS\system32\iifefcd.dll
    O2 - BHO: (no name) - {63EA2879-BED3-476E-A955-6CB8753A7462} - (no file)
    O2 - BHO: (no name) - {722692E8-E99B-482C-8269-F1D513E97848} - (no file)
    O2 - BHO: (no name) - {b47e0223-4eb0-4445-8b57-52f69821d3a5} - C:\WINDOWS\system32\gjmoygmv.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: (no name) - {CF956677-EFF1-4454-98B1-059F86850DFC} - (no file)
    O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]
    O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures06.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
    O20 - Winlogon Notify: iifefcd - C:\WINDOWS\SYSTEM32\iifefcd.dll
    O20 - Winlogon Notify: zksmtmiv - zksmtmiv.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
     

    Attached Files:

  5. Clouded

    Clouded Thread Starter

    Joined:
    Nov 8, 2007
    Messages:
    26
    --
    End of file - 11855 bytes

    -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

    backup-20071107-005205-145 O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
    backup-20071107-005205-295 O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
    backup-20071107-005205-302 O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
    backup-20071107-005205-310 O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
    backup-20071107-005205-418 O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
    backup-20071107-005205-434 O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
    backup-20071107-005205-476 O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
    backup-20071107-005205-504 O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    backup-20071107-005205-516 O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
    backup-20071107-005205-569 O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
    backup-20071107-005205-593 O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
    backup-20071107-005205-596 O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
    backup-20071107-005205-633 O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
    backup-20071107-005205-643 O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
    backup-20071107-005205-647 O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
    backup-20071107-005205-654 O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
    backup-20071107-005205-721 O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
    backup-20071107-005205-740 O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
    backup-20071107-005205-781 O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
    backup-20071107-005205-787 O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    backup-20071107-005205-791 O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS\system32\aivskurq.dll
    backup-20071107-005205-840 O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
    backup-20071107-005205-875 O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
    backup-20071108-150850-586 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
    R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
    R1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Component 1.0>
    R2 tm_cfw (Common Firewall Driver) - c:\windows\system32\drivers\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0>
    R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>

    S3 catchme - c:\docume~1\timros~1\locals~1\temp\catchme.sys (file missing)
    S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
    R2 GEARSecurity - c:\windows\system32\gearsec.exe <Not Verified; GEAR Software; gearsec>
    R2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
    R2 PcCtlCom (Trend Micro Central Control Component) - c:\progra~1\trendm~1\intern~1\pcctlcom.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
    R2 Tmntsrv (Trend Micro Real-time Service) - c:\progra~1\trendm~1\intern~1\tmntsrv.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
    R2 TmPfw (Trend Micro Personal Firewall) - c:\progra~1\trendm~1\intern~1\tmpfw.exe <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0>
    R2 tmproxy (Trend Micro Proxy Service) - c:\progra~1\trendm~1\intern~1\tmproxy.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 1.0>
    R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Dell Wireless 1390 WLAN Mini-Card
    Device ID: PCI\VEN_14E4&DEV_4311&SUBSYS_00071028&REV_01\4&6C79FC5&0&00E0
    Manufacturer: Broadcom
    Name: Dell Wireless 1390 WLAN Mini-Card
    PNP Device ID: PCI\VEN_14E4&DEV_4311&SUBSYS_00071028&REV_01\4&6C79FC5&0&00E0
    Service: BCM43XX


    -- Scheduled Tasks -------------------------------------------------------------

    2007-11-11 03:00:01 514 --a------ C:\WINDOWS\Tasks\AntiSpyware Scheduled Scan.job
    2007-11-02 10:28:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


    -- Files created between 2007-10-11 and 2007-11-11 -----------------------------

    2007-11-11 20:12:39 0 dr-h----- C:\Documents and Settings\Tim Ross\Recent
    2007-11-11 19:23:26 453175 ---hs---- C:\WINDOWS\system32\bdeeg.ini2
    2007-11-11 15:58:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
    2007-11-11 15:54:01 0 d-------- C:\Program Files\MSBuild
    2007-11-11 15:47:43 0 d-------- C:\WINDOWS\system32\XPSViewer
    2007-11-11 15:44:17 0 d-------- C:\Program Files\Reference Assemblies
    2007-11-11 15:41:04 0 d-------- C:\8ef4c7571a5e634e7e98f1dd314cc4
    2007-11-11 15:40:45 0 d-------- C:\Program Files\MSXML 6.0
    2007-11-11 15:15:07 0 d-------- C:\ZonedOut
    2007-11-11 01:20:19 79936 --a------ C:\WINDOWS\system32\jyovxysp.dll
    2007-11-11 01:17:21 88128 --a------ C:\WINDOWS\system32\xowuiaju.dll
    2007-11-11 01:16:50 454895 ---hs---- C:\WINDOWS\system32\bdeeg.bak2
    2007-11-11 00:29:14 79936 --a------ C:\WINDOWS\system32\bspvamtj.dll
    2007-11-08 11:54:10 0 d-------- C:\Documents and Settings\Tim Ross\Application Data\Grisoft
    2007-11-08 11:53:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-07 16:56:20 4142 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-07 16:51:22 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-11-07 16:51:21 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
    2007-11-07 16:51:21 51200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-11-07 16:51:20 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
    2007-11-07 16:51:20 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
    2007-11-07 02:26:13 79936 --a------ C:\WINDOWS\system32\gjmoygmv.dll
    2007-11-07 02:11:46 145984 --a------ C:\WINDOWS\system32\togeljwd.dll
    2007-11-07 02:10:24 422798 ---hs---- C:\WINDOWS\system32\bdeeg.bak1
    2007-11-07 01:15:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-11-07 01:15:01 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-11-07 01:08:39 313440 --a------ C:\WINDOWS\system32\geedb.dll
    2007-11-06 23:21:17 0 d--h----- C:\WINDOWS\PIF
    2007-11-06 22:59:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
    2007-11-06 22:59:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\ATI
    2007-11-06 22:59:26 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
    2007-11-06 22:59:26 0 dr-h----- C:\Documents and Settings\Administrator\Recent
    2007-11-06 22:59:26 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
    2007-11-06 22:59:26 0 d--h----- C:\Documents and Settings\Administrator\NetHood
    2007-11-06 22:59:26 0 dr------- C:\Documents and Settings\Administrator\My Documents
    2007-11-06 22:59:26 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
    2007-11-06 22:59:26 0 dr------- C:\Documents and Settings\Administrator\Favorites
    2007-11-06 22:59:26 0 d-------- C:\Documents and Settings\Administrator\Desktop
    2007-11-06 22:59:26 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
    2007-11-06 22:59:26 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
    2007-11-06 22:59:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
    2007-11-06 22:59:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
    2007-11-06 22:59:26 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
    2007-11-06 22:59:25 0 d--h----- C:\Documents and Settings\Administrator\Templates
    2007-11-06 22:59:25 0 dr------- C:\Documents and Settings\Administrator\Start Menu
    2007-11-06 22:59:25 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
    2007-11-06 18:57:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-06 18:08:53 0 d-------- C:\Program Files\Lavasoft
    2007-11-06 18:08:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-11-06 17:54:46 0 d-------- C:\Documents and Settings\Tim Ross\Application Data\AntiSpyware
    2007-11-06 17:50:48 0 d-------- C:\Program Files\AntispyStorm
    2007-11-06 17:14:18 0 d-------- C:\Program Files\Common Files\SpyGuardPro
    2007-11-06 17:10:29 36352 --a------ C:\WINDOWS\system32\iifefcd.dll
    2007-11-06 17:10:15 0 d-------- C:\WINDOWS\system32\Mz08r
    2007-11-02 11:14:51 0 d-------- C:\Program Files\SystemRequirementsLab
    2007-11-02 11:14:46 0 d-------- C:\Documents and Settings\Tim Ross\Application Data\SystemRequirementsLab
    2007-11-01 12:26:10 0 d-------- C:\WINDOWS\system32\E177E04D548C4006A465EEB92D3DE021
    2007-10-22 09:08:04 0 d-------- C:\Documents and Settings\Tim Ross\Application Data\Turbine
    2007-10-22 00:03:48 0 d-------- C:\Program Files\Turbine
    2007-10-21 21:14:55 0 d-------- C:\Documents and Settings\Tim Ross\Application Data\GetRightToGo
    2007-10-14 16:21:43 4608 --a------ C:\WINDOWS\system32\W95INF32.DLL <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
    2007-10-14 16:21:43 2272 --a------ C:\WINDOWS\system32\W95INF16.DLL <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
    2007-10-13 16:31:36 0 d-------- C:\Documents and Settings\Tim Ross\Application Data\DivX
    2007-10-13 16:31:19 0 d-------- C:\Program Files\Easy Audio Editor


    -- Find3M Report ---------------------------------------------------------------

    2007-11-11 20:11:27 0 d-------- C:\Program Files\Yahoo!
    2007-11-07 00:04:44 0 d-------- C:\Program Files\Common Files
    2007-11-07 00:04:19 0 d-------- C:\Program Files\Trend Micro
    2007-11-06 18:07:26 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-04 15:18:45 0 d-------- C:\Program Files\Dl_cats
    2007-11-03 23:32:25 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-11-02 15:30:01 0 d-------- C:\Program Files\World of Warcraft
    2007-10-21 13:55:10 0 d-------- C:\Program Files\Warcraft III
    2007-10-13 16:38:29 0 d-------- C:\Documents and Settings\Tim Ross\Application Data\Ruckus Network
    2007-09-28 13:57:23 0 d-------- C:\Program Files\iTunes
    2007-09-28 13:57:08 0 d-------- C:\Program Files\iPod
    2007-09-12 15:56:00 0 d-------- C:\Program Files\Apple Software Update
    2007-08-22 23:26:21 3506 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
    2007-08-22 23:26:02 88 -r-hs---- C:\WINDOWS\system32\E92C38D6BE.sys


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{063301C6-84E6-437B-B39D-B334EAD2799A}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1DE44C4C-9169-4B9A-BC56-CA626C94AD99}]
    08/02/2007 08:43 AM 282624 --a------ C:\Program Files\Internet Explorer\hokevowa4444.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29A38BD3-6787-480B-B681-629AE16F710C}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32ADAAC3-0898-4F64-8D34-BDF4718B4E53}]
    11/07/2007 01:08 AM 313440 --a------ C:\WINDOWS\system32\geedb.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60173057-633B-46CD-985C-061B103F1AC0}]
    08/02/2007 08:43 AM 282624 --a------ C:\Program Files\Internet Explorer\hokevowa555077.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{634BBAB7-3F60-4426-944F-A62B9007F67F}]
    11/06/2007 05:10 PM 36352 --a------ C:\WINDOWS\system32\iifefcd.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63EA2879-BED3-476E-A955-6CB8753A7462}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{722692E8-E99B-482C-8269-F1D513E97848}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b47e0223-4eb0-4445-8b57-52f69821d3a5}]
    11/07/2007 02:26 AM 79936 --a------ C:\WINDOWS\system32\gjmoygmv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF956677-EFF1-4454-98B1-059F86850DFC}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [12/19/2005 08:08 AM]
    "SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 04:30 PM C:\WINDOWS\stsystra.exe]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [04/06/2006 02:58 PM]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/08/2006 11:48 AM]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [08/12/2005 02:43 PM]
    "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [04/11/2004 08:15 PM]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 08:29 PM]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 10:44 AM]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 10:44 AM]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [12/13/2004 03:30 PM]
    "Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [12/07/2005 04:05 PM]
    "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [08/30/2005 09:47 AM]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [05/31/2005 04:33 AM]
    "DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [09/13/2005 05:50 PM]
    "dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [10/20/2005 07:40 PM]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 05:24 AM]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/23/2006 12:48 AM]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 01:42 PM]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [04/11/2006 06:39 PM]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
    "Aim6"="" []
    "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
    "Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/30/2007 2:09:51 PM]
    Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [5/10/2007 11:29:22 PM]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/11/2006 11:03:12 AM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "AllowLegacyWebView"=1 (0x1)
    "AllowUnhashedWebView"=1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{634BBAB7-3F60-4426-944F-A62B9007F67F}"= C:\WINDOWS\system32\iifefcd.dll [11/06/2007 05:10 PM 36352]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifefcd]
    iifefcd.dll 11/06/2007 05:10 PM 36352 C:\WINDOWS\system32\iifefcd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zksmtmiv]
    zksmtmiv.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\geedb.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"




    -- Hosts -----------------------------------------------------------------------

    127.0.0.1 007guard.com
    127.0.0.1 www.007guard.com
    127.0.0.1 008i.com
    127.0.0.1 008k.com
    127.0.0.1 www.008k.com
    127.0.0.1 00hq.com
    127.0.0.1 www.00hq.com
    127.0.0.1 010402.com
    127.0.0.1 032439.com
    127.0.0.1 www.032439.com

    7427 more entries in hosts file.


    -- End of Deckard's System Scanner: finished at 2007-11-11 20:21:28 ------------
     
  6. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Good job!!! The infection was hidden.


    Download Combofix and save it to your desktop.

    **Note: It is important that it is saved directly to your desktop**

    --------------------------------------------------------------------

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    --------------------------------------------------------------------
    Please go to Start---> Run---> In the space provided, type "%userprofile%\Desktop\ComboFix.exe"/killall
    & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall
     
  7. Clouded

    Clouded Thread Starter

    Joined:
    Nov 8, 2007
    Messages:
    26
    Okay I did mostly as you said, hehe. Here's a recap.

    I downloaded Combofix to the desktop. I closed firefox, and exited all the antispyware software i have. As soon as it was all exited, I received a Warning about Spyware.cyberlog-x in my computer. I also received a little warning triangle in the bottom corner which warned me about [email protected] . Then I tried to run "%userprofile%\Desktop\ComboFix.exe"/killall
    like you said, but it would not go, so instead I just double clicked on Combofix on my desktop. I hope this works just as well.

    Here are the logs.

    Combofix

    ComboFix 07-11-08.3 - Tim Ross 2007-11-11 22:30:26.4 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.636 [GMT -5:00]
    Running from: C:\Documents and Settings\Tim Ross\Desktop\ComboFix.exe
    * Created a new restore point
    .

    Unable to gain System Privileges

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
    C:\Documents and Settings\Tim Ross\Desktop\Live Safety Center.lnk
    C:\Documents and Settings\Tim Ross\Desktop\Online Security Guide.lnk
    C:\Documents and Settings\Tim Ross\Favorites\Online Security Guide.lnk
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\bdeeg.bak1
    C:\WINDOWS\system32\bdeeg.bak2
    C:\WINDOWS\system32\bdeeg.ini
    C:\WINDOWS\system32\bdeeg.ini2
    C:\WINDOWS\system32\bdeeg.tmp
    C:\WINDOWS\system32\geedb.dll
    C:\WINDOWS\system32\glddjhry.dllbox

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE


    ((((((((((((((((((((((((( Files Created from 2007-10-12 to 2007-11-12 )))))))))))))))))))))))))))))))
    .

    2007-11-11 22:24 145,984 --a------ C:\WINDOWS\system32\rljyinlq.dll
    2007-11-11 22:24 145,984 --a------ C:\WINDOWS\system32\glddjhry.dll
    2007-11-11 20:17 <DIR> d-------- C:\Deckard
    2007-11-11 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
    2007-11-11 15:54 <DIR> d-------- C:\Program Files\MSBuild
    2007-11-11 15:47 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
    2007-11-11 15:44 <DIR> d-------- C:\Program Files\Reference Assemblies
    2007-11-11 15:42 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
    2007-11-11 15:40 <DIR> d-------- C:\Program Files\MSXML 6.0
    2007-11-11 15:34 288,768 --a------ C:\WINDOWS\system32\rhttpaa.dll
    2007-11-11 15:34 116,736 --a------ C:\WINDOWS\system32\aaclient.dll
    2007-11-11 15:34 36,352 --a------ C:\WINDOWS\system32\tsgqec.dll
    2007-11-11 15:15 <DIR> d-------- C:\ZonedOut
    2007-11-11 01:20 79,936 --a------ C:\WINDOWS\system32\jyovxysp.dll
    2007-11-11 01:17 88,128 --a------ C:\WINDOWS\system32\xowuiaju.dll
    2007-11-11 00:29 79,936 --a------ C:\WINDOWS\system32\bspvamtj.dll
    2007-11-08 11:54 <DIR> d-------- C:\Documents and Settings\Tim Ross\Application Data\Grisoft
    2007-11-08 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-08 11:53 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-11-07 16:56 4,142 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-07 16:51 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-11-07 16:51 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-11-07 16:51 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-11-07 16:51 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-11-07 16:51 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-11-07 02:26 79,936 --a------ C:\WINDOWS\system32\gjmoygmv.dll
    2007-11-07 02:11 145,984 --a------ C:\WINDOWS\system32\togeljwd.dll
    2007-11-07 01:15 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-11-07 01:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-11-06 23:52 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-06 23:21 <DIR> d--h----- C:\WINDOWS\PIF
    2007-11-06 22:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
    2007-11-06 22:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ATI
    2007-11-06 18:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-06 18:08 <DIR> d-------- C:\Program Files\Lavasoft
    2007-11-06 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-11-06 17:54 <DIR> d-------- C:\Documents and Settings\Tim Ross\Application Data\AntiSpyware
    2007-11-06 17:50 <DIR> d-------- C:\Program Files\AntispyStorm
    2007-11-06 17:14 <DIR> d-------- C:\Program Files\Common Files\SpyGuardPro
    2007-11-06 17:14 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
    2007-11-06 17:10 <DIR> d-------- C:\WINDOWS\system32\Mz08r
    2007-11-06 17:10 36,352 --a------ C:\WINDOWS\system32\iifefcd.dll
    2007-11-02 11:14 <DIR> d-------- C:\Program Files\SystemRequirementsLab
    2007-11-02 11:14 <DIR> d-------- C:\Documents and Settings\Tim Ross\Application Data\SystemRequirementsLab
    2007-11-01 12:26 <DIR> d-------- C:\WINDOWS\system32\E177E04D548C4006A465EEB92D3DE021
    2007-10-22 09:08 <DIR> d-------- C:\Documents and Settings\Tim Ross\Application Data\Turbine
    2007-10-22 00:03 <DIR> d-------- C:\Program Files\Turbine
    2007-10-21 21:14 <DIR> d-------- C:\Documents and Settings\Tim Ross\Application Data\GetRightToGo
    2007-10-14 16:21 4,608 --a------ C:\WINDOWS\system32\W95INF32.DLL
    2007-10-14 16:21 2,272 --a------ C:\WINDOWS\system32\W95INF16.DLL
    2007-10-13 16:31 <DIR> d-------- C:\Program Files\Easy Audio Editor
    2007-10-13 16:31 <DIR> d-------- C:\Documents and Settings\Tim Ross\Application Data\DivX

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-12 01:11 --------- d-----w C:\Program Files\Yahoo!
    2007-11-07 05:04 --------- d-----w C:\Program Files\Trend Micro
    2007-11-06 23:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-04 20:18 --------- d-----w C:\Program Files\Dl_cats
    2007-11-04 04:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-02 20:30 --------- d-----w C:\Program Files\World of Warcraft
    2007-10-21 18:55 --------- d-----w C:\Program Files\Warcraft III
    2007-10-13 21:38 --------- d-----w C:\Documents and Settings\Tim Ross\Application Data\Ruckus Network
    2007-09-28 18:57 --------- d-----w C:\Program Files\iTunes
    2007-09-28 18:57 --------- d-----w C:\Program Files\iPod
    2007-09-17 18:40 35,856 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
    2007-09-17 18:40 202,768 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
    2007-09-17 18:31 1,126,072 ----a-w C:\WINDOWS\system32\drivers\VsapiNT.sys
    2007-09-12 20:56 --------- d-----w C:\Program Files\Apple Software Update
    2007-08-23 04:26 3,506 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
    2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
    2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
    2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
    2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{063301C6-84E6-437B-B39D-B334EAD2799A}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1DE44C4C-9169-4B9A-BC56-CA626C94AD99}]
    2007-08-02 08:43 282624 --a------ C:\Program Files\Internet Explorer\hokevowa4444.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29A38BD3-6787-480B-B681-629AE16F710C}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60173057-633B-46CD-985C-061B103F1AC0}]
    2007-08-02 08:43 282624 --a------ C:\Program Files\Internet Explorer\hokevowa555077.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{634BBAB7-3F60-4426-944F-A62B9007F67F}]
    2007-11-06 17:10 36352 --a------ C:\WINDOWS\system32\iifefcd.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63EA2879-BED3-476E-A955-6CB8753A7462}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{722692E8-E99B-482C-8269-F1D513E97848}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    2007-11-11 22:24 145984 --a------ C:\WINDOWS\system32\glddjhry.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b47e0223-4eb0-4445-8b57-52f69821d3a5}]
    2007-11-07 02:26 79936 --a------ C:\WINDOWS\system32\gjmoygmv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF956677-EFF1-4454-98B1-059F86850DFC}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\glddjhry.dll [2007-11-11 22:24 145984]

    [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 08:08]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 C:\WINDOWS\stsystra.exe]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 14:58]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43]
    "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 15:30]
    "Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [2005-12-07 16:05]
    "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 09:47]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33]
    "DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-13 17:50]
    "dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-20 19:40]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2006-10-23 00:48]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 18:39]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
    "Aim6"="" []
    "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2007-10-30 14:09:51]
    Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-05-10 23:29:22]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-11 11:03:12]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "AllowLegacyWebView"=1 (0x1)
    "AllowUnhashedWebView"=1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{634BBAB7-3F60-4426-944F-A62B9007F67F}"= C:\WINDOWS\system32\iifefcd.dll [2007-11-06 17:10 36352]

    [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\glddjhry]
    glddjhry.dll 2007-11-11 22:24 145984 C:\WINDOWS\system32\glddjhry.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifefcd]
    iifefcd.dll 2007-11-06 17:10 36352 C:\WINDOWS\system32\iifefcd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zksmtmiv]
    zksmtmiv.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\geedb.dll

    R1 V2IMount;V2IMount;C:\WINDOWS\system32\drivers\V2IMount.sys
    S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable;C:\WINDOWS\system32\Drivers\SilvrLnk.sys

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-11 08:00:01 C:\WINDOWS\Tasks\AntiSpyware Scheduled Scan.job"
    - C:\Program Files\AntiSpywareApp\AntiSpyware.exe
    "2007-11-02 15:28:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-11 22:43:59
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-11 22:53:00 - machine was rebooted
    C:\ComboFix2.txt ... 2007-11-07 01:08
    C:\ComboFix3.txt ... 2007-11-07 00:40
    .
    --- E O F ---
     
  8. Clouded

    Clouded Thread Starter

    Joined:
    Nov 8, 2007
    Messages:
    26
    Hijack This

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:57:32 PM, on 11/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton Ghost\Agent\GhostTray.exe
    C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
    C:\WINDOWS\system32\dlcccoms.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\pcclient.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {063301C6-84E6-437B-B39D-B334EAD2799A} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1DE44C4C-9169-4B9A-BC56-CA626C94AD99} - C:\Program Files\Internet Explorer\hokevowa4444.dll
    O2 - BHO: (no name) - {29A38BD3-6787-480B-B681-629AE16F710C} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {60173057-633B-46CD-985C-061B103F1AC0} - C:\Program Files\Internet Explorer\hokevowa555077.dll
    O2 - BHO: (no name) - {634BBAB7-3F60-4426-944F-A62B9007F67F} - C:\WINDOWS\system32\iifefcd.dll
    O2 - BHO: (no name) - {63EA2879-BED3-476E-A955-6CB8753A7462} - (no file)
    O2 - BHO: (no name) - {722692E8-E99B-482C-8269-F1D513E97848} - (no file)
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\glddjhry.dll
    O2 - BHO: (no name) - {b47e0223-4eb0-4445-8b57-52f69821d3a5} - C:\WINDOWS\system32\gjmoygmv.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: (no name) - {CF956677-EFF1-4454-98B1-059F86850DFC} - (no file)
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\glddjhry.dll
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]
    O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures06.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
    O20 - Winlogon Notify: glddjhry - C:\WINDOWS\SYSTEM32\glddjhry.dll
    O20 - Winlogon Notify: iifefcd - C:\WINDOWS\SYSTEM32\iifefcd.dll
    O20 - Winlogon Notify: zksmtmiv - zksmtmiv.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 12046 bytes
     
  9. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Good Job, i forgot to place a space in front of /killall. Anyways, you still have some leftover infections.


    Download the attached file CFScript.txt to your Desktop


    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at "C:\ComboFix.txt"

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall



    Note:Please do not use this script on another computer, you may damage the system. The script is made especially for this computer only!!!!


    ==================================

    Please download and install SUPERAntiSpyware
    • Load SUPERAntiSpyware and click the Check for Updates button.
    • Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!

    IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.
    • Open SUPERAntiSpyware and click the Scan your Computer button.
    • Check Perform Complete Scan and then click Next.
    • SUPERAntiSpyware will now scan your computer and when it’s finished it will list all the infections it has found.
    • Make sure that they all have a check next to them, and then click Next.
    • Click Finish and you will be taken back to the main interface.
    • It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
    • I'll need a log afterwards of what has been found.
    • To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
    • Please post the results of the SUPERAntiSpyware login your next reply.


    In your next reply, please include a fresh Hijackthis log, ComboFix log and SuperAnti-Spyware log. Thanks
     

    Attached Files:

  10. Clouded

    Clouded Thread Starter

    Joined:
    Nov 8, 2007
    Messages:
    26
    Okay, here is the stuff you asked for.

    HijackThis


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:09:50 PM, on 11/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton Ghost\Agent\GhostTray.exe
    C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\dlcccoms.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {063301C6-84E6-437B-B39D-B334EAD2799A} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {13391BC9-FBF7-4D93-99DA-F72B1CCB4655} - (no file)
    O2 - BHO: (no name) - {1DE44C4C-9169-4B9A-BC56-CA626C94AD99} - (no file)
    O2 - BHO: (no name) - {29A38BD3-6787-480B-B681-629AE16F710C} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {60173057-633B-46CD-985C-061B103F1AC0} - (no file)
    O2 - BHO: (no name) - {634BBAB7-3F60-4426-944F-A62B9007F67F} - (no file)
    O2 - BHO: (no name) - {63EA2879-BED3-476E-A955-6CB8753A7462} - (no file)
    O2 - BHO: (no name) - {722692E8-E99B-482C-8269-F1D513E97848} - (no file)
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\glddjhry.dll
    O2 - BHO: (no name) - {b47e0223-4eb0-4445-8b57-52f69821d3a5} - (no file)
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: (no name) - {CF956677-EFF1-4454-98B1-059F86850DFC} - (no file)
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\glddjhry.dll
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]
    O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures06.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: glddjhry - C:\WINDOWS\SYSTEM32\glddjhry.dll
    O20 - Winlogon Notify: iifefcd - C:\WINDOWS\
    O20 - Winlogon Notify: zksmtmiv - C:\WINDOWS\
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 12170 bytes
     
  11. Clouded

    Clouded Thread Starter

    Joined:
    Nov 8, 2007
    Messages:
    26
    ComboFix

    ComboFix 07-11-08.3 - Tim Ross 2007-11-12 11:22:20.5 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.494 [GMT -5:00]
    Running from: C:\Documents and Settings\Tim Ross\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Tim Ross\Desktop\CFScript-1.txt
    * Created a new restore point

    FILE
    C:\Program Files\Internet Explorer\hokevowa555077.dll
    C:\WINDOWS\system32\aaclient.dll
    C:\WINDOWS\system32\bspvamtj.dll
    C:\WINDOWS\system32\gjmoygmv.dll
    C:\WINDOWS\system32\glddjhry.dll
    C:\WINDOWS\system32\iifefcd.dll
    C:\WINDOWS\system32\jyovxysp.dll
    C:\WINDOWS\system32\rhttpaa.dll
    C:\WINDOWS\system32\rljyinlq.dll
    C:\WINDOWS\system32\togeljwd.dll
    C:\WINDOWS\system32\tsgqec.dll
    C:\WINDOWS\system32\xowuiaju.dll
    .

    Unable to gain System Privileges

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Tim Ross\Application Data\AntiSpyware
    C:\Documents and Settings\Tim Ross\Application Data\AntiSpyware\DataBase.ref
    C:\Documents and Settings\Tim Ross\Application Data\AntiSpyware\rs.dat
    C:\Program Files\AntispyStorm
    C:\Program Files\AntispyStorm\stat.bin
    C:\Program Files\AntispyStorm\uninstall.exe
    C:\Program Files\AntispyStorm\uninstall.log
    C:\Program Files\Common Files\SpyGuardPro
    C:\Program Files\Internet Explorer\hokevowa555077.dll
    C:\WINDOWS\system32\aaclient.dll
    C:\WINDOWS\system32\bspvamtj.dll
    C:\WINDOWS\system32\gjmoygmv.dll
    C:\WINDOWS\system32\glddjhry.dll
    C:\WINDOWS\system32\glddjhry.dllbox
    C:\WINDOWS\system32\iifefcd.dll
    C:\WINDOWS\system32\jyovxysp.dll
    C:\WINDOWS\system32\mpqss.ini
    C:\WINDOWS\system32\Mz08r
    C:\WINDOWS\system32\rhttpaa.dll
    C:\WINDOWS\system32\rljyinlq.dll
    C:\WINDOWS\system32\ssqpm.dll
    C:\WINDOWS\system32\togeljwd.dll
    C:\WINDOWS\system32\tsgqec.dll
    C:\WINDOWS\system32\xowuiaju.dll

    .
    ((((((((((((((((((((((((( Files Created from 2007-10-12 to 2007-11-12 )))))))))))))))))))))))))))))))
    .

    2007-11-11 22:24 145,984 --------- C:\WINDOWS\system32\glddjhry.dll
    2007-11-11 20:17 <DIR> d-------- C:\Deckard
    2007-11-11 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
    2007-11-11 15:54 <DIR> d-------- C:\Program Files\MSBuild
    2007-11-11 15:47 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
    2007-11-11 15:44 <DIR> d-------- C:\Program Files\Reference Assemblies
    2007-11-11 15:42 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
    2007-11-11 15:40 <DIR> d-------- C:\Program Files\MSXML 6.0
    2007-11-11 15:15 <DIR> d-------- C:\ZonedOut
    2007-11-08 11:54 <DIR> d-------- C:\Documents and Settings\Tim Ross\Application Data\Grisoft
    2007-11-08 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-08 11:53 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-11-07 16:56 4,142 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-07 16:51 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-11-07 16:51 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-11-07 16:51 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-11-07 16:51 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-11-07 16:51 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-11-07 01:15 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-11-07 01:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-11-06 23:52 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-06 23:21 <DIR> d--h----- C:\WINDOWS\PIF
    2007-11-06 22:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
    2007-11-06 22:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ATI
    2007-11-06 18:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-06 18:08 <DIR> d-------- C:\Program Files\Lavasoft
    2007-11-06 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-11-06 17:14 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
    2007-11-02 11:14 <DIR> d-------- C:\Program Files\SystemRequirementsLab
    2007-11-02 11:14 <DIR> d-------- C:\Documents and Settings\Tim Ross\Application Data\SystemRequirementsLab
    2007-11-01 12:26 <DIR> d-------- C:\WINDOWS\system32\E177E04D548C4006A465EEB92D3DE021
    2007-10-22 09:08 <DIR> d-------- C:\Documents and Settings\Tim Ross\Application Data\Turbine
    2007-10-22 00:03 <DIR> d-------- C:\Program Files\Turbine
    2007-10-21 21:14 <DIR> d-------- C:\Documents and Settings\Tim Ross\Application Data\GetRightToGo
    2007-10-14 16:21 4,608 --a------ C:\WINDOWS\system32\W95INF32.DLL
    2007-10-14 16:21 2,272 --a------ C:\WINDOWS\system32\W95INF16.DLL
    2007-10-13 16:31 <DIR> d-------- C:\Program Files\Easy Audio Editor
    2007-10-13 16:31 <DIR> d-------- C:\Documents and Settings\Tim Ross\Application Data\DivX

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-12 01:11 --------- d-----w C:\Program Files\Yahoo!
    2007-11-07 05:04 --------- d-----w C:\Program Files\Trend Micro
    2007-11-06 23:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-04 20:18 --------- d-----w C:\Program Files\Dl_cats
    2007-11-04 04:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-02 20:30 --------- d-----w C:\Program Files\World of Warcraft
    2007-10-21 18:55 --------- d-----w C:\Program Files\Warcraft III
    2007-10-13 21:38 --------- d-----w C:\Documents and Settings\Tim Ross\Application Data\Ruckus Network
    2007-09-28 18:57 --------- d-----w C:\Program Files\iTunes
    2007-09-28 18:57 --------- d-----w C:\Program Files\iPod
    2007-09-17 18:40 35,856 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
    2007-09-17 18:40 202,768 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
    2007-09-17 18:31 1,126,072 ----a-w C:\WINDOWS\system32\drivers\VsapiNT.sys
    2007-09-12 20:56 --------- d-----w C:\Program Files\Apple Software Update
    2007-08-23 04:26 3,506 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
    2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
    2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
    2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
    2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    .

    ((((((((((((((((((((((((((((( [email protected]_22.46.08.15 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-11-12 00:37:19 72,042 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2007-11-12 03:51:18 72,042 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2007-11-12 00:37:19 441,174 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2007-11-12 03:51:19 441,174 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2007-11-12 16:35:27 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_1d4.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    2007-11-12 11:32 145984 --------- C:\WINDOWS\system32\glddjhry.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\glddjhry.dll [2007-11-12 11:32 145984]

    [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 08:08]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 C:\WINDOWS\stsystra.exe]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 14:58]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43]
    "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29]
    "ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 15:30]
    "Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [2005-12-07 16:05]
    "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 09:47]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33]
    "DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-13 17:50]
    "dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-20 19:40]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2006-10-23 00:48]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 18:39]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
    "Aim6"="" []
    "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2007-10-30 14:09:51]
    Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-05-10 23:29:22]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-11 11:03:12]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "AllowLegacyWebView"=1 (0x1)
    "AllowUnhashedWebView"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\glddjhry]
    glddjhry.dll 2007-11-12 11:32 145984 C:\WINDOWS\system32\glddjhry.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqpm.dll

    R1 V2IMount;V2IMount;C:\WINDOWS\system32\drivers\V2IMount.sys
    S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable;C:\WINDOWS\system32\Drivers\SilvrLnk.sys

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-12 08:00:00 C:\WINDOWS\Tasks\AntiSpyware Scheduled Scan.job"
    - C:\Program Files\AntiSpywareApp\AntiSpyware.exe
    "2007-11-02 15:28:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-12 11:37:55
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-12 11:40:15 - machine was rebooted
    C:\ComboFix2.txt ... 2007-11-11 22:53
    C:\ComboFix3.txt ... 2007-11-07 01:08
    .
    --- E O F ---
     
  12. Clouded

    Clouded Thread Starter

    Joined:
    Nov 8, 2007
    Messages:
    26
    SuperAntiSpyware

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/12/2007 at 12:28 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3259
    Trace Rules Database Version: 1270

    Scan type : Complete Scan
    Total Scan Time : 00:33:15

    Memory items scanned : 617
    Memory threats detected : 0
    Registry items scanned : 5515
    Registry threats detected : 0
    File items scanned : 35588
    File threats detected : 0
     
  13. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    The Super Anti-Spyware log is cut off, please post again along with a fresh Hijackthis log. Thanks
     
  14. Clouded

    Clouded Thread Starter

    Joined:
    Nov 8, 2007
    Messages:
    26
    I ran Superspyware and Hijackthis again, but it seems the log is the same size. I dont know what is wrong.



    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/12/2007 at 08:02 PM


    Application Version : 3.9.1008

    Core Rules Database Version : 3259
    Trace Rules Database Version: 1270

    Scan type : Complete Scan
    Total Scan Time : 00:31:29

    Memory items scanned : 626
    Memory threats detected : 0
    Registry items scanned : 5516
    Registry threats detected : 0
    File items scanned : 35658
    File threats detected : 0
     
  15. Clouded

    Clouded Thread Starter

    Joined:
    Nov 8, 2007
    Messages:
    26
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:07:13 PM, on 11/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton Ghost\Agent\GhostTray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\dlcccoms.exe
    C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\notepad.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {063301C6-84E6-437B-B39D-B334EAD2799A} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {13391BC9-FBF7-4D93-99DA-F72B1CCB4655} - (no file)
    O2 - BHO: (no name) - {1DE44C4C-9169-4B9A-BC56-CA626C94AD99} - (no file)
    O2 - BHO: (no name) - {29A38BD3-6787-480B-B681-629AE16F710C} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {60173057-633B-46CD-985C-061B103F1AC0} - (no file)
    O2 - BHO: (no name) - {634BBAB7-3F60-4426-944F-A62B9007F67F} - (no file)
    O2 - BHO: (no name) - {63EA2879-BED3-476E-A955-6CB8753A7462} - (no file)
    O2 - BHO: (no name) - {722692E8-E99B-482C-8269-F1D513E97848} - (no file)
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\glddjhry.dll
    O2 - BHO: (no name) - {b47e0223-4eb0-4445-8b57-52f69821d3a5} - (no file)
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: (no name) - {CF956677-EFF1-4454-98B1-059F86850DFC} - (no file)
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\glddjhry.dll
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]
    O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures06.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: glddjhry - C:\WINDOWS\SYSTEM32\glddjhry.dll
    O20 - Winlogon Notify: iifefcd - C:\WINDOWS\
    O20 - Winlogon Notify: zksmtmiv - C:\WINDOWS\
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 11992 bytes
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/650663

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice