Solved Applications wont open, possible malware/virus present

[Resolved] Applications wont open, possible malware/virus present

Some of my Windows applications wont open such as System Restore (both from Accessories and Safe Mode), Search (from the Start button), to include the Dell Support Center installed in my laptop. I have Avira anti-virus and it hasnt detected any viruses during the scan. I also have spyware Terminator and Windows Defender which also cleared my laptop from any viruses. Another problem is some Internet sites, webpages wont load successfully. It would say 'Done' at the bottom left of the screen but the page is blank. When I click also some buttons or links, nothing happens - though for this one, I am not sure if it is virus-related or something like a problem with the script. I am not really that adept when it comes to computers. I would appreciate any advice. The following is the log from the TrendMicro scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:17 PM, on 9/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell\PC TuneUp\SMSystemAnalyzer.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Dell\PC TuneUp\SMTrayNotify.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 196.168.1.254:1234
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\Dell\PC TuneUp\SMSystemAnalyzer.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe "
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://safeway.lifepics.com/net/Uploader/LPUploader45.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/hangman/hangman.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5109/mcfscan.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: fdlowlec - fdlowlec.dll (file missing)
O20 - Winlogon Notify: orggabvf - orggabvf.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 14415 bytes

Thanks!!!

 

Hi tinapie

Please do this.

Download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Double click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select 'Perform Quick Scan', then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Post the entire report in your next reply along with a fresh HijackThis log.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Thanks
Geri

 

re: [Resolved] Applications wont open, possible malware/virus present

Hi Geri!

Here is the Mbam log:

Malwarebytes' Anti-Malware 1.28
Database version: 1201
Windows 5.1.2600 Service Pack 2

9/24/2008 9:57:21 AM
mbam-log-2008-09-24 (09-57-21).txt

Scan type: Quick Scan
Objects scanned: 63776
Time elapsed: 8 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ShipTr (Trojan.ShipUp) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ( "%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1 ") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\fdlowlec.dllbox (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\orggabvf.dllbox (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pdirqaab.dllbox (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristina Formanes\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk (Rogue.Link) -> Quarantined and deleted successfully.

Here is the new Hijackthis log 24 Sept 08:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:43 AM, on 9/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common

files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition

Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition

Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs

Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell\PC TuneUp\SMSystemAnalyzer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition

Classic\avgnt.exe
C:\Program Files\Spyware

Terminator\SpywareTerminatorShield.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program

Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\DellSupport\DSAgnt.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.

exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft

Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Common

Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital

Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital

Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common

Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*ht

tp://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start

Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local

Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local

Page =
R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyServer = 196.168.1.254:1234
R3 - URLSearchHook: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper -

{02478D38-C3F9-4efb-9B51-7695ECA05670} -

C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -

{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} -

C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) -

{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)
O2 - BHO: Yahoo! IE Services Button -

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO -

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google -

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar2.dll
O3 - Toolbar: (no name) -

{0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) -

{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)
O3 - Toolbar: &Crawler Toolbar -

{4B3803EA-5230-4DC3-A7FC-33638F3D3542} -

C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program

Files\Dell Support Center\bin\sprtcmd.exe" /P

DellSupportCenter
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program

Files\Dell\PC TuneUp\SMSystemAnalyzer.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program

Files\Common Files\Apple\Mobile Device

Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir

PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program

Files\Spyware Terminator\SpywareTerminatorShield.exe "
O4 - HKLM\..\Run: [Windows Defender] "C:\Program

Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKCU\..\Run: [ModemOnHold] C:\Program

Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program

Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [DellSupport] "C:\Program

Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.

exe
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program

Files\Dell Support Center\bin\sprtcmd.exe" /P

DellSupportCenter
O4 - HKCU\..\Run:

[BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program

Files\Common Files\Adobe\Calibration\Adobe Gamma

Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk =

C:\Program Files\Common Files\Autodesk

Shared\acstart16.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk =

C:\Program Files\Hewlett-Packard\Digital

Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel

- res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) -

{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} -

C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter

- {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} -

C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services -

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) -

{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger -

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image

Uploader Control) -

http://safeway.lifepics.com/net/Uploader/LPUploader45.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E}

(Musicnotes Viewer) -

http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821}

(FunGamesLoader Object) -

http://gsn.worldwinner.com/games/v47/shared/FunGamesLoade

r.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}

(YInstStarter Class) - C:\Program

Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0}

(Snapfish Activia) -

http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB}

(Wwlaunch Control) -

http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} -

http://www.sibelius.com/download/software/win/ActiveXPlug

in.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0}

(Hangman Control) -

http://www.worldwinner.com/games/v41/hangman/hangman.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A}

(FamilyFeud Control) -

http://www.worldwinner.com/games/v47/familyfeud/familyfeu

d.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell

PC Checkup Installer Control) -

http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6}

(McFreeScan Class) -

http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5

109/mcfscan.cab
O18 - Protocol: tbr -

{4D25FB7A-8902-4291-960E-9ADA051CFBBF} -

C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: fdlowlec - fdlowlec.dll (file

missing)
O20 - Winlogon Notify: orggabvf - orggabvf.dll (file

missing)
O23 - Service: Adobe LM Service - Unknown owner -

C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus

Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program

Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus

Guard (AntiVirService) - Avira GmbH - C:\Program

Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) -

America Online, Inc. -

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. -

C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk,

Inc. - C:\Program Files\Common Files\Autodesk

Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative

Labs - C:\Program Files\Common Files\Creative Labs

Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access -

Creative Technology Ltd -

C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner -

C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log

(EvtEng) - Intel Corporation - C:\Program

Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google -

C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service

(ioloFileInfoList) - Unknown owner - C:\Program

Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) -

Unknown owner - C:\Program

Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) -

Logitech Inc. - c:\program files\common

files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Macromedia Licensing Service - Unknown

owner - C:\Program Files\Common Files\Macromedia

Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee,

Inc. - c:\program files\common

files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee,

Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: NBService - Nero AG - C:\Program

Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program

Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program

Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP -

C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service

(RegSrvc) - Intel Corporation - C:\Program

Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service

(S24EventMonitor) - Intel Corporation - C:\Program

Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service

(dellsupportcenter) (sprtsvc_dellsupportcenter) -

SupportSoft, Inc. - C:\Program Files\Dell Support

Center\bin\sprtsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service

(sp_rssrv) - Crawler.com - C:\Program Files\Spyware

Terminator\sp_rsser.exe
O23 - Service: SigmaTel Audio Service (STacSV) -

SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service

(WLANKEEPER) - Intel(R) Corporation - C:\Program

Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 14551 bytes

Thanks

 

Hi
How are things running?

Please post a new HJT log, but first open Notepad click on "Format" and uncheck WordWrap.

Thanks
Geri

 

re: [Resolved] Applications wont open, possible malware/virus present

Geri,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:27 AM, on 9/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Dell\PC TuneUp\SMSystemAnalyzer.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 196.168.1.254:1234
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\Dell\PC TuneUp\SMSystemAnalyzer.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe "
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://safeway.lifepics.com/net/Uploader/LPUploader45.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/hangman/hangman.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5109/mcfscan.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: fdlowlec - fdlowlec.dll (file missing)
O20 - Winlogon Notify: orggabvf - orggabvf.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 14620 bytes






I couldnt still open applications. I could already use the internet explorer but some websites, webpages wont load successfully. Yahoomail for instance opens in basic HTML. Sign in/Log in buttons in some websites wont show. however, if they do and I click the button, nothing happens.

 

Hi
Ok please do this.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• Vista users right click Combofix.exe and select Run As Administrator.
• When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Note - ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.

Thanks
Geri

 

Applications wont open, possible malware/virus present

Geri, here is the Combofix log:

ComboFix 08-09-25.05 - Kristina Formanes 2008-09-26 8:52:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.453 [GMT -4:00]
Running from: C:\Documents and Settings\Kristina Formanes\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Kristina Formanes\Favorites\Online Security Guide.lnk
C:\Program Files\internet explorer\iekey.dll
C:\Temp\abW9
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\rMa02yy

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DNSCON
-------\Legacy_NETMANAGER
-------\Service_dnscon
-------\Service_NetManager


((((((((((((((((((((((((( Files Created from 2008-08-26 to 2008-09-26 )))))))))))))))))))))))))))))))
.

2008-09-24 09:46 . 2008-09-24 09:46 <DIR> d-------- C:\Documents and Settings\Kristina Formanes\Application Data\Malwarebytes
2008-09-24 09:46 . 2008-09-24 09:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-24 09:46 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-24 09:46 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-23 16:36 . 2008-09-23 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-23 12:43 . 2008-09-23 12:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-23 10:42 . 2008-09-23 10:42 <DIR> d-------- C:\Program Files\Windows Defender
2008-09-22 15:57 . 2008-09-22 15:58 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-09-22 15:57 . 2008-09-25 11:26 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-09-22 15:57 . 2008-09-25 11:00 <DIR> d-------- C:\Documents and Settings\Kristina Formanes\Application Data\Spyware Terminator
2008-09-22 15:57 . 2008-09-25 11:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-09-22 15:57 . 2008-09-22 15:57 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-09-22 14:25 . 2008-09-22 14:25 <DIR> d-------- C:\Program Files\Avira
2008-09-22 14:25 . 2008-09-22 14:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-19 18:02 . 2000-03-23 12:50 446,464 -ra------ C:\WINDOWS\system32\hhactivex.dll
2008-09-19 18:02 . 1999-05-07 13:24 414,944 --a------ C:\WINDOWS\system32\COMCT332.OCX
2008-09-19 18:02 . 1998-11-10 10:46 328,480 --a------ C:\WINDOWS\system32\ssa3d30.ocx
2008-09-19 18:02 . 2002-01-08 17:00 176,128 --a------ C:\WINDOWS\system32\RcdScan.dll
2008-09-19 18:02 . 1998-09-24 12:03 171,967 --a------ C:\WINDOWS\system32\Odbcjet.hlp
2008-09-19 18:02 . 1998-06-17 23:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-09-19 18:02 . 2001-08-22 08:42 13,632 --------- C:\WINDOWS\system32\drivers\omci.sys
2008-09-19 18:02 . 1998-09-24 12:03 7,348 --a------ C:\WINDOWS\system32\Odbcjet.cnt
2008-09-18 20:25 . 2008-09-18 20:25 <DIR> d-------- C:\Program Files\McAfee.com
2008-09-18 17:42 . 2008-09-18 21:47 <DIR> d-------- C:\Program Files\VS Revo Group
2008-09-18 17:28 . 2008-09-18 17:57 20,640 --a------ C:\WINDOWS\system32\Status.MPF
2008-09-18 17:25 . 2008-09-18 17:28 <DIR> d-------- C:\WINDOWS\system32\mclsphlr
2008-09-18 17:24 . 2005-07-26 14:50 94,208 --a------ C:\WINDOWS\system32\mclsp.dll
2008-09-18 17:24 . 2005-07-26 14:47 90,112 --a------ C:\WINDOWS\system32\mcrtl32.dll
2008-09-18 17:23 . 2005-08-16 16:18 80,640 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys
2008-09-18 17:22 . 2008-09-18 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-09-18 17:22 . 2005-08-16 16:13 9,216 --a------ C:\WINDOWS\system32\MpfApi.dll
2008-09-18 17:21 . 2005-09-19 12:13 349,760 -ra------ C:\WINDOWS\system32\mcinsctl.dll
2008-09-18 17:21 . 2005-09-19 12:13 288,320 -ra------ C:\WINDOWS\system32\mcgdmgr.dll
2008-09-13 19:48 . 2008-09-13 19:49 <DIR> d-------- C:\Program Files\iTunes
2008-09-13 19:48 . 2008-09-13 19:48 <DIR> d-------- C:\Program Files\iPod
2008-09-13 19:48 . 2008-09-13 19:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-13 19:45 . 2008-09-13 19:45 <DIR> d-------- C:\Program Files\Bonjour
2008-09-13 19:43 . 2008-09-13 19:44 <DIR> d-------- C:\Program Files\QuickTime
2008-09-13 19:04 . 2008-09-13 19:04 <DIR> d--hs---- C:\Documents and Settings\Kristina Formanes\PrivacIE
2008-09-13 18:47 . 2008-09-13 18:48 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-09-09 21:35 . 2008-09-09 21:35 <DIR> d-------- C:\Documents and Settings\Kristina Formanes\Application Data\Snapfish
2008-09-07 22:15 . 2008-09-07 22:15 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-09-07 22:15 . 2008-09-07 22:15 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-09-07 22:14 . 2008-09-07 22:14 <DIR> d-------- C:\Program Files\iolo
2008-09-07 22:14 . 2008-04-30 10:22 421,888 --a------ C:\WINDOWS\system32\Incinerator.dll
2008-09-07 22:14 . 2008-03-24 08:53 34,304 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-09-07 22:14 . 2008-03-24 08:53 22,528 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-09-07 22:13 . 2008-09-07 22:13 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-09-07 22:12 . 2008-09-07 22:15 <DIR> d-------- C:\Documents and Settings\Kristina Formanes\Application Data\iolo
2008-09-07 22:12 . 2008-09-07 22:12 <DIR> d-------- C:\Documents and Settings\Kristina Formanes\Application Data\Dell
2008-09-07 22:12 . 2008-09-07 22:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-26 12:58 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-09-23 21:51 --------- d-----w C:\Program Files\Java
2008-09-23 20:36 --------- d--h--r C:\Documents and Settings\Kristina Formanes\Application Data\yahoo!
2008-09-23 20:24 --------- d-----w C:\Program Files\Yahoo!
2008-09-23 01:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-22 20:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-22 16:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-18 21:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-18 21:42 --------- d-----w C:\Program Files\Smarty Uninstaller Pro
2008-09-18 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-09-18 21:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-18 19:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-13 23:43 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-12 23:53 --------- d-----w C:\Documents and Settings\Kristina Formanes\Application Data\Any Video Converter
2008-09-11 18:41 --------- d-----w C:\Documents and Settings\Kristina Formanes\Application Data\LimeWire
2008-09-10 12:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-08 20:07 --------- d-----w C:\Program Files\Mystery Case Files Huntsville
2008-09-08 02:14 --------- d-----w C:\Program Files\Dell
2008-09-08 01:08 --------- d-----w C:\Documents and Settings\Kristina Formanes\Application Data\Move Networks
2008-08-17 00:08 --------- d-----w C:\Program Files\Garmin GPS Plugin
2008-08-17 00:08 --------- d-----w C:\Documents and Settings\Kristina Formanes\Application Data\GARMIN
2008-08-11 14:10 --------- d-----w C:\Program Files\Avery Wizard 3.1
2008-08-10 18:49 --------- d-----w C:\Program Files\Apple Software Update
2008-05-24 01:31 24,678 -c--a-w C:\Documents and Settings\Incomplete\downloads.dat
2007-10-17 13:58 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-12-24 03:14 0 -csha-w C:\WINDOWS\ms.config`.exe
2007-08-22 03:09 0 -csha-w C:\WINDOWS\msrm.exe
2007-08-22 03:09 81 --sha-w C:\WINDOWS\NT.Config`.exe
2006-12-24 03:14 42,734 --sha-w C:\WINDOWS\rm.exe
2007-01-25 01:40 88 --sh--r C:\WINDOWS\system32\EB071C84D8.sys
2007-01-25 01:40 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-20 19:19 4,317 --sha-w C:\WINDOWS\system32\nmllm.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold "= "C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"Creative Detector "= "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-14 460784]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-25 68856]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]
"DellSupportCenter "= "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-14 202544]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-23 149040]
"SetDefaultMIDI "= "MIDIDef.exe" [2004-12-22 C:\WINDOWS\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter "= "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-14 202544]
"SMSystemAnalyzer "= "C:\Program Files\Dell\PC TuneUp\SMSystemAnalyzer.exe" [2008-04-30 765784]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier "= "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"avgnt "= "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SpywareTerminator "= "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-22 1783808]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-01-25 113664]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2004-02-24 10872]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-26 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-12-14 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle "= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme "= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"C:\\Program Files\\Messenger\\msmsgs.exe "=
"C:\\Program Files\\America Online 9.0\\waol.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe "=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"C:\\Program Files\\Skype\\Phone\\Skype.exe "=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe "=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"C:\\Program Files\\iTunes\\iTunes.exe "=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=
"C:\\WINDOWS\\ehome\\ehshell.exe "=

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-09-22 141312]
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-04-30 565608]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-04-30 565608]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-05-04 16768]
S0 fvdscsi;fvdscsi;C:\WINDOWS\system32\DRIVERS\fvdscsi.sys [ ]
S3 Frtmgiimi;Frtmgiimi;C:\WINDOWS\system32\drivers\netbt.sys [2004-08-10 162816]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20b0723b-6c1a-11dc-8095-00038a000015}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bb22c86-38bd-11dc-8021-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{753f433e-b29e-11db-beed-00038a000015}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NETSVCS.EXE
\Shell\é_†™\command - NETSVCS.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4575e5a-9673-11db-be65-00038a000015}]
\Shell\AutoRun\command - ie.exe
\Shell\explore\Command - ie.exe
\Shell\open\Command - ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bece751c-9b04-11db-be77-00038a000015}]
\Shell\AutoRun\command - E:\ie.exe
\Shell\explore\Command - E:\ie.exe
\Shell\open\Command - E:\ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6f4c178-8839-11db-be4c-00038a000015}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL exiplorer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9f45398-8a41-11dd-83c6-00038a000015}]
\Shell\AutoRun\command - E:\WD_Windows_Tools\Setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-SMRequiresRestart - (no file)
Notify-fdlowlec - fdlowlec.dll
Notify-orggabvf - orggabvf.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 -: HKCU-Internet Settings,ProxyServer = 196.168.1.254:1234
R1 -: HKCU-Internet Settings,ProxyOverride = <local>;*.local
O8 -: Crawler Search - tbr:iemenu
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O18 -: Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O16 -: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://safeway.lifepics.com/net/Uploader/LPUploader45.cab
C:\WINDOWS\Downloaded Program Files\LPUploader45.inf
C:\WINDOWS\system32\unicows.dll
C:\WINDOWS\Downloaded Program Files\LPUploader45.ocx

O16 -: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
C:\WINDOWS\Downloaded Program Files\gtdownde_110.inf
C:\WINDOWS\system32\gtdownde_110.ocx
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-26 08:59:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\system32\MLANG.dll
-> ?:\WINDOWS\system32\MLANG.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\stacsv.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-09-26 9:06:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-26 13:06:28

Pre-Run: 21,480,292,352 bytes free
Post-Run: 21,624,987,648 bytes free

300 --- E O F --- 2008-09-26 12:49:02

 

Geri,

After I did the combofix, I tried to open some applications and websites. Everything is perfectly fine now. Thanks a lot!!! What a great relief!

Tinapie

 

Hi
Ok we need some files scanned. Please do this.

• Please go to Jotti's malware scan
  
• Copy and paste the following file path into *the * "File to upload & scan "box on the top of the page: one at a time
  
  • C:\WINDOWS\ms.config`.exe
    C:\WINDOWS\msrm.exe
    C:\WINDOWS\NT.Config`.exe
    C:\WINDOWS\rm.exe
• Click on the submit button
  
• Please post the results in your next reply.

Thanks
Geri

 

Geri, here are the results of the Jotti Scan:

Service
Service load: 0% 100%

File: rm.exe
Status: OK
MD5: 51443d0fc1020bf070fc876a509b576a
Packers detected: -

Scanner results
Scan taken on 27 Sep 2008 13:22:29 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

-----------------------------------------
Service load: 0% 100%

File: NT.Config`.exe
Status: POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5: 60c9259904d083b94c04af5a458c98ac
Packers detected: -

Scanner results
Scan taken on 27 Sep 2008 13:26:09 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found nothing
Ikarus Found AdWare.Win32.NewDotNet
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

------------------------------------------------


When I tried to scan C:\WINDOWS\msrm.exe and C:\WINDOWS\ms.config`.exe, the following message appeared:
'The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file'

 

Hi
I would like you to send a couple files to noahdfear so he can look them over.

Please do this.

Please zip these to files up

C:\WINDOWS\NT.Config`.exe
C:\WINDOWS\rm.exe

Then upload the zipped to noahdfear submission channel. Leave a link back to this topic.

Thanks
Geri

 

re: [Resolved] Applications wont open, possible malware/virus present

hi geri,

i cant seem to locate the files in my computer. the files also wont show when i use search. thanks

 

Hi
OK lets try it this way.
Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Code:

Suspect::
C:\WINDOWS\NT.Config`.exe
C:\WINDOWS\rm.exe  

Please note that I have instructed CFScript to collect a files for analysis. This means that at some point, likely after reboot (if needed) when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created on your desktop. The zip contains the aforementioned files. Please copy the path shown in the prompt and paste it into the box, then click Send.

Thanks
Geri

 

Geri,here is the log frm the Combofix:

ComboFix 08-09-27.06 - Kristina Formanes 2008-09-29 8:27:23.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.398 [GMT -4:00]
Running from: C:\Documents and Settings\Kristina Formanes\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kristina Formanes\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-29 )))))))))))))))))))))))))))))))
.

2008-09-24 09:46 . 2008-09-24 09:46 <DIR> d-------- C:\Documents and Settings\Kristina Formanes\Application Data\Malwarebytes
2008-09-24 09:46 . 2008-09-24 09:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-24 09:46 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-24 09:46 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-23 16:36 . 2008-09-23 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-23 12:43 . 2008-09-23 12:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-23 10:42 . 2008-09-23 10:42 <DIR> d-------- C:\Program Files\Windows Defender
2008-09-22 15:57 . 2008-09-29 08:24 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-09-22 15:57 . 2008-09-29 08:23 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-09-22 15:57 . 2008-09-29 08:23 <DIR> d-------- C:\Documents and Settings\Kristina Formanes\Application Data\Spyware Terminator
2008-09-22 15:57 . 2008-09-28 12:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-09-22 15:57 . 2008-09-22 15:57 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-09-22 14:25 . 2008-09-22 14:25 <DIR> d-------- C:\Program Files\Avira
2008-09-22 14:25 . 2008-09-22 14:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-19 18:02 . 2000-03-23 12:50 446,464 -ra------ C:\WINDOWS\system32\hhactivex.dll
2008-09-19 18:02 . 1999-05-07 13:24 414,944 --a------ C:\WINDOWS\system32\COMCT332.OCX
2008-09-19 18:02 . 1998-11-10 10:46 328,480 --a------ C:\WINDOWS\system32\ssa3d30.ocx
2008-09-19 18:02 . 2002-01-08 17:00 176,128 --a------ C:\WINDOWS\system32\RcdScan.dll
2008-09-19 18:02 . 1998-09-24 12:03 171,967 --a------ C:\WINDOWS\system32\Odbcjet.hlp
2008-09-19 18:02 . 1998-06-17 23:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-09-19 18:02 . 2001-08-22 08:42 13,632 --------- C:\WINDOWS\system32\drivers\omci.sys
2008-09-19 18:02 . 1998-09-24 12:03 7,348 --a------ C:\WINDOWS\system32\Odbcjet.cnt
2008-09-18 20:25 . 2008-09-18 20:25 <DIR> d-------- C:\Program Files\McAfee.com
2008-09-18 17:42 . 2008-09-18 21:47 <DIR> d-------- C:\Program Files\VS Revo Group
2008-09-18 17:28 . 2008-09-18 17:57 20,640 --a------ C:\WINDOWS\system32\Status.MPF
2008-09-18 17:25 . 2008-09-18 17:28 <DIR> d-------- C:\WINDOWS\system32\mclsphlr
2008-09-18 17:24 . 2005-07-26 14:50 94,208 --a------ C:\WINDOWS\system32\mclsp.dll
2008-09-18 17:24 . 2005-07-26 14:47 90,112 --a------ C:\WINDOWS\system32\mcrtl32.dll
2008-09-18 17:23 . 2005-08-16 16:18 80,640 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys
2008-09-18 17:22 . 2008-09-18 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-09-18 17:22 . 2005-08-16 16:13 9,216 --a------ C:\WINDOWS\system32\MpfApi.dll
2008-09-18 17:21 . 2005-09-19 12:13 349,760 -ra------ C:\WINDOWS\system32\mcinsctl.dll
2008-09-18 17:21 . 2005-09-19 12:13 288,320 -ra------ C:\WINDOWS\system32\mcgdmgr.dll
2008-09-13 19:48 . 2008-09-13 19:49 <DIR> d-------- C:\Program Files\iTunes
2008-09-13 19:48 . 2008-09-13 19:48 <DIR> d-------- C:\Program Files\iPod
2008-09-13 19:48 . 2008-09-13 19:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-13 19:45 . 2008-09-13 19:45 <DIR> d-------- C:\Program Files\Bonjour
2008-09-13 19:43 . 2008-09-13 19:44 <DIR> d-------- C:\Program Files\QuickTime
2008-09-13 19:04 . 2008-09-13 19:04 <DIR> d--hs---- C:\Documents and Settings\Kristina Formanes\PrivacIE
2008-09-13 18:47 . 2008-09-13 18:48 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-09-09 21:35 . 2008-09-09 21:35 <DIR> d-------- C:\Documents and Settings\Kristina Formanes\Application Data\Snapfish
2008-09-07 22:15 . 2008-09-07 22:15 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-09-07 22:15 . 2008-09-07 22:15 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-09-07 22:14 . 2008-09-07 22:14 <DIR> d-------- C:\Program Files\iolo
2008-09-07 22:14 . 2008-04-30 10:22 421,888 --a------ C:\WINDOWS\system32\Incinerator.dll
2008-09-07 22:14 . 2008-03-24 08:53 34,304 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-09-07 22:14 . 2008-03-24 08:53 22,528 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-09-07 22:13 . 2008-09-07 22:13 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-09-07 22:12 . 2008-09-07 22:15 <DIR> d-------- C:\Documents and Settings\Kristina Formanes\Application Data\iolo
2008-09-07 22:12 . 2008-09-07 22:12 <DIR> d-------- C:\Documents and Settings\Kristina Formanes\Application Data\Dell
2008-09-07 22:12 . 2008-09-07 22:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 12:20 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-09-27 13:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-09-27 13:33 --------- d-----w C:\Program Files\Dell Support Center
2008-09-27 13:33 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-09-27 13:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-09-27 00:54 --------- d-----w C:\Documents and Settings\Kristina Formanes\Application Data\Move Networks
2008-09-23 21:51 --------- d-----w C:\Program Files\Java
2008-09-23 20:36 --------- d--h--r C:\Documents and Settings\Kristina Formanes\Application Data\yahoo!
2008-09-23 20:24 --------- d-----w C:\Program Files\Yahoo!
2008-09-23 01:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-22 20:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-22 16:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-18 21:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-18 21:42 --------- d-----w C:\Program Files\Smarty Uninstaller Pro
2008-09-18 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-09-18 21:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-18 19:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-13 23:43 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-12 23:53 --------- d-----w C:\Documents and Settings\Kristina Formanes\Application Data\Any Video Converter
2008-09-11 18:41 --------- d-----w C:\Documents and Settings\Kristina Formanes\Application Data\LimeWire
2008-09-10 12:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-08 20:07 --------- d-----w C:\Program Files\Mystery Case Files Huntsville
2008-09-08 02:14 --------- d-----w C:\Program Files\Dell
2008-08-22 07:16 637,984 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-22 07:10 11,985,408 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-22 07:09 5,699,584 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-22 07:08 878,592 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-22 07:08 878,592 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-08-22 07:08 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-08-22 07:08 43,008 ----a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
2008-08-22 07:08 236,544 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2008-08-22 07:08 1,206,784 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-08-22 07:07 755,200 ----a-w C:\WINDOWS\system32\dllcache\VGX.dll
2008-08-22 07:07 193,536 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2008-08-22 07:07 18,944 ----a-w C:\WINDOWS\system32\dllcache\corpol.dll
2008-08-22 07:07 18,944 ----a-w C:\WINDOWS\system32\corpol.dll
2008-08-22 07:07 116,224 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2008-08-22 07:07 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2008-08-22 07:05 70,656 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-08-22 07:04 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-08-22 07:04 45,568 ----a-w C:\WINDOWS\system32\dllcache\mshta.exe
2008-08-22 07:00 68,608 ----a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
2008-08-22 06:57 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-08-22 06:57 156,160 ----a-w C:\WINDOWS\system32\dllcache\msls31.dll
2008-08-22 06:42 443,392 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-17 00:08 --------- d-----w C:\Program Files\Garmin GPS Plugin
2008-08-17 00:08 --------- d-----w C:\Documents and Settings\Kristina Formanes\Application Data\GARMIN
2008-08-11 14:10 --------- d-----w C:\Program Files\Avery Wizard 3.1
2008-08-10 18:49 --------- d-----w C:\Program Files\Apple Software Update
2008-08-05 21:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-05-24 01:31 24,678 -c--a-w C:\Documents and Settings\Incomplete\downloads.dat
2007-10-17 13:58 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-12-24 03:14 0 -csha-w C:\WINDOWS\ms.config`.exe
2007-08-22 03:09 0 -csha-w C:\WINDOWS\msrm.exe
2007-08-22 03:09 81 --sha-w C:\WINDOWS\NT.Config`.exe
2006-12-24 03:14 42,734 --sha-w C:\WINDOWS\rm.exe
2007-01-25 01:40 88 --sh--r C:\WINDOWS\system32\EB071C84D8.sys
2007-01-25 01:40 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-20 19:19 4,317 --sha-w C:\WINDOWS\system32\nmllm.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold "= "C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"Creative Detector "= "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-14 460784]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-25 68856]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]
"DellSupportCenter "= "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-23 149040]
"SetDefaultMIDI "= "MIDIDef.exe" [2004-12-22 C:\WINDOWS\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSystemAnalyzer "= "C:\Program Files\Dell\PC TuneUp\SMSystemAnalyzer.exe" [2008-04-30 765784]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier "= "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"avgnt "= "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SpywareTerminator "= "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-22 1783808]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"dscactivate "= "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"DellSupportCenter "= "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SMRequiresRestart "=" " [BU]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-01-25 113664]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2004-02-24 10872]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-26 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-12-14 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle "= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme "= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"C:\\Program Files\\Messenger\\msmsgs.exe "=
"C:\\Program Files\\America Online 9.0\\waol.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe "=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"C:\\Program Files\\Skype\\Phone\\Skype.exe "=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe "=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"C:\\Program Files\\iTunes\\iTunes.exe "=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=
"C:\\WINDOWS\\ehome\\ehshell.exe "=

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-09-22 141312]
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-04-30 565608]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-04-30 565608]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-05-04 16768]
S0 fvdscsi;fvdscsi;C:\WINDOWS\system32\DRIVERS\fvdscsi.sys [ ]
S3 Frtmgiimi;Frtmgiimi;C:\WINDOWS\system32\drivers\netbt.sys [2004-08-10 162816]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20b0723b-6c1a-11dc-8095-00038a000015}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bb22c86-38bd-11dc-8021-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{753f433e-b29e-11db-beed-00038a000015}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NETSVCS.EXE
\Shell\é_†™\command - NETSVCS.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4575e5a-9673-11db-be65-00038a000015}]
\Shell\AutoRun\command - ie.exe
\Shell\explore\Command - ie.exe
\Shell\open\Command - ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bece751c-9b04-11db-be77-00038a000015}]
\Shell\AutoRun\command - E:\ie.exe
\Shell\explore\Command - E:\ie.exe
\Shell\open\Command - E:\ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6f4c178-8839-11db-be4c-00038a000015}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL exiplorer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9f45398-8a41-11dd-83c6-00038a000015}]
\Shell\AutoRun\command - E:\WD_Windows_Tools\Setup.exe
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-29 08:45:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-29 8:56:43
ComboFix-quarantined-files.txt 2008-09-29 12:55:57
ComboFix2.txt 2008-09-26 13:06:35

Pre-Run: 21,284,593,664 bytes free
Post-Run: 21,268,246,528 bytes free

262 --- E O F --- 2008-09-26 12:49:02

 

Hi
Were you able to get those files get sent to noahdfear?

Thanks
Geri

 

Geri, I submitted the Combofix result file (CFScript), that is, if I understood the instruction correctly. Thanks

 

Hi
Sorry. no he got the whole CFScript, we just need to send the files. We need to find out if these are bad and can/should be deleted.

Please try again.

Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Code:

http://www.windowsbbs.com/malware-virus-removal/77199-applications-wont-open-possible-malware-virus-present-2.html
Suspect::[22]
C:\WINDOWS\NT.Config`.exe
C:\WINDOWS\rm.exe  

Please note that I have instructed CFScript to collect a files for analysis. This means that at some point, likely after reboot (if needed) when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file. The zip contains the aforementioned files. Please copy the path shown in the prompt and paste it into the box, then click Send.

Thanks
Geri

 

Applications wont open, possible malware/virus present

Geri,

Sorry, Am I supposed to send these files to noahdfear:
C:\WINDOWS\NT.Config`.exe
C:\WINDOWS\rm.exe

I cannot still locate the files in C: after I did the CFScript and Combofix.exe. Here is the log:

ComboFix 08-09-28.05 - Kristina Formanes 2008-09-30 8:40:07.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.551 [GMT -4:00]
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Kristina Formanes\Cookies\kristina_formanes@ad.yieldmanager[3].txt

.
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-30 )))))))))))))))))))))))))))))))
.

2008-09-24 09:46 . 2008-09-24 09:46 <DIR> d-------- C:\Documents and Settings\Kristina Formanes\Application Data\Malwarebytes
2008-09-24 09:46 . 2008-09-24 09:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-24 09:46 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-24 09:46 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-23 16:36 . 2008-09-23 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-23 12:43 . 2008-09-23 12:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-23 10:42 . 2008-09-23 10:42 <DIR> d-------- C:\Program Files\Windows Defender
2008-09-22 15:57 . 2008-09-29 08:24 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-09-22 15:57 . 2008-09-29 08:23 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-09-22 15:57 . 2008-09-29 08:23 <DIR> d-------- C:\Documents and Settings\Kristina Formanes\Application Data\Spyware Terminator
2008-09-22 15:57 . 2008-09-28 12:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-09-22 15:57 . 2008-09-22 15:57 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-09-22 14:25 . 2008-09-22 14:25 <DIR> d-------- C:\Program Files\Avira
2008-09-22 14:25 . 2008-09-22 14:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-19 18:02 . 2000-03-23 12:50 446,464 -ra------ C:\WINDOWS\system32\hhactivex.dll
2008-09-19 18:02 . 1999-05-07 13:24 414,944 --a------ C:\WINDOWS\system32\COMCT332.OCX
2008-09-19 18:02 . 1998-11-10 10:46 328,480 --a------ C:\WINDOWS\system32\ssa3d30.ocx
2008-09-19 18:02 . 2002-01-08 17:00 176,128 --a------ C:\WINDOWS\system32\RcdScan.dll
2008-09-19 18:02 . 1998-09-24 12:03 171,967 --a------ C:\WINDOWS\system32\Odbcjet.hlp
2008-09-19 18:02 . 1998-06-17 23:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-09-19 18:02 . 2001-08-22 08:42 13,632 --------- C:\WINDOWS\system32\drivers\omci.sys
2008-09-19 18:02 . 1998-09-24 12:03 7,348 --a------ C:\WINDOWS\system32\Odbcjet.cnt
2008-09-18 20:25 . 2008-09-18 20:25 <DIR> d-------- C:\Program Files\McAfee.com
2008-09-18 17:42 . 2008-09-18 21:47 <DIR> d-------- C:\Program Files\VS Revo Group
2008-09-18 17:28 . 2008-09-18 17:57 20,640 --a------ C:\WINDOWS\system32\Status.MPF
2008-09-18 17:25 . 2008-09-18 17:28 <DIR> d-------- C:\WINDOWS\system32\mclsphlr
2008-09-18 17:24 . 2005-07-26 14:50 94,208 --a------ C:\WINDOWS\system32\mclsp.dll
2008-09-18 17:24 . 2005-07-26 14:47 90,112 --a------ C:\WINDOWS\system32\mcrtl32.dll
2008-09-18 17:23 . 2005-08-16 16:18 80,640 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys
2008-09-18 17:22 . 2008-09-18 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-09-18 17:22 . 2005-08-16 16:13 9,216 --a------ C:\WINDOWS\system32\MpfApi.dll
2008-09-18 17:21 . 2005-09-19 12:13 349,760 -ra------ C:\WINDOWS\system32\mcinsctl.dll
2008-09-18 17:21 . 2005-09-19 12:13 288,320 -ra------ C:\WINDOWS\system32\mcgdmgr.dll
2008-09-13 19:48 . 2008-09-13 19:49 <DIR> d-------- C:\Program Files\iTunes
2008-09-13 19:48 . 2008-09-13 19:48 <DIR> d-------- C:\Program Files\iPod
2008-09-13 19:48 . 2008-09-13 19:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-13 19:45 . 2008-09-13 19:45 <DIR> d-------- C:\Program Files\Bonjour
2008-09-13 19:43 . 2008-09-13 19:44 <DIR> d-------- C:\Program Files\QuickTime
2008-09-13 19:04 . 2008-09-13 19:04 <DIR> d--hs---- C:\Documents and Settings\Kristina Formanes\PrivacIE
2008-09-13 18:47 . 2008-09-13 18:48 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-09-09 21:35 . 2008-09-09 21:35 <DIR> d-------- C:\Documents and Settings\Kristina Formanes\Application Data\Snapfish
2008-09-07 22:15 . 2008-09-07 22:15 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-09-07 22:15 . 2008-09-07 22:15 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-09-07 22:14 . 2008-09-07 22:14 <DIR> d-------- C:\Program Files\iolo
2008-09-07 22:14 . 2008-04-30 10:22 421,888 --a------ C:\WINDOWS\system32\Incinerator.dll
2008-09-07 22:14 . 2008-03-24 08:53 34,304 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-09-07 22:14 . 2008-03-24 08:53 22,528 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-09-07 22:13 . 2008-09-07 22:13 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-09-07 22:12 . 2008-09-07 22:15 <DIR> d-------- C:\Documents and Settings\Kristina Formanes\Application Data\iolo
2008-09-07 22:12 . 2008-09-07 22:12 <DIR> d-------- C:\Documents and Settings\Kristina Formanes\Application Data\Dell
2008-09-07 22:12 . 2008-09-07 22:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll
2008-08-22 03:05 . 2008-08-22 03:05 48,640 --------- C:\WINDOWS\system32\PrivacIE.dll
2008-08-18 21:48 . 2008-08-18 22:17 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-16 20:08 . 2008-08-16 20:08 <DIR> d-------- C:\Program Files\Garmin GPS Plugin
2008-08-16 20:08 . 2008-08-16 20:08 <DIR> d-------- C:\Garmin
2008-08-16 20:08 . 2008-08-16 20:08 <DIR> d-------- C:\Documents and Settings\Kristina Formanes\Application Data\GARMIN
2008-08-14 21:59 . 2008-05-01 10:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-05 17:55 . 2008-08-05 17:55 265,720 --a------ C:\WINDOWS\system32\msdbg2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-30 12:38 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-09-27 13:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-09-27 13:33 --------- d-----w C:\Program Files\Dell Support Center
2008-09-27 13:33 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-09-27 13:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-09-27 00:54 --------- d-----w C:\Documents and Settings\Kristina Formanes\Application Data\Move Networks
2008-09-23 21:51 --------- d-----w C:\Program Files\Java
2008-09-23 20:36 --------- d--h--r C:\Documents and Settings\Kristina Formanes\Application Data\yahoo!
2008-09-23 20:24 --------- d-----w C:\Program Files\Yahoo!
2008-09-23 01:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-22 20:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-22 16:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-18 21:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-18 21:42 --------- d-----w C:\Program Files\Smarty Uninstaller Pro
2008-09-18 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-09-18 21:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-18 19:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-13 23:43 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-12 23:53 --------- d-----w C:\Documents and Settings\Kristina Formanes\Application Data\Any Video Converter
2008-09-11 18:41 --------- d-----w C:\Documents and Settings\Kristina Formanes\Application Data\LimeWire
2008-09-10 12:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-08 20:07 --------- d-----w C:\Program Files\Mystery Case Files Huntsville
2008-09-08 02:14 --------- d-----w C:\Program Files\Dell
2008-08-22 07:16 637,984 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-22 07:10 11,985,408 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-22 07:09 5,699,584 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-22 07:08 878,592 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-22 07:08 878,592 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-08-22 07:08 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-08-22 07:08 43,008 ----a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
2008-08-22 07:08 236,544 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2008-08-22 07:08 1,206,784 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-08-22 07:07 755,200 ----a-w C:\WINDOWS\system32\dllcache\VGX.dll
2008-08-22 07:07 193,536 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2008-08-22 07:07 18,944 ----a-w C:\WINDOWS\system32\dllcache\corpol.dll
2008-08-22 07:07 18,944 ----a-w C:\WINDOWS\system32\corpol.dll
2008-08-22 07:07 116,224 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2008-08-22 07:07 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2008-08-22 07:05 70,656 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-08-22 07:05 630,272 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2008-08-22 07:05 61,952 ----a-w C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-22 07:05 580,608 ----a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-22 07:05 53,760 ----a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-22 07:05 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-08-22 07:05 48,128 ----a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
2008-08-22 07:05 45,056 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-08-22 07:05 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
2008-08-22 07:05 35,840 ----a-w C:\WINDOWS\system32\dllcache\imgutil.dll
2008-08-22 07:05 346,624 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2008-08-22 07:05 217,088 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2008-08-22 07:05 186,880 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2008-08-22 07:04 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-08-22 07:04 45,568 ----a-w C:\WINDOWS\system32\dllcache\mshta.exe
2008-08-22 07:00 68,608 ----a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
2008-08-22 06:57 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-08-22 06:57 156,160 ----a-w C:\WINDOWS\system32\dllcache\msls31.dll
2008-08-22 06:42 443,392 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-11 14:10 --------- d-----w C:\Program Files\Avery Wizard 3.1
2008-08-10 18:49 --------- d-----w C:\Program Files\Apple Software Update
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 22:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 16:57 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-18 17:30 21,393 ----a-w C:\WINDOWS\AegisP.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-12 15:27 26,144 ----a-w C:\WINDOWS\system32\spupdsvc.exe
2008-06-12 15:27 26,112 ----a-w C:\WINDOWS\system32\idndl.dll
2008-06-12 15:27 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll
2008-06-12 15:27 23,552 ----a-w C:\WINDOWS\system32\normaliz.dll
2008-06-12 15:27 134,144 ------w C:\WINDOWS\system32\dllcache\sqmapi.dll
2008-05-24 01:31 24,678 -c--a-w C:\Documents and Settings\Incomplete\downloads.dat
2007-10-17 13:58 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-12-24 03:14 0 -csha-w C:\WINDOWS\ms.config`.exe
2007-08-22 03:09 0 -csha-w C:\WINDOWS\msrm.exe
2007-08-22 03:09 81 --sha-w C:\WINDOWS\NT.Config`.exe
2006-12-24 03:14 42,734 --sha-w C:\WINDOWS\rm.exe
2007-01-25 01:40 88 --sh--r C:\WINDOWS\system32\EB071C84D8.sys
2007-01-25 01:40 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-20 19:19 4,317 --sha-w C:\WINDOWS\system32\nmllm.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold "= "C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"Creative Detector "= "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-14 460784]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-25 68856]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]
"DellSupportCenter "= "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-23 149040]
"SetDefaultMIDI "= "MIDIDef.exe" [2004-12-22 C:\WINDOWS\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSystemAnalyzer "= "C:\Program Files\Dell\PC TuneUp\SMSystemAnalyzer.exe" [2008-04-30 765784]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier "= "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"avgnt "= "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SpywareTerminator "= "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-22 1783808]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"dscactivate "= "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"DellSupportCenter "= "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-01-25 113664]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2004-02-24 10872]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-26 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-12-14 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle "= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme "= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"C:\\Program Files\\Messenger\\msmsgs.exe "=
"C:\\Program Files\\America Online 9.0\\waol.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe "=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe "=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"C:\\Program Files\\Skype\\Phone\\Skype.exe "=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe "=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"C:\\Program Files\\iTunes\\iTunes.exe "=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=
"C:\\WINDOWS\\ehome\\ehshell.exe "=

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-09-22 141312]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-05-04 16768]
S0 fvdscsi;fvdscsi;C:\WINDOWS\system32\DRIVERS\fvdscsi.sys [ ]
S3 Frtmgiimi;Frtmgiimi;C:\WINDOWS\system32\drivers\netbt.sys [2004-08-10 162816]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20b0723b-6c1a-11dc-8095-00038a000015}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bb22c86-38bd-11dc-8021-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{753f433e-b29e-11db-beed-00038a000015}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NETSVCS.EXE
\Shell\é_†™\command - NETSVCS.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4575e5a-9673-11db-be65-00038a000015}]
\Shell\AutoRun\command - ie.exe
\Shell\explore\Command - ie.exe
\Shell\open\Command - ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bece751c-9b04-11db-be77-00038a000015}]
\Shell\AutoRun\command - E:\ie.exe
\Shell\explore\Command - E:\ie.exe
\Shell\open\Command - E:\ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6f4c178-8839-11db-be4c-00038a000015}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL exiplorer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9f45398-8a41-11dd-83c6-00038a000015}]
\Shell\AutoRun\command - E:\WD_Windows_Tools\Setup.exe
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 08:51:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-30 8:57:49
ComboFix-quarantined-files.txt 2008-09-30 12:57:34
ComboFix2.txt 2008-09-29 12:56:49
ComboFix3.txt 2008-09-26 13:06:35

Pre-Run: 21,224,431,616 bytes free
Post-Run: 21,202,501,632 bytes free

295 --- E O F --- 2008-09-26 12:49:02

 

Hi
OK lets see if a on line scan will show us anything.

Please do this.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.


Please do an online scan with Kaspersky WebScanner

Click on “Accept” If your pop –up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the “Scan Report” On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri

 

Geri,
I did the ATFCleaner and Kaspersky Scan. My system is clean. Below is the scan report. thanks

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, October 1, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, October 01, 2008 12:59:07
Records in database: 1279625
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 115972
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 00:40:53

No malware has been detected. The scan area is clean.

The selected area was scanned.