Solved wmpconf.dll file suspected infection

Ledraisel · 2007/08/28

[Resolved] wmpconf.dll file suspected infection

Hey guys recently searching the Internet for Fantasy Football player rankings, I ran an Active X object. Now I have adware on my computer that opens a IE browser to a virus scan site.

When I run a HiJackThis scan, I fix any myriad of viruses I can find, but when I run it again, they all slowly return. The only one that can't be fixed or deleted that I know of is the wmpconf.dll file located in my WINDOWS folder.

Running Spybot S & D doesn't seem to solve the problem either. I even tried to manually delete the file but don't have access rights to it.

My HiJackThis Log is as follows...

Logfile of HijackThis v1.99.1
Scan saved at 8:03:48 AM, on 8/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AIM6\aim6.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\WallpaperSS\WallpaperSS.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\Explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {5f649ad1-0675-449b-bc5c-a16185813beb} - C:\WINDOWS\system32\kbdwex.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe "
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\knriucyl.dll ",realset
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\wyuccrrb.dll ",realset
O4 - HKLM\..\Run: [j1201636] rundll32 C:\WINDOWS\system32\j1201636.dll sook
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Shell explorer driver] C:\WINDOWS\csrss.exe
O4 - HKCU\..\Run: [WallpaperSS] C:\Program Files\WallpaperSS\WallpaperSS.exe
O4 - HKCU\..\Run: [Kernel Fault Safe] C:\WINDOWS\smss.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bonniesbookstore/sis/popcaploader_v10.cab
O20 - Winlogon Notify: kbdwex - C:\WINDOWS\SYSTEM32\kbdwex.dll
O21 - SSODL: wmpconf - {4CCC00CE-0969-4D20-BF30-D7DB97B6F251} - C:\WINDOWS\wmpconf.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Is that file (wmpconf.dll) what is wrong with my computer or is there a bigger problem?

noahdfear · 2007/08/28

Welcome to WindowsBBS Ledraisel

Download VundoFix by Atribune, saving it to your desktop. Don't do anything with it yet.

Download the Killbox from here and save it to the desktop.

Copy the bolded list below by highlighting and pressing Ctrl+C

C:\WINDOWS\wmpconf.dll
C:\WINDOWS\SYSTEM32\kbdwex.dll
C:\WINDOWS\smss.exe
C:\WINDOWS\csrss.exe
C:\WINDOWS\system32\j1201636.dll
C:\WINDOWS\system32\wyuccrrb.dll
C:\WINDOWS\system32\knriucyl.dll
C:\WINDOWS\system32\kbdwex.dll

Double-click the KillBox icon on your desktop to open it

Select the box Delete on Reboot

Then click the All Files button.

Click File on the Menu and choose Paste from Clipboard.

Click the red x [Delete File] button.

Click Yes at the Delete on Reboot prompt. Click No at the Pending Operations prompt.

Scan again with HijackThis and place a check next to the following entries. Close all other windows and click Fix Checked.

O2 - BHO: (no name) - {5f649ad1-0675-449b-bc5c-a16185813beb} - C:\WINDOWS\system32\kbdwex.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\knriucyl.dll ",realset
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\wyuccrrb.dll ",realset
O4 - HKLM\..\Run: [j1201636] rundll32 C:\WINDOWS\system32\j1201636.dll sook
O4 - HKCU\..\Run: [Shell explorer driver] C:\WINDOWS\csrss.exe
O4 - HKCU\..\Run: [Kernel Fault Safe] C:\WINDOWS\smss.exe
O20 - Winlogon Notify: kbdwex - C:\WINDOWS\SYSTEM32\kbdwex.dll
O21 - SSODL: wmpconf - {4CCC00CE-0969-4D20-BF30-D7DB97B6F251} - C:\WINDOWS\wmpconf.dll

Reboot the computer.

Now double-click VundoFix.exe to run it.

Click the Scan for Vundo button.

Once it's done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files, click YES

Once you click yes, your desktop will go blank as it starts removing Vundo.

When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encounters a file it could not remove. In this case, VundoFix will run on reboot. If that happens, follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Download and install AVG Anti-Spyware (AVG-AS)

When installation completes, start AVG-AS then click the Update tab at the top. Under Manual Update click Start update.

After the update finishes (the status bar at the bottom will display "Update successful "), click on the Scanner tab at the top.

Click the "Settings" tab and change the recommended action to Quarantine.

Click Automatically generate report after every scan.

Go back to the "Scan" tab and click "Complete System Scan ". This scan can take quite a while to run, so sit back and wait.

AVG-AS will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action.

Click the Apply all actions button. AVG-AS will display "All actions have been applied" on the right hand side.

Click on "Save Report ", then "Save Report As ". Save the report where you know you can find it again (like on the Desktop) and take note of the name.

Close AVG-AS and reboot.

Please post the contents of C:\vundofix.txt, a new HiJackThis log and the AVG-AS report.

Ledraisel · 2007/08/28

=================
VundoFix
=================

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 9:37:52 PM 8/28/2007

Listing files found while scanning....

C:\windows\system32\agesdktm.dll
C:\windows\system32\awvvu.dll
C:\windows\system32\catovwpg.ini
C:\WINDOWS\system32\ctqtvuyb.dll
C:\windows\system32\durdnyro.dll
C:\windows\system32\glwwjnmg.exe
C:\windows\system32\gpwvotac.dll
C:\windows\system32\itgwcqtx.dll
C:\windows\system32\jxrjyyrk.dll
C:\WINDOWS\system32\knriucyl.dll
C:\windows\system32\mdpfnmgw.dll
C:\windows\system32\qogamitv.dll
C:\WINDOWS\system32\tntqsysm.dll
C:\windows\system32\tqkpvacy.exe
C:\windows\system32\vuqskkpg.dll
C:\WINDOWS\system32\wyuccrrb.dll
C:\WINDOWS\system32\xigrteip.dll
C:\windows\system32\xooknyga.dll
C:\windows\system32\yabbcaa.dll

Beginning removal...

Attempting to delete C:\windows\system32\agesdktm.dll
C:\windows\system32\agesdktm.dll Has been deleted!

Attempting to delete C:\windows\system32\awvvu.dll
C:\windows\system32\awvvu.dll Has been deleted!

Attempting to delete C:\windows\system32\catovwpg.ini
C:\windows\system32\catovwpg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ctqtvuyb.dll
C:\WINDOWS\system32\ctqtvuyb.dll Has been deleted!

Attempting to delete C:\windows\system32\durdnyro.dll
C:\windows\system32\durdnyro.dll Has been deleted!

Attempting to delete C:\windows\system32\glwwjnmg.exe
C:\windows\system32\glwwjnmg.exe Has been deleted!

Attempting to delete C:\windows\system32\gpwvotac.dll
C:\windows\system32\gpwvotac.dll Has been deleted!

Attempting to delete C:\windows\system32\itgwcqtx.dll
C:\windows\system32\itgwcqtx.dll Has been deleted!

Attempting to delete C:\windows\system32\jxrjyyrk.dll
C:\windows\system32\jxrjyyrk.dll Has been deleted!

Attempting to delete C:\windows\system32\mdpfnmgw.dll
C:\windows\system32\mdpfnmgw.dll Has been deleted!

Attempting to delete C:\windows\system32\qogamitv.dll
C:\windows\system32\qogamitv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tntqsysm.dll
C:\WINDOWS\system32\tntqsysm.dll Has been deleted!

Attempting to delete C:\windows\system32\tqkpvacy.exe
C:\windows\system32\tqkpvacy.exe Has been deleted!

Attempting to delete C:\windows\system32\vuqskkpg.dll
C:\windows\system32\vuqskkpg.dll Has been deleted!

Attempting to delete C:\windows\system32\xooknyga.dll
C:\windows\system32\xooknyga.dll Has been deleted!

Attempting to delete C:\windows\system32\yabbcaa.dll
C:\windows\system32\yabbcaa.dll Has been deleted!

Performing Repairs to the registry.
Done!

=================
HiJackThis
=================

Logfile of HijackThis v1.99.1
Scan saved at 10:41:11 PM, on 8/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: gPhotoShow Toolbar - {D3FBBA39-B2CD-4A1A-81B5-E940850BDF59} - C:\Program Files\gPhotoShow Toolbar\v3.2.0.0\gPhotoShow_Toolbar.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe "
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [j1201636] rundll32 C:\WINDOWS\system32\j1201636.dll sook
O4 - HKLM\..\Run: [uvnx] c:\windows\system32\uvcx.exe
O4 - HKLM\..\Run: [NetService] C:\DOCUME~1\SETHMO~1\LOCALS~1\Temp\tmp31.tmp.exe /run
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\knriucyl.dll ",realset
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\wyuccrrb.dll ",realset
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\xigrteip.dll ",realset
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000274.exe 61A847B5BBF72810329B385475FD01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WallpaperSS] C:\Program Files\WallpaperSS\WallpaperSS.exe
O4 - HKCU\..\Run: [Shell explorer driver] C:\WINDOWS\csrss.exe
O4 - HKCU\..\Run: [Kernel Fault Safe] C:\WINDOWS\smss.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bonniesbookstore/sis/popcaploader_v10.cab
O21 - SSODL: wmpconf - {BE3759E8-0C73-41EB-A496-AD04DC72B21F} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

=================
AVG_AS
=================

I couldn't save a report on the scan for this program.

noahdfear · 2007/08/28

I missed an important step.

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

Open Spybot Search & Destroy.

In the Mode menu click "Advanced mode" if not already selected.

Choose "Yes" at the Warning prompt.

Expand the "Tools" menu.

Click "Resident ".

Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.

In the File menu click "Exit" to exit Spybot Search & Destroy.

Reboot.

Scan again with hijackThis and with all other windows closed, fix the following entries.

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [j1201636] rundll32 C:\WINDOWS\system32\j1201636.dll sook
O4 - HKLM\..\Run: [uvnx] c:\windows\system32\uvcx.exe
O4 - HKLM\..\Run: [NetService] C:\DOCUME~1\SETHMO~1\LOCALS~1\Temp\tmp31.tmp.exe /run
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\knriucyl.dll ",realset
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\wyuccrrb.dll ",realset
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\xigrteip.dll ",realset
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000274.exe 61A847B5BBF72810329B385475FD01F0B3E35B6638993F4661 AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [Shell explorer driver] C:\WINDOWS\csrss.exe
O4 - HKCU\..\Run: [Kernel Fault Safe] C:\WINDOWS\smss.exe
O21 - SSODL: wmpconf - {BE3759E8-0C73-41EB-A496-AD04DC72B21F} - (no file)

Close HijackThis.

Note: You must be logged onto an account with administrator privileges to complete the following.

Download Deckard's System Scanner (dss.exe) to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt only for now.

Open AVG-AS and click the Reports icon at the top. There should be one listed for the scan you just did. Select it, then click Save Report As. Save it to the desktop, then post it's contents as well.

Ledraisel · 2007/08/28

Deckard's System Scanner v20070826.66
Run by Seth Morel on 2007-08-28 23:31:22
Computer is in Normal Mode.
---------------------------------------------------------------
System Restore
---------------------------------------------------------------

-- Last 3 Restore Point(s) --
3: 2007-08-29 04:26:43 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2007-08-29 02:54:42 UTC - RP2 - Removed Ad-Aware 2007
1: 2007-08-28 14:41:45 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).

-- HijackThis (run as Seth Morel.exe) ---------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:34:13 PM, on 8/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\Seth Morel\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Seth Morel.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: gPhotoShow Toolbar - {D3FBBA39-B2CD-4A1A-81B5-E940850BDF59} - C:\Program Files\gPhotoShow Toolbar\v3.2.0.0\gPhotoShow_Toolbar.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe "
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WallpaperSS] C:\Program Files\WallpaperSS\WallpaperSS.exe
O4 - HKCU\..\Run: [Shell explorer driver] C:\WINDOWS\csrss.exe
O4 - HKCU\..\Run: [Kernel Fault Safe] C:\WINDOWS\smss.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bonniesbookstore/sis/popcaploader_v10.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Ledraisel · 2007/08/28

-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) ------

backup-20070430-110016-784 R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
backup-20070513-143025-889 O4 - HKCU\..\Run: [Shell explorer driver] C:\WINDOWS\csrss.exe
backup-20070824-073612-719 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
backup-20070824-073637-367 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
backup-20070824-094818-782 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
backup-20070824-094829-274 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
backup-20070824-094855-521 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
backup-20070824-094922-673 R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
backup-20070824-102928-119 O2 - BHO: (no name) - {1F164AEE-87A6-4DC8-8E9B-4C43F574DA9e} - C:\WINDOWS\system32\gumgjdct.dll
backup-20070824-102928-124 O2 - BHO: (no name) - {45326498-4A56-4DB1-A61F-84B0E33BE43f} - C:\WINDOWS\system32\tnnqwyix.dll
backup-20070824-102928-158 O2 - BHO: (no name) - {533781FA-4534-4A62-AD7F-0D96EAF5AFF6} - C:\WINDOWS\system32\gumgjdct.dll
backup-20070824-102928-170 O2 - BHO: (no name) - {376719F4-5FB2-4B1D-9859-B3864A1648A9} - (no file)
backup-20070824-102928-199 O2 - BHO: (no name) - {04185673-E7E1-4851-9952-82C93FF9454e} - C:\WINDOWS\system32\gumgjdct.dll
backup-20070824-102928-232 O2 - BHO: (no name) - {3BE50B77-3AD2-4939-93B3-FD215E92EE1c} - C:\WINDOWS\system32\gumgjdct.dll
backup-20070824-102928-255 O2 - BHO: (no name) - {5f649ad1-0675-449b-bc5c-a16185813beb} - C:\WINDOWS\system32\kbdwex.dll
backup-20070824-102928-268 O2 - BHO: (no name) - {6C1E618F-8E9E-4C30-BD7E-D825B3ECD3B1} - C:\WINDOWS\system32\gumgjdct.dll
backup-20070824-102928-347 O2 - BHO: (no name) - {6437612F-6FC3-469A-9E0B-AF8B2AF1590a} - C:\WINDOWS\system32\tnnqwyix.dll
backup-20070824-102928-361 O2 - BHO: (no name) - {24111BA2-094E-4502-9A02-FD104DA9C44e} - C:\WINDOWS\system32\tnnqwyix.dll
backup-20070824-102928-363 O2 - BHO: (no name) - {35C40C67-DA22-4486-ADE3-A6FBCD4A647d} - C:\WINDOWS\system32\gumgjdct.dll
backup-20070824-102928-384 O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
backup-20070824-102928-389 O2 - BHO: (no name) - {71419BBD-9DCC-407B-9C4B-D02C25D206D6} - C:\WINDOWS\system32\tnnqwyix.dll
backup-20070824-102928-415 O2 - BHO: (no name) - {1746AA6A-ACB9-4606-96AE-96DAF88466Af} - C:\WINDOWS\system32\gumgjdct.dll
backup-20070824-102928-443 O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
backup-20070824-102928-505 O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
backup-20070824-102928-609 O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
backup-20070824-102928-648 O2 - BHO: (no name) - {6597C9BF-2A4A-454E-AD53-7FF6FE76D21c} - C:\WINDOWS\system32\tnnqwyix.dll
backup-20070824-102928-676 O2 - BHO: (no name) - {4D31A6C0-120B-4CE6-BEBC-32339AC2F4B1} - C:\WINDOWS\system32\gumgjdct.dll
backup-20070824-102928-678 O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
backup-20070824-102928-689 O2 - BHO: (no name) - {182A11B9-76A2-47AF-A1FA-0FE3F5D2B304} - C:\WINDOWS\system32\gumgjdct.dll
backup-20070824-102928-772 O2 - BHO: (no name) - {3FA6F1B3-5382-4834-9FCA-880B4FF73695} - (no file)
backup-20070824-102928-780 O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
backup-20070824-102928-786 O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
backup-20070824-102928-819 O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
backup-20070824-102928-855 O2 - BHO: (no name) - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - (no file)
backup-20070824-102928-862 O2 - BHO: (no name) - {11FC67A5-0B2C-4CF6-B481-52A44038E7F3} - C:\WINDOWS\system32\tnnqwyix.dll
backup-20070824-102928-868 O2 - BHO: (no name) - {09915601-E5BF-4E78-B42F-D2631B040F56} - (no file)
backup-20070824-102928-873 O2 - BHO: (no name) - {4F165C56-EFD2-40AE-9FFC-93163F5E7336} - C:\WINDOWS\system32\pmnnm.dll (file missing)
backup-20070824-102928-876 O2 - BHO: (no name) - {00365668-E788-4B58-912C-FCB55DD427Ef} - C:\WINDOWS\system32\gumgjdct.dll
backup-20070824-102928-883 O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
backup-20070824-102928-885 O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
backup-20070824-102928-954 O2 - BHO: (no name) - {3EA55109-B269-48D3-BAFA-DB94DD106AEe} - C:\WINDOWS\system32\gumgjdct.dll
backup-20070824-102929-108 O2 - BHO: msnhlp32.msn_hlp - {EEFBE5D6-FEFF-4CB4-AA26-6A464090CB89} - C:\WINDOWS\system32\msnhlp32.dll
backup-20070824-102929-187 O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
backup-20070824-102929-191 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
backup-20070824-102929-220 O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
backup-20070824-102929-235 O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
backup-20070824-102929-256 O2 - BHO: (no name) - {839DB643-7847-4738-AEE0-53D5582284F9} - C:\WINDOWS\system32\gumgjdct.dll
backup-20070824-102929-267 O2 - BHO: (no name) - {83F1E8D0-4F97-4B24-A5A9-985153D9A66b} - C:\WINDOWS\system32\tnnqwyix.dll
backup-20070824-102929-290 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000274.exe 61A847B5BBF72810329B385475FD01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
backup-20070824-102929-329 O2 - BHO: (no name) - {D9F8AED2-2C30-46FC-B988-6653D01A7945} - C:\WINDOWS\system32\tnnqwyix.dll
backup-20070824-102929-331 O2 - BHO: (no name) - {8EAF1F2B-CC80-4C26-9E7F-C41F8D4CC1C0} - C:\WINDOWS\system32\gumgjdct.dll
backup-20070824-102929-379 O2 - BHO: (no name) - {E4D021E4-5524-45CA-97B1-7C81B6DC9F95} - C:\WINDOWS\system32\gumgjdct.dll
backup-20070824-102929-385 O2 - BHO: (no name) - {B5976215-D50F-4862-9CAB-A6812C7B0C10} - C:\WINDOWS\system32\tnnqwyix.dll
backup-20070824-102929-400 O2 - BHO: (no name) - {E355B7D0-33A9-42E0-8330-9CD303391A72} - C:\WINDOWS\system32\gumgjdct.dll
backup-20070824-102929-407 O4 - HKLM\..\Run: [uvnx] c:\windows\system32\uvcx.exe
backup-20070824-102929-413 O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
backup-20070824-102929-423 O2 - BHO: (no name) - {BC9FD704-E10D-4FEF-82F0-18907616BDDD} - (no file)
backup-20070824-102929-440 O2 - BHO: (no name) - {9B076719-B242-4B5C-B915-7CEFBF2B17A9} - C:\WINDOWS\system32\gumgjdct.dll
backup-20070824-102929-469 O2 - BHO: (no name) - {BCA09D05-0292-49DE-AA3D-FB1218863B35} - C:\WINDOWS\system32\tnnqwyix.dll
backup-20070824-102929-474 O2 - BHO: (no name) - {7C7A422B-CC85-423C-91C3-FBF5B399D00c} - C:\WINDOWS\system32\gumgjdct.dll
backup-20070824-102929-501 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
backup-20070824-102929-505 O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\xigrteip.dll ",realset
backup-20070824-102929-647 O4 - HKLM\..\Run: [j1201636] rundll32 C:\WINDOWS\system32\j1201636.dll sook
backup-20070824-102929-675 O2 - BHO: (no name) - {9E1E6F17-E15F-4D0D-B3CA-D3A12D7C4CA7} - C:\WINDOWS\system32\tnnqwyix.dll
backup-20070824-102929-677 O2 - BHO: (no name) - {75AE4CE1-B6D5-4EF2-BACA-1879502B3734} - (no file)
backup-20070824-102929-685 O3 - Toolbar: gPhotoShow Toolbar - {D3FBBA39-B2CD-4A1A-81B5-E940850BDF59} - C:\Program Files\gPhotoShow Toolbar\v3.2.0.0\gPhotoShow_Toolbar.dll
backup-20070824-102929-690 O2 - BHO: (no name) - {9D087A3F-947C-46F4-AD6C-3A210B7569D9} - C:\WINDOWS\system32\gumgjdct.dll
backup-20070824-102929-704 O4 - HKLM\..\Run: [NetService] C:\DOCUME~1\SETHMO~1\LOCALS~1\Temp\tmp31.tmp.exe /run
backup-20070824-102929-718 O2 - BHO: (no name) - {95C9EA32-27B1-4DE6-8679-B2D4623475E7} - C:\WINDOWS\system32\tnnqwyix.dll
backup-20070824-102929-751 O4 - HKCU\..\Run: [Kernel Fault Safe] C:\WINDOWS\smss.exe
backup-20070824-102929-768 O2 - BHO: (no name) - {D2F270F0-F50B-4B9D-96BE-8558F3F0225e} - C:\WINDOWS\system32\gumgjdct.dll
backup-20070824-102929-772 O2 - BHO: (no name) - {BBD798CE-71D0-44FF-8B5B-6F4F2776781d} - C:\WINDOWS\system32\tnnqwyix.dll
backup-20070824-102929-790 O2 - BHO: (no name) - {92CC00F0-20D0-4E5A-AD02-058F11219445} - C:\WINDOWS\system32\gumgjdct.dll
backup-20070824-102929-806 O2 - BHO: (no name) - {D929051E-18DC-488B-935E-F2A0D8E3EC6a} - C:\WINDOWS\system32\gumgjdct.dll
backup-20070824-102929-826 O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\wyuccrrb.dll ",realset
backup-20070824-102929-857 O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
backup-20070824-102929-860 O2 - BHO: (no name) - {A70F155D-1148-4C68-9713-DA5D1A3537Aa} - C:\WINDOWS\system32\gumgjdct.dll
backup-20070824-102929-864 O2 - BHO: (no name) - {C1303583-030E-4501-83C6-CF6B6ADB3AF1} - C:\WINDOWS\system32\tnnqwyix.dll
backup-20070824-102929-869 O2 - BHO: (no name) - {D3F76CAF-07FF-4C74-83E2-2D8F97689BB7} - C:\WINDOWS\system32\tnnqwyix.dll
backup-20070824-102929-884 O2 - BHO: (no name) - {DE82D7C1-55BC-4C92-8506-50460FB5D103} - C:\WINDOWS\system32\tnnqwyix.dll
backup-20070824-102929-928 O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
backup-20070824-102929-931 O2 - BHO: (no name) - {AA4ACDD9-284A-4FFF-B060-3EF35C4986C1} - C:\WINDOWS\system32\tnnqwyix.dll
backup-20070824-102929-941 O2 - BHO: gPhotoShow Toolbar Helper - {D6D45128-E25E-4036-90D1-F43872902148} - C:\Program Files\gPhotoShow Toolbar\v3.2.0.0\gPhotoShow_Toolbar.dll
backup-20070824-102929-967 O2 - BHO: (no name) - {D3A80290-E398-423A-9518-070353CB9104} - C:\WINDOWS\system32\tnnqwyix.dll
backup-20070824-102929-975 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
backup-20070824-102929-978 O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\knriucyl.dll ",realset
backup-20070824-102929-984 O2 - BHO: (no name) - {B4D19308-8FB1-4A98-9862-599D265ACEB3} - C:\WINDOWS\system32\gumgjdct.dll
backup-20070824-102930-130 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
backup-20070824-102930-572 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20070824-102930-723 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20070824-102931-176 O23 - Service: DomainService - Unknown owner - C:\DOCUME~1\SETHMO~1\LOCALS~1\Temp\tmpA5.tmp.exe (file missing)
backup-20070824-102931-642 O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
backup-20070824-102931-720 O23 - Service: AFSEGTGF Windows Service - Unknown owner - C:\WINDOWS\system32\dsius.exe
backup-20070824-102931-916 O21 - SSODL: wmpconf - {B17DF417-B3CC-4475-AB08-4EFE22603D77} - C:\WINDOWS\wmpconf.dll
backup-20070824-104626-119 O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
backup-20070824-104626-131 O2 - BHO: (no name) - {9D087A3F-947C-46F4-AD6C-3A210B7569D9} - (no file)
backup-20070824-104626-150 O2 - BHO: (no name) - {09915601-E5BF-4E78-B42F-D2631B040F56} - (no file)
backup-20070824-104626-151 O2 - BHO: (no name) - {DE82D7C1-55BC-4C92-8506-50460FB5D103} - (no file)
backup-20070824-104626-156 O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
backup-20070824-104626-159 O2 - BHO: (no name) - {11FC67A5-0B2C-4CF6-B481-52A44038E7F3} - (no file)
backup-20070824-104626-187 O2 - BHO: (no name) - {839DB643-7847-4738-AEE0-53D5582284F9} - (no file)
backup-20070824-104626-215 O2 - BHO: (no name) - {D3A80290-E398-423A-9518-070353CB9104} - (no file)
backup-20070824-104626-225 O2 - BHO: (no name) - {1F164AEE-87A6-4DC8-8E9B-4C43F574DA9e} - (no file)
backup-20070824-104626-240 O2 - BHO: (no name) - {35C40C67-DA22-4486-ADE3-A6FBCD4A647d} - (no file)
backup-20070824-104626-241 O2 - BHO: (no name) - {E4D021E4-5524-45CA-97B1-7C81B6DC9F95} - (no file)
backup-20070824-104626-294 O2 - BHO: (no name) - {182A11B9-76A2-47AF-A1FA-0FE3F5D2B304} - (no file)
backup-20070824-104626-314 O2 - BHO: (no name) - {00365668-E788-4B58-912C-FCB55DD427Ef} - (no file)
backup-20070824-104626-326 O2 - BHO: (no name) - {92CC00F0-20D0-4E5A-AD02-058F11219445} - (no file)
backup-20070824-104626-334 O2 - BHO: (no name) - {9B076719-B242-4B5C-B915-7CEFBF2B17A9} - (no file)
backup-20070824-104626-336 O2 - BHO: (no name) - {04185673-E7E1-4851-9952-82C93FF9454e} - (no file)
backup-20070824-104626-364 O2 - BHO: (no name) - {D6D45128-E25E-4036-90D1-F43872902148} - (no file)
backup-20070824-104626-369 O2 - BHO: (no name) - {83F1E8D0-4F97-4B24-A5A9-985153D9A66b} - (no file)
backup-20070824-104626-426 O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
backup-20070824-104626-440 O2 - BHO: (no name) - {EEFBE5D6-FEFF-4CB4-AA26-6A464090CB89} - (no file)
backup-20070824-104626-444 O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
backup-20070824-104626-450 O2 - BHO: (no name) - {6597C9BF-2A4A-454E-AD53-7FF6FE76D21c} - (no file)
backup-20070824-104626-459 O2 - BHO: (no name) - {8EAF1F2B-CC80-4C26-9E7F-C41F8D4CC1C0} - (no file)
backup-20070824-104626-460 O2 - BHO: (no name) - {BCA09D05-0292-49DE-AA3D-FB1218863B35} - (no file)
backup-20070824-104626-475 O2 - BHO: (no name) - {BC9FD704-E10D-4FEF-82F0-18907616BDDD} - (no file)
backup-20070824-104626-488 O2 - BHO: (no name) - {6C1E618F-8E9E-4C30-BD7E-D825B3ECD3B1} - (no file)
backup-20070824-104626-503 O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
backup-20070824-104626-507 O2 - BHO: (no name) - {D3F76CAF-07FF-4C74-83E2-2D8F97689BB7} - (no file)
backup-20070824-104626-516 O2 - BHO: (no name) - {3FA6F1B3-5382-4834-9FCA-880B4FF73695} - (no file)
backup-20070824-104626-535 O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
backup-20070824-104626-556 O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
backup-20070824-104626-559 O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
backup-20070824-104626-563 O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
backup-20070824-104626-580 O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
backup-20070824-104626-597 O2 - BHO: (no name) - {3BE50B77-3AD2-4939-93B3-FD215E92EE1c} - (no file)
backup-20070824-104626-625 O2 - BHO: (no name) - {1746AA6A-ACB9-4606-96AE-96DAF88466Af} - (no file)
backup-20070824-104626-642 O2 - BHO: (no name) - {BBD798CE-71D0-44FF-8B5B-6F4F2776781d} - (no file)
backup-20070824-104626-658 O2 - BHO: (no name) - {4D31A6C0-120B-4CE6-BEBC-32339AC2F4B1} - (no file)
backup-20070824-104626-670 O2 - BHO: (no name) - {376719F4-5FB2-4B1D-9859-B3864A1648A9} - (no file)
backup-20070824-104626-687 O2 - BHO: (no name) - {95C9EA32-27B1-4DE6-8679-B2D4623475E7} - (no file)
backup-20070824-104626-699 O2 - BHO: (no name) - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - (no file)
backup-20070824-104626-700 O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
backup-20070824-104626-710 O2 - BHO: (no name) - {D929051E-18DC-488B-935E-F2A0D8E3EC6a} - (no file)
backup-20070824-104626-713 O2 - BHO: (no name) - {71419BBD-9DCC-407B-9C4B-D02C25D206D6} - (no file)
backup-20070824-104626-717 O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
backup-20070824-104626-734 O2 - BHO: (no name) - {D2F270F0-F50B-4B9D-96BE-8558F3F0225e} - (no file)
backup-20070824-104626-740 O2 - BHO: (no name) - {9E1E6F17-E15F-4D0D-B3CA-D3A12D7C4CA7} - (no file)
backup-20070824-104626-747 O2 - BHO: (no name) - {7C7A422B-CC85-423C-91C3-FBF5B399D00c} - (no file)
backup-20070824-104626-755 O2 - BHO: (no name) - {D9F8AED2-2C30-46FC-B988-6653D01A7945} - (no file)
backup-20070824-104626-770 O2 - BHO: (no name) - {C1303583-030E-4501-83C6-CF6B6ADB3AF1} - (no file)
backup-20070824-104626-774 O2 - BHO: (no name) - {75AE4CE1-B6D5-4EF2-BACA-1879502B3734} - (no file)
backup-20070824-104626-787 O2 - BHO: (no name) - {E355B7D0-33A9-42E0-8330-9CD303391A72} - (no file)
backup-20070824-104626-841 O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
backup-20070824-104626-844 O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
backup-20070824-104626-851 O2 - BHO: (no name) - {45326498-4A56-4DB1-A61F-84B0E33BE43f} - (no file)
backup-20070824-104626-872 O2 - BHO: (no name) - {3EA55109-B269-48D3-BAFA-DB94DD106AEe} - (no file)
backup-20070824-104626-879 O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
backup-20070824-104626-892 O2 - BHO: (no name) - {B4D19308-8FB1-4A98-9862-599D265ACEB3} - (no file)
backup-20070824-104626-894 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
backup-20070824-104626-914 O2 - BHO: (no name) - {A70F155D-1148-4C68-9713-DA5D1A3537Aa} - (no file)
backup-20070824-104626-924 O2 - BHO: (no name) - {AA4ACDD9-284A-4FFF-B060-3EF35C4986C1} - (no file)
backup-20070824-104626-928 O2 - BHO: (no name) - {533781FA-4534-4A62-AD7F-0D96EAF5AFF6} - (no file)
backup-20070824-104626-932 O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
backup-20070824-104626-977 O2 - BHO: (no name) - {6437612F-6FC3-469A-9E0B-AF8B2AF1590a} - (no file)
backup-20070824-104626-980 O2 - BHO: (no name) - {24111BA2-094E-4502-9A02-FD104DA9C44e} - (no file)
backup-20070824-104626-989 O2 - BHO: (no name) - {B5976215-D50F-4862-9CAB-A6812C7B0C10} - (no file)
backup-20070824-104648-237 O3 - Toolbar: gPhotoShow Toolbar - {D3FBBA39-B2CD-4A1A-81B5-E940850BDF59} - C:\Program Files\gPhotoShow Toolbar\v3.2.0.0\gPhotoShow_Toolbar.dll (file missing)
backup-20070824-111314-535 O4 - HKLM\..\Run: [NetService] C:\DOCUME~1\SETHMO~1\LOCALS~1\Temp\tmp31.tmp.exe /run
backup-20070824-111314-798 O4 - HKLM\..\Run: [uvnx] c:\windows\system32\uvcx.exe
backup-20070824-111345-179 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
backup-20070824-111454-113 O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\xigrteip.dll ",realset
backup-20070824-111454-211 O4 - HKLM\..\Run: [j1201636] rundll32 C:\WINDOWS\system32\j1201636.dll sook
backup-20070824-111454-568 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000274.exe 61A847B5BBF72810329B385475FD01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
backup-20070824-111532-622 O21 - SSODL: wmpconf - {F61D5388-6387-48BA-9CA1-0C39782F410E} - C:\WINDOWS\wmpconf.dll
backup-20070824-111549-484 O21 - SSODL: wmpconf - {9305D036-DA24-4438-B6A6-47F0F06659D3} - C:\WINDOWS\wmpconf.dll
backup-20070824-111600-504 O21 - SSODL: wmpconf - {629EB2E7-8816-47FB-8C5E-5B8CE2C5F3C2} - C:\WINDOWS\wmpconf.dll
backup-20070824-191350-110 O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
backup-20070824-191350-115 O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
backup-20070824-191350-142 O2 - BHO: (no name) - {D2F270F0-F50B-4B9D-96BE-8558F3F0225e} - (no file)
backup-20070824-191350-152 O2 - BHO: (no name) - {4D31A6C0-120B-4CE6-BEBC-32339AC2F4B1} - (no file)
backup-20070824-191350-154 O2 - BHO: (no name) - {DE82D7C1-55BC-4C92-8506-50460FB5D103} - (no file)
backup-20070824-191350-166 O2 - BHO: (no name) - {BC9FD704-E10D-4FEF-82F0-18907616BDDD} - (no file)
backup-20070824-191350-176 O2 - BHO: (no name) - {09915601-E5BF-4E78-B42F-D2631B040F56} - (no file)
backup-20070824-191350-177 O2 - BHO: (no name) - {6C1E618F-8E9E-4C30-BD7E-D825B3ECD3B1} - (no file)
backup-20070824-191350-188 O2 - BHO: (no name) - {D3A80290-E398-423A-9518-070353CB9104} - (no file)
backup-20070824-191350-202 O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
backup-20070824-191350-203 O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
backup-20070824-191350-251 O2 - BHO: (no name) - {1F164AEE-87A6-4DC8-8E9B-4C43F574DA9e} - (no file)
backup-20070824-191350-258 O2 - BHO: (no name) - {182A11B9-76A2-47AF-A1FA-0FE3F5D2B304} - (no file)
backup-20070824-191350-266 O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
backup-20070824-191350-273 O2 - BHO: (no name) - {839DB643-7847-4738-AEE0-53D5582284F9} - (no file)
backup-20070824-191350-308 O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
backup-20070824-191350-326 O2 - BHO: (no name) - {BBD798CE-71D0-44FF-8B5B-6F4F2776781d} - (no file)
backup-20070824-191350-339 O2 - BHO: (no name) - {8EAF1F2B-CC80-4C26-9E7F-C41F8D4CC1C0} - (no file)
backup-20070824-191350-359 O2 - BHO: (no name) - {A70F155D-1148-4C68-9713-DA5D1A3537Aa} - (no file)
backup-20070824-191350-361 O2 - BHO: (no name) - {04185673-E7E1-4851-9952-82C93FF9454e} - (no file)
backup-20070824-191350-380 O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
backup-20070824-191350-392 O2 - BHO: (no name) - {9B076719-B242-4B5C-B915-7CEFBF2B17A9} - (no file)
backup-20070824-191350-461 O2 - BHO: (no name) - {71419BBD-9DCC-407B-9C4B-D02C25D206D6} - (no file)
backup-20070824-191350-467 O2 - BHO: (no name) - {11FC67A5-0B2C-4CF6-B481-52A44038E7F3} - (no file)
backup-20070824-191350-490 O2 - BHO: (no name) - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - (no file)
backup-20070824-191350-491 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
backup-20070824-191350-512 O2 - BHO: (no name) - {3EA55109-B269-48D3-BAFA-DB94DD106AEe} - (no file)
backup-20070824-191350-531 O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
backup-20070824-191350-544 O2 - BHO: (no name) - {9E1E6F17-E15F-4D0D-B3CA-D3A12D7C4CA7} - (no file)
backup-20070824-191350-551 O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
backup-20070824-191350-558 O2 - BHO: (no name) - {E355B7D0-33A9-42E0-8330-9CD303391A72} - (no file)
backup-20070824-191350-566 O2 - BHO: (no name) - {9D087A3F-947C-46F4-AD6C-3A210B7569D9} - (no file)
backup-20070824-191350-571 O2 - BHO: (no name) - {EEFBE5D6-FEFF-4CB4-AA26-6A464090CB89} - (no file)
backup-20070824-191350-576 O2 - BHO: (no name) - {45326498-4A56-4DB1-A61F-84B0E33BE43f} - (no file)
backup-20070824-191350-583 O2 - BHO: (no name) - {D3F76CAF-07FF-4C74-83E2-2D8F97689BB7} - (no file)
backup-20070824-191350-589 O2 - BHO: (no name) - {1746AA6A-ACB9-4606-96AE-96DAF88466Af} - (no file)
backup-20070824-191350-600 O2 - BHO: (no name) - {D6D45128-E25E-4036-90D1-F43872902148} - (no file)
backup-20070824-191350-633 O2 - BHO: (no name) - {35C40C67-DA22-4486-ADE3-A6FBCD4A647d} - (no file)
backup-20070824-191350-647 O2 - BHO: (no name) - {BCA09D05-0292-49DE-AA3D-FB1218863B35} - (no file)
backup-20070824-191350-655 O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
backup-20070824-191350-658 O2 - BHO: (no name) - {B4D19308-8FB1-4A98-9862-599D265ACEB3} - (no file)
backup-20070824-191350-676 O2 - BHO: (no name) - {83F1E8D0-4F97-4B24-A5A9-985153D9A66b} - (no file)
backup-20070824-191350-689 O2 - BHO: (no name) - {D929051E-18DC-488B-935E-F2A0D8E3EC6a} - (no file)
backup-20070824-191350-726 O2 - BHO: (no name) - {92CC00F0-20D0-4E5A-AD02-058F11219445} - (no file)
backup-20070824-191350-742 O2 - BHO: (no name) - {24111BA2-094E-4502-9A02-FD104DA9C44e} - (no file)
backup-20070824-191350-757 O2 - BHO: (no name) - {533781FA-4534-4A62-AD7F-0D96EAF5AFF6} - (no file)
backup-20070824-191350-779 O2 - BHO: (no name) - {00365668-E788-4B58-912C-FCB55DD427Ef} - (no file)
backup-20070824-191350-783 O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
backup-20070824-191350-796 O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
backup-20070824-191350-817 O2 - BHO: (no name) - {E4D021E4-5524-45CA-97B1-7C81B6DC9F95} - (no file)
backup-20070824-191350-847 O2 - BHO: (no name) - {3FA6F1B3-5382-4834-9FCA-880B4FF73695} - (no file)
backup-20070824-191350-852 O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
backup-20070824-191350-868 O2 - BHO: (no name) - {3BE50B77-3AD2-4939-93B3-FD215E92EE1c} - (no file)
backup-20070824-191350-874 O2 - BHO: (no name) - {75AE4CE1-B6D5-4EF2-BACA-1879502B3734} - (no file)
backup-20070824-191350-875 O2 - BHO: (no name) - {376719F4-5FB2-4B1D-9859-B3864A1648A9} - (no file)
backup-20070824-191350-891 O2 - BHO: (no name) - {6597C9BF-2A4A-454E-AD53-7FF6FE76D21c} - (no file)
backup-20070824-191350-893 O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
backup-20070824-191350-902 O2 - BHO: (no name) - {7C7A422B-CC85-423C-91C3-FBF5B399D00c} - (no file)
backup-20070824-191350-907 O2 - BHO: (no name) - {B5976215-D50F-4862-9CAB-A6812C7B0C10} - (no file)
backup-20070824-191350-924 O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
backup-20070824-191350-935 O2 - BHO: (no name) - {AA4ACDD9-284A-4FFF-B060-3EF35C4986C1} - (no file)
backup-20070824-191350-939 O2 - BHO: (no name) - {C1303583-030E-4501-83C6-CF6B6ADB3AF1} - (no file)
backup-20070824-191350-956 O2 - BHO: (no name) - {D9F8AED2-2C30-46FC-B988-6653D01A7945} - (no file)
backup-20070824-191350-966 O2 - BHO: (no name) - {6437612F-6FC3-469A-9E0B-AF8B2AF1590a} - (no file)
backup-20070824-191350-978 O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
backup-20070824-191350-986 O2 - BHO: (no name) - {95C9EA32-27B1-4DE6-8679-B2D4623475E7} - (no file)
backup-20070824-191447-387 O4 - HKLM\..\Run: [uvnx] c:\windows\system32\uvcx.exe
backup-20070824-191447-449 O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\xigrteip.dll ",realset
backup-20070824-191447-571 O4 - HKLM\..\Run: [j1201636] rundll32 C:\WINDOWS\system32\j1201636.dll sook
backup-20070824-191447-817 O4 - HKLM\..\Run: [NetService] C:\DOCUME~1\SETHMO~1\LOCALS~1\Temp\tmp31.tmp.exe /run
backup-20070824-191447-927 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000274.exe 61A847B5BBF72810329B385475FD01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
backup-20070824-191457-755 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
backup-20070824-191538-856 O21 - SSODL: wmpconf - {04FEE6AA-4501-46CD-81A4-A07F43319673} - C:\WINDOWS\wmpconf.dll
backup-20070824-191948-196 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
backup-20070824-191948-828 O20 - Winlogon Notify: pmnnm - C:\WINDOWS\
backup-20070824-191948-886 O20 - Winlogon Notify: mljigee - C:\WINDOWS\
backup-20070824-191948-951 O20 - Winlogon Notify: kbdwex - C:\WINDOWS\SYSTEM32\kbdwex.dll
backup-20070824-191949-222 O21 - SSODL: wmpconf - {9DADCF93-E575-49EE-985C-AC801CBC5E75} - C:\WINDOWS\wmpconf.dll
backup-20070824-191949-882 O23 - Service: AFSEGTGF Windows Service -

Ledraisel · 2007/08/28

Unknown owner - C:\WINDOWS\system32\dsius.exe
backup-20070824-192005-538 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
backup-20070824-192541-195 O21 - SSODL: wmpconf - {B8B1F4DD-9157-4872-ADB9-9E86E1DA84C5} - C:\WINDOWS\wmpconf.dll
backup-20070824-192552-159 R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
backup-20070824-192552-400 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
backup-20070824-192552-746 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
backup-20070824-192552-848 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
backup-20070824-192552-923 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
backup-20070824-192610-712 O20 - Winlogon Notify: kbdwex - C:\WINDOWS\SYSTEM32\kbdwex.dll
backup-20070824-192636-463 O23 - Service: AFSEGTGF Windows Service - Unknown owner - C:\WINDOWS\system32\dsius.exe
backup-20070824-192636-734 O20 - Winlogon Notify: kbdwex - C:\WINDOWS\SYSTEM32\kbdwex.dll
backup-20070824-192636-969 O21 - SSODL: wmpconf - {279FAE26-2233-4097-BF7C-13FD114DE53C} - C:\WINDOWS\wmpconf.dll
backup-20070827-095427-103 O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
backup-20070827-095427-108 O2 - BHO: (no name) - {24111BA2-094E-4502-9A02-FD104DA9C44e} - (no file)
backup-20070827-095427-115 O2 - BHO: (no name) - {09915601-E5BF-4E78-B42F-D2631B040F56} - (no file)
backup-20070827-095427-117 O2 - BHO: (no name) - {D9F8AED2-2C30-46FC-B988-6653D01A7945} - (no file)
backup-20070827-095427-132 O2 - BHO: (no name) - {E4D021E4-5524-45CA-97B1-7C81B6DC9F95} - (no file)
backup-20070827-095427-137 O2 - BHO: (no name) - {71419BBD-9DCC-407B-9C4B-D02C25D206D6} - (no file)
backup-20070827-095427-143 O2 - BHO: (no name) - {D6D45128-E25E-4036-90D1-F43872902148} - (no file)
backup-20070827-095427-156 O2 - BHO: (no name) - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - (no file)
backup-20070827-095427-192 O2 - BHO: (no name) - {BCA09D05-0292-49DE-AA3D-FB1218863B35} - (no file)
backup-20070827-095427-207 O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
backup-20070827-095427-230 O2 - BHO: (no name) - {04185673-E7E1-4851-9952-82C93FF9454e} - (no file)
backup-20070827-095427-240 O2 - BHO: (no name) - {3EA55109-B269-48D3-BAFA-DB94DD106AEe} - (no file)
backup-20070827-095427-263 O2 - BHO: (no name) - {533781FA-4534-4A62-AD7F-0D96EAF5AFF6} - (no file)
backup-20070827-095427-265 O2 - BHO: (no name) - {839DB643-7847-4738-AEE0-53D5582284F9} - (no file)
backup-20070827-095427-269 O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\lwjnodmf.dll
backup-20070827-095427-303 O2 - BHO: (no name) - {35C40C67-DA22-4486-ADE3-A6FBCD4A647d} - (no file)
backup-20070827-095427-319 O2 - BHO: (no name) - {92CC00F0-20D0-4E5A-AD02-058F11219445} - (no file)
backup-20070827-095427-335 O2 - BHO: (no name) - {BC9FD704-E10D-4FEF-82F0-18907616BDDD} - (no file)
backup-20070827-095427-363 O4 - HKLM\..\Run: [NetService] C:\DOCUME~1\SETHMO~1\LOCALS~1\Temp\tmp31.tmp.exe /run
backup-20070827-095427-365 O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
backup-20070827-095427-370 O2 - BHO: (no name) - {3BE50B77-3AD2-4939-93B3-FD215E92EE1c} - (no file)
backup-20070827-095427-371 O2 - BHO: (no name) - {1F164AEE-87A6-4DC8-8E9B-4C43F574DA9e} - (no file)
backup-20070827-095427-380 O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
backup-20070827-095427-382 O2 - BHO: (no name) - {11FC67A5-0B2C-4CF6-B481-52A44038E7F3} - (no file)
backup-20070827-095427-385 O20 - Winlogon Notify: kbdwex - C:\WINDOWS\SYSTEM32\kbdwex.dll
backup-20070827-095427-388 O2 - BHO: (no name) - {6437612F-6FC3-469A-9E0B-AF8B2AF1590a} - (no file)
backup-20070827-095427-416 O2 - BHO: (no name) - {00365668-E788-4B58-912C-FCB55DD427Ef} - (no file)
backup-20070827-095427-475 O2 - BHO: (no name) - {B4D19308-8FB1-4A98-9862-599D265ACEB3} - (no file)
backup-20070827-095427-490 O2 - BHO: (no name) - {AA4ACDD9-284A-4FFF-B060-3EF35C4986C1} - (no file)
backup-20070827-095427-492 O2 - BHO: (no name) - {95C9EA32-27B1-4DE6-8679-B2D4623475E7} - (no file)
backup-20070827-095427-510 O2 - BHO: (no name) - {45326498-4A56-4DB1-A61F-84B0E33BE43f} - (no file)
backup-20070827-095427-518 O2 - BHO: (no name) - {9E1E6F17-E15F-4D0D-B3CA-D3A12D7C4CA7} - (no file)
backup-20070827-095427-538 O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
backup-20070827-095427-555 O2 - BHO: (no name) - {182A11B9-76A2-47AF-A1FA-0FE3F5D2B304} - (no file)
backup-20070827-095427-561 O2 - BHO: (no name) - {1746AA6A-ACB9-4606-96AE-96DAF88466Af} - (no file)
backup-20070827-095427-562 O2 - BHO: (no name) - {EEFBE5D6-FEFF-4CB4-AA26-6A464090CB89} - (no file)
backup-20070827-095427-578 O2 - BHO: (no name) - {376719F4-5FB2-4B1D-9859-B3864A1648A9} - (no file)
backup-20070827-095427-583 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
backup-20070827-095427-590 O2 - BHO: (no name) - {D2F270F0-F50B-4B9D-96BE-8558F3F0225e} - (no file)
backup-20070827-095427-603 O2 - BHO: (no name) - {75AE4CE1-B6D5-4EF2-BACA-1879502B3734} - (no file)
backup-20070827-095427-609 O2 - BHO: (no name) - {E355B7D0-33A9-42E0-8330-9CD303391A72} - (no file)
backup-20070827-095427-631 O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
backup-20070827-095427-632 O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
backup-20070827-095427-653 O2 - BHO: (no name) - {83F1E8D0-4F97-4B24-A5A9-985153D9A66b} - (no file)
backup-20070827-095427-654 O2 - BHO: (no name) - {4D31A6C0-120B-4CE6-BEBC-32339AC2F4B1} - (no file)
backup-20070827-095427-657 O2 - BHO: (no name) - {A70F155D-1148-4C68-9713-DA5D1A3537Aa} - (no file)
backup-20070827-095427-678 O2 - BHO: (no name) - {D3A80290-E398-423A-9518-070353CB9104} - (no file)
backup-20070827-095427-683 O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
backup-20070827-095427-710 O2 - BHO: (no name) - {8EAF1F2B-CC80-4C26-9E7F-C41F8D4CC1C0} - (no file)
backup-20070827-095427-722 O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
backup-20070827-095427-738 O2 - BHO: (no name) - {3FA6F1B3-5382-4834-9FCA-880B4FF73695} - (no file)
backup-20070827-095427-749 O2 - BHO: (no name) - {BBD798CE-71D0-44FF-8B5B-6F4F2776781d} - (no file)
backup-20070827-095427-772 O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
backup-20070827-095427-783 O2 - BHO: (no name) - {9B076719-B242-4B5C-B915-7CEFBF2B17A9} - (no file)
backup-20070827-095427-785 O2 - BHO: (no name) - {B5976215-D50F-4862-9CAB-A6812C7B0C10} - (no file)
backup-20070827-095427-786 O3 - Toolbar: gPhotoShow Toolbar - {D3FBBA39-B2CD-4A1A-81B5-E940850BDF59} - C:\Program Files\gPhotoShow Toolbar\v3.2.0.0\gPhotoShow_Toolbar.dll (file missing)
backup-20070827-095427-800 O2 - BHO: (no name) - {6597C9BF-2A4A-454E-AD53-7FF6FE76D21c} - (no file)
backup-20070827-095427-815 O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
backup-20070827-095427-825 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2

Ledraisel · 2007/08/28

backup-20070827-095427-828 O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
backup-20070827-095427-855 O2 - BHO: (no name) - {5f649ad1-0675-449b-bc5c-a16185813beb} - C:\WINDOWS\system32\kbdwex.dll
backup-20070827-095427-856 O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
backup-20070827-095427-858 O2 - BHO: (no name) - {D929051E-18DC-488B-935E-F2A0D8E3EC6a} - (no file)
backup-20070827-095427-865 O4 - HKLM\..\Run: [uvnx] c:\windows\system32\uvcx.exe
backup-20070827-095427-869 O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\xigrteip.dll ",realset
backup-20070827-095427-872 O2 - BHO: (no name) - {DE82D7C1-55BC-4C92-8506-50460FB5D103} - (no file)
backup-20070827-095427-886 O2 - BHO: (no name) - {C1303583-030E-4501-83C6-CF6B6ADB3AF1} - (no file)
backup-20070827-095427-892 O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
backup-20070827-095427-905 O2 - BHO: (no name) - {7C7A422B-CC85-423C-91C3-FBF5B399D00c} - (no file)
backup-20070827-095427-909 O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
backup-20070827-095427-913 O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
backup-20070827-095427-941 O2 - BHO: (no name) - {9D087A3F-947C-46F4-AD6C-3A210B7569D9} - (no file)
backup-20070827-095427-945 O2 - BHO: (no name) - {D3F76CAF-07FF-4C74-83E2-2D8F97689BB7} - (no file)
backup-20070827-095427-948 O2 - BHO: (no name) - {6C1E618F-8E9E-4C30-BD7E-D825B3ECD3B1} - (no file)
backup-20070827-095427-949 O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
backup-20070827-095427-968 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\
backup-20070827-095428-516 O20 - Winlogon Notify: mljigee - C:\WINDOWS\
backup-20070827-095428-519 O21 - SSODL: wmpconf - {5C340722-E604-40F0-8B92-2A99A5C5A8E6} - C:\WINDOWS\wmpconf.dll
backup-20070827-095428-674 O20 - Winlogon Notify: pmnnm - C:\WINDOWS\
backup-20070827-095747-418 O21 - SSODL: wmpconf - {E2A8F91E-6B6B-4D51-8CFC-B68BFA515F96} - C:\WINDOWS\wmpconf.dll
backup-20070828-075118-169 O2 - BHO: (no name) - {6437612F-6FC3-469A-9E0B-AF8B2AF1590a} - (no file)
backup-20070828-075118-182 O2 - BHO: (no name) - {EEFBE5D6-FEFF-4CB4-AA26-6A464090CB89} - (no file)
backup-20070828-075118-190 O2 - BHO: (no name) - {4D31A6C0-120B-4CE6-BEBC-32339AC2F4B1} - (no file)
backup-20070828-075118-197 O2 - BHO: (no name) - {6597C9BF-2A4A-454E-AD53-7FF6FE76D21c} - (no file)
backup-20070828-075118-205 O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
backup-20070828-075118-207 O2 - BHO: (no name) - {3FA6F1B3-5382-4834-9FCA-880B4FF73695} - (no file)
backup-20070828-075118-210 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000274.exe 61A847B5BBF72810329B385475FD01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
backup-20070828-075118-216 O2 - BHO: (no name) - {83F1E8D0-4F97-4B24-A5A9-985153D9A66b} - (no file)
backup-20070828-075118-246 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\
backup-20070828-075118-248 O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
backup-20070828-075118-254 O2 - BHO: (no name) - {35C40C67-DA22-4486-ADE3-A6FBCD4A647d} - (no file)
backup-20070828-075118-276 O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
backup-20070828-075118-326 O2 - BHO: (no name) - {839DB643-7847-4738-AEE0-53D5582284F9} - (no file)
backup-20070828-075118-327 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
backup-20070828-075118-329 O2 - BHO: (no name) - {1F164AEE-87A6-4DC8-8E9B-4C43F574DA9e} - (no file)
backup-20070828-075118-336 O2 - BHO: (no name) - {75AE4CE1-B6D5-4EF2-BACA-1879502B3734} - (no file)
backup-20070828-075118-354 O2 - BHO: (no name) - {D2F270F0-F50B-4B9D-96BE-8558F3F0225e} - (no file)
backup-20070828-075118-361 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20070828-075118-368 O2 - BHO: (no name) - {D3F76CAF-07FF-4C74-83E2-2D8F97689BB7} - (no file)
backup-20070828-075118-378 O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
backup-20070828-075118-388 O4 - HKLM\..\Run: [NetService] C:\DOCUME~1\SETHMO~1\LOCALS~1\Temp\tmp31.tmp.exe /run
backup-20070828-075118-397 O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
backup-20070828-075118-404 O2 - BHO: (no name) - {A70F155D-1148-4C68-9713-DA5D1A3537Aa} - (no file)
backup-20070828-075118-408 O2 - BHO: (no name) - {BBD798CE-71D0-44FF-8B5B-6F4F2776781d} - (no file)
backup-20070828-075118-419 O2 - BHO: (no name) - {9E1E6F17-E15F-4D0D-B3CA-D3A12D7C4CA7} - (no file)
backup-20070828-075118-432 O2 - BHO: (no name) - {B5976215-D50F-4862-9CAB-A6812C7B0C10} - (no file)
backup-20070828-075118-435 O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - (no file)
backup-20070828-075118-436 O2 - BHO: (no name) - {3EA55109-B269-48D3-BAFA-DB94DD106AEe} - (no file)
backup-20070828-075118-439 O2 - BHO: (no name) - {1746AA6A-ACB9-4606-96AE-96DAF88466Af} - (no file)
backup-20070828-075118-445 O4 - HKLM\..\Run: [uvnx] c:\windows\system32\uvcx.exe
backup-20070828-075118-446 O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
backup-20070828-075118-447 O2 - BHO: (no name) - {9B076719-B242-4B5C-B915-7CEFBF2B17A9} - (no file)
backup-20070828-075118-450 O2 - BHO: (no name) - {E355B7D0-33A9-42E0-8330-9CD303391A72} - (no file)
backup-20070828-075118-453 O2 - BHO: (no name) - {BC9FD704-E10D-4FEF-82F0-18907616BDDD} - (no file)
backup-20070828-075118-468 O2 - BHO: (no name) - {71419BBD-9DCC-407B-9C4B-D02C25D206D6} - (no file)
backup-20070828-075118-485 O2 - BHO: (no name) - {C1303583-030E-4501-83C6-CF6B6ADB3AF1} - (no file)
backup-20070828-075118-488 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
backup-20070828-075118-503 O2 - BHO: (no name) - {D929051E-18DC-488B-935E-F2A0D8E3EC6a} - (no file)
backup-20070828-075118-504 O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
backup-20070828-075118-510 O2 - BHO: (no name) - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - (no file)
backup-20070828-075118-563 O2 - BHO: (no name) - {04185673-E7E1-4851-9952-82C93FF9454e} - (no file)
backup-20070828-075118-568 O2 - BHO: (no name) - {6C1E618F-8E9E-4C30-BD7E-D825B3ECD3B1} - (no file)
backup-20070828-075118-582 O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
backup-20070828-075118-586 O2 - BHO: (no name) - {9D087A3F-947C-46F4-AD6C-3A210B7569D9} - (no file)
backup-20070828-075118-592 O2 - BHO: (no name) - {B4D19308-8FB1-4A98-9862-599D265ACEB3} - (no file)
backup-20070828-075118-597 O2 - BHO: (no name) - {5f649ad1-0675-449b-bc5c-a16185813beb} - C:\WINDOWS\system32\kbdwex.dll
backup-20070828-075118-613 O2 - BHO: (no name) - {D3A80290-E398-423A-9518-070353CB9104} - (no file)
backup-20070828-075118-622 O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
backup-20070828-075118-660 O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
backup-20070828-075118-671 O2 - BHO: (no name) - {00365668-E788-4B58-912C-FCB55DD427Ef} - (no file)
backup-20070828-075118-696 O2 - BHO: (no name) - {7C7A422B-CC85-423C-91C3-FBF5B399D00c} - (no file)
backup-20070828-075118-703 O2 - BHO: (no name) - {09915601-E5BF-4E78-B42F-D2631B040F56} - (no file)
backup-20070828-075118-714 O2 - BHO: (no name) - {AA4ACDD9-284A-4FFF-B060-3EF35C4986C1} - (no file)
backup-20070828-075118-748 O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
backup-20070828-075118-752 O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
backup-20070828-075118-756 O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
backup-20070828-075118-759 O2 - BHO: (no name) - {24111BA2-094E-4502-9A02-FD104DA9C44e} - (no file)
backup-20070828-075118-774 O2 - BHO: (no name) - {92CC00F0-20D0-4E5A-AD02-058F11219445} - (no file)
backup-20070828-075118-785 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
backup-20070828-075118-796 O2 - BHO: (no name) - {8EAF1F2B-CC80-4C26-9E7F-C41F8D4CC1C0} - (no file)
backup-20070828-075118-806 O2 - BHO: (no name) - {182A11B9-76A2-47AF-A1FA-0FE3F5D2B304} - (no file)
backup-20070828-075118-826 O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\xigrteip.dll ",realset
backup-20070828-075118-847 O2 - BHO: (no name) - {E4D021E4-5524-45CA-97B1-7C81B6DC9F95} - (no file)
backup-20070828-075118-848 O2 - BHO: (no name) - {BCA09D05-0292-49DE-AA3D-FB1218863B35} - (no file)
backup-20070828-075118-859 O2 - BHO: (no name) - {376719F4-5FB2-4B1D-9859-B3864A1648A9} - (no file)
backup-20070828-075118-870 O2 - BHO: (no name) - {95C9EA32-27B1-4DE6-8679-B2D4623475E7} - (no file)
backup-20070828-075118-895 O2 - BHO: (no name) - {45326498-4A56-4DB1-A61F-84B0E33BE43f} - (no file)
backup-20070828-075118-902 O2 - BHO: (no name) - {11FC67A5-0B2C-4CF6-B481-52A44038E7F3} - (no file)
backup-20070828-075118-909 O2 - BHO: (no name) - {DE82D7C1-55BC-4C92-8506-50460FB5D103} - (no file)
backup-20070828-075118-911 O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
backup-20070828-075118-912 O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
backup-20070828-075118-919 O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
backup-20070828-075118-924 O2 - BHO: (no name) - {533781FA-4534-4A62-AD7F-0D96EAF5AFF6} - (no file)
backup-20070828-075118-933 O2 - BHO: (no name) - {D9F8AED2-2C30-46FC-B988-6653D01A7945} - (no file)
backup-20070828-075118-938 O2 - BHO: (no name) - {3BE50B77-3AD2-4939-93B3-FD215E92EE1c} - (no file)
backup-20070828-075118-951 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
backup-20070828-075118-980 O2 - BHO: (no name) - {D6D45128-E25E-4036-90D1-F43872902148} - (no file)
backup-20070828-075118-990 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20070828-075118-994 O3 - Toolbar: gPhotoShow Toolbar - {D3FBBA39-B2CD-4A1A-81B5-E940850BDF59} - C:\Program Files\gPhotoShow Toolbar\v3.2.0.0\gPhotoShow_Toolbar.dll (file missing)
backup-20070828-075119-474 O20 - Winlogon Notify: kbdwex - C:\WINDOWS\SYSTEM32\kbdwex.dll
backup-20070828-075119-577 O21 - SSODL: wmpconf - {38C5F6DE-F39D-4750-8251-657DC6C0F802} - C:\WINDOWS\wmpconf.dll
backup-20070828-075119-624 O20 - Winlogon Notify: IntelWireless - C:\WINDOWS\
backup-20070828-075119-752 O20 - Winlogon Notify: pmnnm - C:\WINDOWS\
backup-20070828-075119-898 O20 - Winlogon Notify: mljigee - C:\WINDOWS\
backup-20070828-092803-116 O2 - BHO: (no name) - {3FA6F1B3-5382-4834-9FCA-880B4FF73695} - (no file)
backup-20070828-092803-131 O2 - BHO: (no name) - {AA4ACDD9-284A-4FFF-B060-3EF35C4986C1} - (no file)
backup-20070828-092803-146 O2 - BHO: (no name) - {A70F155D-1148-4C68-9713-DA5D1A3537Aa} - (no file)
backup-20070828-092803-157 O2 - BHO: (no name) - {1746AA6A-ACB9-4606-96AE-96DAF88466Af} - (no file)
backup-20070828-092803-166 O2 - BHO: (no name) - {3EA55109-B269-48D3-BAFA-DB94DD106AEe} - (no file)
backup-20070828-092803-171 O2 - BHO: (no name) - {6C1E618F-8E9E-4C30-BD7E-D825B3ECD3B1} - (no file)
backup-20070828-092803-174 O2 - BHO: (no name) - {9B076719-B242-4B5C-B915-7CEFBF2B17A9} - (no file)
backup-20070828-092803-178 O2 - BHO: (no name) - {BBD798CE-71D0-44FF-8B5B-6F4F2776781d} - (no file)
backup-20070828-092803-202 O2 - BHO: (no name) - {E355B7D0-33A9-42E0-8330-9CD303391A72} - (no file)
backup-20070828-092803-253 O2 - BHO: (no name) - {EEFBE5D6-FEFF-4CB4-AA26-6A464090CB89} - (no file)
backup-20070828-092803-266 O2 - BHO: (no name) - {11FC67A5-0B2C-4CF6-B481-52A44038E7F3} - (no file)
backup-20070828-092803-269 O2 - BHO: (no name) - {3BE50B77-3AD2-4939-93B3-FD215E92EE1c} - (no file)
backup-20070828-092803-272 O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
backup-20070828-092803-287 O2 - BHO: (no name) - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - (no file)
backup-20070828-092803-291 O20 - Winlogon Notify: IntelWireless - C:\WINDOWS\
backup-20070828-092803-294 O2 - BHO: (no name) - {4D31A6C0-120B-4CE6-BEBC-32339AC2F4B1} - (no file)
backup-20070828-092803-308 O2 - BHO: (no name) - {D2F270F0-F50B-4B9D-96BE-8558F3F0225e} - (no file)
backup-20070828-092803-309 O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
backup-20070828-092803-313 O2 - BHO: (no name) - {9D087A3F-947C-46F4-AD6C-3A210B7569D9} - (no file)
backup-20070828-092803-318 O2 - BHO: (no name) - {C1303583-030E-4501-83C6-CF6B6ADB3AF1} - (no file)
backup-20070828-092803-349 O2 - BHO: (no name) - {83F1E8D0-4F97-4B24-A5A9-985153D9A66b} - (no file)
backup-20070828-092803-351 O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
backup-20070828-092803-361 O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
backup-20070828-092803-364 O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
backup-20070828-092803-394 O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
backup-20070828-092803-396 O2 - BHO: (no name) - {D3A80290-E398-423A-9518-070353CB9104} - (no file)
backup-20070828-092803-400 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000274.exe 61A847B5BBF72810329B385475FD01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
backup-20070828-092803-402 O2 - BHO: (no name) - {533781FA-4534-4A62-AD7F-0D96EAF5AFF6} - (no file)
backup-20070828-092803-404 O2 - BHO: (no name) - {09915601-E5BF-4E78-B42F-D2631B040F56} - (no file)
backup-20070828-092803-405 O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
backup-20070828-092803-422 O2 - BHO: (no name) - {5f649ad1-0675-449b-bc5c-a16185813beb} - C:\WINDOWS\system32\kbdwex.dll
backup-20070828-092803-441 O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
backup-20070828-092803-450 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
backup-20070828-092803-452 O2 - BHO: (no name) - {D929051E-18DC-488B-935E-F2A0D8E3EC6a} - (no file)
backup-20070828-092803-465 O2 - BHO: (no name) - {DE82D7C1-55BC-4C92-8506-50460FB5D103} - (no file)
backup-20070828-092803-469 O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
backup-20070828-092803-499 O4 - HKLM\..\Run: [NetService] C:\DOCUME~1\SETHMO~1\LOCALS~1\Temp\tmp31.tmp.exe /run
backup-20070828-092803-501 O2 - BHO: (no name) - {92CC00F0-20D0-4E5A-AD02-058F11219445} - (no file)
backup-20070828-092803-504 O2 - BHO: (no name) - {24111BA2-094E-4502-9A02-FD104DA9C44e} - (no file)
backup-20070828-092803-506 O2 - BHO: (no name) - {35C40C67-DA22-4486-ADE3-A6FBCD4A647d} - (no file)
backup-20070828-092803-508 O2 - BHO: (no name) - {6597C9BF-2A4A-454E-AD53-7FF6FE76D21c} - (no file)
backup-20070828-092803-511 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
backup-20070828-092803-512 O2 - BHO: (no name) - {B4D19308-8FB1-4A98-9862-599D265ACEB3} - (no file)
backup-20070828-092803-522 O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
backup-20070828-092803-533 O2 - BHO: (no name) - {8EAF1F2B-CC80-4C26-9E7F-C41F8D4CC1C0} - (no file)
backup-20070828-092803-553 O2 - BHO: (no name) - {839DB643-7847-4738-AEE0-53D5582284F9} - (no file)
backup-20070828-092803-558 O2 - BHO: (no name) - {71419BBD-9DCC-407B-9C4B-D02C25D206D6} - (no file)
backup-20070828-092803-565 O2 - BHO: (no name) - {B5976215-D50F-4862-9CAB-A6812C7B0C10} - (no file)
backup-20070828-092803-573 O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - (no file)
backup-20070828-092803-585 O2 - BHO: (no name) - {182A11B9-76A2-47AF-A1FA-0FE3F5D2B304} - (no file)
backup-20070828-092803-589 O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
backup-20070828-092803-597 O2 - BHO: (no name) - {95C9EA32-27B1-4DE6-8679-B2D4623475E7} - (no file)
backup-20070828-092803-610 O2 - BHO: (no name) - {E4D021E4-5524-45CA-97B1-7C81B6DC9F95} - (no file)
backup-20070828-092803-617 O4 - HKLM\..\Run: [uvnx] c:\windows\system32\uvcx.exe
backup-20070828-092803-650 O2 - BHO: (no name) - {04185673-E7E1-4851-9952-82C93FF9454e} - (no file)
backup-20070828-092803-663 O2 - BHO: (no name) - {D3F76CAF-07FF-4C74-83E2-2D8F97689BB7} - (no file)
backup-20070828-092803-664 O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
backup-20070828-092803-667 O2 - BHO: (no name) - {BCA09D05-0292-49DE-AA3D-FB1218863B35} - (no file)
backup-20070828-092803-711 O2 - BHO: (no name) - {D9F8AED2-2C30-46FC-B988-6653D01A7945} - (no file)
backup-20070828-092803-759 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
backup-20070828-092803-771 O2 - BHO: (no name) - {376719F4-5FB2-4B1D-9859-B3864A1648A9} - (no file)
backup-20070828-092803-777 O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
backup-20070828-092803-789 O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
backup-20070828-092803-794 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\
backup-20070828-092803-810 O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
backup-20070828-092803-818 O2 - BHO: (no name) - {7C7A422B-CC85-423C-91C3-FBF5B399D00c} - (no file)
backup-20070828-092803-852 O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\xigrteip.dll ",realset
backup-20070828-092803-853 O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
backup-20070828-092803-857 O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
backup-20070828-092803-860 O2 - BHO: (no name) - {1F164AEE-87A6-4DC8-8E9B-4C43F574DA9e} - (no file)
backup-20070828-092803-862 O2 - BHO: (no name) - {D6D45128-E25E-4036-90D1-F43872902148} - (no file)
backup-20070828-092803-863 O2 - BHO: (no name) - {00365668-E788-4B58-912C-FCB55DD427Ef} - (no file)
backup-20070828-092803-874 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
backup-20070828-092803-885 O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
backup-20070828-092803-894 O3 - Toolbar: gPhotoShow Toolbar - {D3FBBA39-B2CD-4A1A-81B5-E940850BDF59} - C:\Program Files\gPhotoShow Toolbar\v3.2.0.0\gPhotoShow_Toolbar.dll (file missing)
backup-20070828-092803-896 O2 - BHO: (no name) - {9E1E6F17-E15F-4D0D-B3CA-D3A12D7C4CA7} - (no file)
backup-20070828-092803-900 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
backup-20070828-092803-928 O2 - BHO: (no name) - {75AE4CE1-B6D5-4EF2-BACA-1879502B3734} - (no file)
backup-20070828-092803-929 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
backup-20070828-092803-942 O2 - BHO: (no name) - {6437612F-6FC3-469A-9E0B-AF8B2AF1590a} - (no file)
backup-20070828-092803-973 O2 - BHO: (no name) - {BC9FD704-E10D-4FEF-82F0-18907616BDDD} - (no file)
backup-20070828-092803-981 O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
backup-20070828-092803-999 O2 - BHO: (no name) - {45326498-4A56-4DB1-A61F-84B0E33BE43f} - (no file)
backup-20070828-092804-296 O20 - Winlogon Notify: kbdwex - C:\WINDOWS\SYSTEM32\kbdwex.dll
backup-20070828-092804-828 O20 - Winlogon Notify: mljigee - C:\WINDOWS\
backup-20070828-092804-969 O21 - SSODL: wmpconf - {BE3759E8-0C73-41EB-A496-AD04DC72B21F} - C:\WINDOWS\wmpconf.dll
backup-20070828-092804-988 O20 - Winlogon Notify: pmnnm - C:\WINDOWS\
backup-20070828-092834-124 O2 - BHO: (no name) - {5f649ad1-0675-449b-bc5c-a16185813beb} - C:\WINDOWS\system32\kbdwex.dll
backup-20070828-092834-346 O20 - Winlogon Notify: kbdwex - C:\WINDOWS\SYSTEM32\kbdwex.dll
backup-20070828-092834-506 O21 - SSODL: wmpconf - {4E01881B-CBE2-4386-B036-34B4A4B3E493} - C:\WINDOWS\wmpconf.dll
backup-20070828-092834-797 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
backup-20070828-092853-412 O20 - Winlogon Notify: kbdwex - C:\WINDOWS\SYSTEM32\kbdwex.dll
backup-20070828-092853-513 O2 - BHO: (no name) - {5f649ad1-0675-449b-bc5c-a16185813beb} - C:\WINDOWS\system32\kbdwex.dll
backup-20070828-092853-664 O21 - SSODL: wmpconf - {7DB47AF9-C0D0-49D0-AA02-BAD2D7DF818A} - C:\WINDOWS\wmpconf.dll
backup-20070828-092853-751 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
backup-20070828-092911-146 O20 - Winlogon Notify: kbdwex - C:\WINDOWS\SYSTEM32\kbdwex.dll
backup-20070828-092911-655 O2 - BHO: (no name) - {5f649ad1-0675-449b-bc5c-a16185813beb} - C:\WINDOWS\system32\kbdwex.dll
backup-20070828-092912-699 O21 - SSODL: wmpconf - {9B58CCDA-6C2F-4236-A9F5-95684ECB9C26} - C:\WINDOWS\wmpconf.dll
backup-20070828-213223-352 O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
backup-20070828-213223-958 O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
backup-20070828-213224-100 O2 - BHO: (no name) - {1F164AEE-87A6-4DC8-8E9B-4C43F574DA9e} - (no file)
backup-20070828-213224-101 O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - (no file)
backup-20070828-213224-112 O2 - BHO: (no name) - {7C7A422B-CC85-423C-91C3-FBF5B399D00c} - (no file)
backup-20070828-213224-117 O2 - BHO: (no name) - {6597C9BF-2A4A-454E-AD53-7FF6FE76D21c} - (no file)
backup-20070828-213224-121 O2 - BHO: (no name) - {D6D45128-E25E-4036-90D1-F43872902148} - (no file)
backup-20070828-213224-123 O2 - BHO: (no name) - {09915601-E5BF-4E78-B42F-D2631B040F56} - (no file)
backup-20070828-213224-156 O2 - BHO: (no name) - {45326498-4A56-4DB1-A61F-84B0E33BE43f} - (no file)
backup-20070828-213224-161 O2 - BHO: (no name) - {D3A80290-E398-423A-9518-070353CB9104} - (no file)
backup-20070828-213224-162 O2 - BHO: (no name) - {83F1E8D0-4F97-4B24-A5A9-985153D9A66b} - (no file)
backup-20070828-213224-196 O4 - HKCU\..\Run: [Kernel Fault Safe] C:\WINDOWS\smss.exe
backup-20070828-213224-208 O2 - BHO: (no name) - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - (no file)
backup-20070828-213224-219 O2 - BHO: (no name) - {92CC00F0-20D0-4E5A-AD02-058F11219445} - (no file)
backup-20070828-213224-228 O4 - HKLM\..\Run: [NetService] C:\DOCUME~1\SETHMO~1\LOCALS~1\Temp\tmp31.tmp.exe /run
backup-20070828-213224-234 O2 - BHO: (no name) - {DE82D7C1-55BC-4C92-8506-50460FB5D103} - (no file)
backup-20070828-213224-252 O4 - HKCU\..\Run: [Shell explorer driver] C:\WINDOWS\csrss.exe
backup-20070828-213224-275 O2 - BHO: (no name) - {6C1E618F-8E9E-4C30-BD7E-D825B3ECD3B1} - (no file)
backup-20070828-213224-289 O4 - HKLM\..\Run: [j1201636] rundll32 C:\WINDOWS\system32\j1201636.dll sook
backup-20070828-213224-298 O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
backup-20070828-213224-299 O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
backup-20070828-213224-375 O2 - BHO: (no name) - {9E1E6F17-E15F-4D0D-B3CA-D3A12D7C4CA7} - (no file)
backup-20070828-213224-376 O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
backup-20070828-213224-384 O2 - BHO: (no name) - {D3F76CAF-07FF-4C74-83E2-2D8F97689BB7} - (no file)
backup-20070828-213224-389 O2 - BHO: (no name) - {AA4ACDD9-284A-4FFF-B060-3EF35C4986C1} - (no file)
backup-20070828-213224-400 O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\wyuccrrb.dll ",realset
backup-20070828-213224-414 O2 - BHO: (no name) - {839DB643-7847-4738-AEE0-53D5582284F9} - (no file)
backup-20070828-213224-422 O2 - BHO: (no name) - {8EAF1F2B-CC80-4C26-9E7F-C41F8D4CC1C0} - (no file)
backup-20070828-213224-425 O2 - BHO: (no name) - {4D31A6C0-120B-4CE6-BEBC-32339AC2F4B1} - (no file)
backup-20070828-213224-435 O2 - BHO: (no name) - {00365668-E788-4B58-912C-FCB55DD427Ef} - (no file)
backup-20070828-213224-457 O2 - BHO: (no name) - {71419BBD-9DCC-407B-9C4B-D02C25D206D6} - (no file)
backup-20070828-213224-475 O2 - BHO: (no name) - {533781FA-4534-4A62-AD7F-0D96EAF5AFF6} - (no file)
backup-20070828-213224-486 O2 - BHO: (no name) - {BBD798CE-71D0-44FF-8B5B-6F4F2776781d} - (no file)
backup-20070828-213224-498 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
backup-20070828-213224-526 O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
backup-20070828-213224-529 O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
backup-20070828-213224-531 O2 - BHO: (no name) - {BC9FD704-E10D-4FEF-82F0-18907616BDDD} - (no file)
backup-20070828-213224-532 O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
backup-20070828-213224-544 O2 - BHO: (no name) - {3EA55109-B269-48D3-BAFA-DB94DD106AEe} - (no file)
backup-20070828-213224-546 O2 - BHO: (no name) - {5f649ad1-0675-449b-bc5c-a16185813beb} - C:\WINDOWS\system32\kbdwex.dll (file missing)
backup-20070828-213224-555 O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\xigrteip.dll ",realset
backup-20070828-213224-564 O2 - BHO: (no name) - {E4D021E4-5524-45CA-97B1-7C81B6DC9F95} - (no file)
backup-20070828-213224-568 O2 - BHO: (no name) - {EEFBE5D6-FEFF-4CB4-AA26-6A464090CB89} - (no file)
backup-20070828-213224-582 O2 - BHO: (no name) - {04185673-E7E1-4851-9952-82C93FF9454e} - (no file)
backup-20070828-213224-591 O2 - BHO: (no name) - {D9F8AED2-2C30-46FC-B988-6653D01A7945} - (no file)
backup-20070828-213224-610 O4 - HKLM\..\Run: [uvnx] c:\windows\system32\uvcx.exe
backup-20070828-213224-625 O2 - BHO: (no name) - {A70F155D-1148-4C68-9713-DA5D1A3537Aa} - (no file)
backup-20070828-213224-629 O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - (no file)
backup-20070828-213224-644 O2 - BHO: (no name) - {D929051E-18DC-488B-935E-F2A0D8E3EC6a} - (no file)
backup-20070828-213224-645 O20 - Winlogon Notify: IntelWireless - C:\WINDOWS\
backup-20070828-213224-646 O2 - BHO: (no name) - {75AE4CE1-B6D5-4EF2-BACA-1879502B3734} - (no file)
backup-20070828-213224-651 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\
backup-20070828-213224-653 O2 - BHO: (no name) - {9B076719-B242-4B5C-B915-7CEFBF2B17A9} - (no file)
backup-20070828-213224-654 O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
backup-20070828-213224-657 O2 - BHO: (no name) - {182A11B9-76A2-47AF-A1FA-0FE3F5D2B304} - (no file)
backup-20070828-213224-664 O2 - BHO: (no name) - {1746AA6A-ACB9-4606-96AE-96DAF88466Af} - (no file)
backup-20070828-213224-667 O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
backup-20070828-213224-683 O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
backup-20070828-213224-728 O2 - BHO: (no name) - {35C40C67-DA22-4486-ADE3-A6FBCD4A647d} - (no file)
backup-20070828-213224-762 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000274.exe 61A847B5BBF72810329B385475FD01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
backup-20070828-213224-767 O2 - BHO: (no name) - {E355B7D0-33A9-42E0-8330-9CD303391A72} - (no file)
backup-20070828-213224-768 O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
backup-20070828-213224-770 O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
backup-20070828-213224-771 O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
backup-20070828-213224-775 O2 - BHO: (no name) - {24111BA2-094E-4502-9A02-FD104DA9C44e} - (no file)
backup-20070828-213224-784 O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
backup-20070828-213224-788 O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
backup-20070828-213224-792 O2 - BHO: (no name) - {9D087A3F-947C-46F4-AD6C-3A210B7569D9} - (no file)
backup-20070828-213224-822 O2 - BHO: (no name) - {B5976215-D50F-4862-9CAB-A6812C7B0C10} - (no file)
backup-20070828-213224-828 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
backup-20070828-213224-832 O2 - BHO: (no name) - {6437612F-6FC3-469A-9E0B-AF8B2AF1590a} - (no file)
backup-20070828-213224-835 O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
backup-20070828-213224-839 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
backup-20070828-213224-858 O2 - BHO: (no name) - {11FC67A5-0B2C-4CF6-B481-52A44038E7F3} - (no file)
backup-20070828-213224-879 O2 - BHO: (no name) - {3FA6F1B3-5382-4834-9FCA-880B4FF73695} - (no file)
backup-20070828-213224-902 O2 - BHO: (no name) - {D2F270F0-F50B-4B9D-96BE-8558F3F0225e} - (no file)
backup-20070828-213224-921 O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
backup-20070828-213224-927 O2 - BHO: (no name) - {BCA09D05-0292-49DE-AA3D-FB1218863B35} - (no file)
backup-20070828-213224-929 O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
backup-20070828-213224-944 O2 - BHO: (no name) - {C1303583-030E-4501-83C6-CF6B6ADB3AF1} - (no file)
backup-20070828-213224-962 O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\knriucyl.dll ",realset
backup-20070828-213224-963 O2 - BHO: (no name) - {3BE50B77-3AD2-4939-93B3-FD215E92EE1c} - (no file)
backup-20070828-213224-969 O2 - BHO: (no name) - {376719F4-5FB2-4B1D-9859-B3864A1648A9} - (no file)
backup-20070828-213224-980 O2 - BHO: (no name) - {95C9EA32-27B1-4DE6-8679-B2D4623475E7} - (no file)
backup-20070828-213224-982 O2 - BHO: (no name) - {B4D19308-8FB1-4A98-9862-599D265ACEB3} - (no file)
backup-20070828-213225-224 O20 - Winlogon Notify: mljigee - C:\WINDOWS\
backup-20070828-213225-254 O20 - Winlogon Notify: kbdwex - kbdwex.dll (file missing)
backup-20070828-213225-683 O21 - SSODL: wmpconf - {BE3759E8-0C73-41EB-A496-AD04DC72B21F} - (no file)
backup-20070828-213225-736 O20 - Winlogon Notify: pmnnm - C:\WINDOWS\
backup-20070828-213516-177 O4 - HKLM\..\Run: [j1201636] rundll32 C:\WINDOWS\system32\j1201636.dll sook
backup-20070828-213516-198 O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\knriucyl.dll ",realset
backup-20070828-213516-209 O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\wyuccrrb.dll ",realset
backup-20070828-213516-260 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
backup-20070828-213516-273 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000274.exe 61A847B5BBF72810329B385475FD01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
backup-20070828-213516-291 O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
backup-20070828-213516-318 O4 - HKLM\..\Run: [NetService] C:\DOCUME~1\SETHMO~1\LOCALS~1\Temp\tmp31.tmp.exe /run
backup-20070828-213516-457 O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\xigrteip.dll ",realset
backup-20070828-213516-495 O4 - HKCU\..\Run: [Kernel Fault Safe] C:\WINDOWS\smss.exe
backup-20070828-213516-510 O4 - HKCU\..\Run: [Shell explorer driver] C:\WINDOWS\csrss.exe
backup-20070828-213516-719 O4 - HKLM\..\Run: [uvnx] c:\windows\system32\uvcx.exe
backup-20070828-232542-316 O21 - SSODL: wmpconf - {BE3759E8-0C73-41EB-A496-AD04DC72B21F} - (no file)
backup-20070828-232542-512 O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\xigrteip.dll ",realset
backup-20070828-232542-553 O4 - HKLM\..\Run: [NetService] C:\DOCUME~1\SETHMO~1\LOCALS~1\Temp\tmp31.tmp.exe /run
backup-20070828-232542-590 O4 - HKCU\..\Run: [Kernel Fault Safe] C:\WINDOWS\smss.exe
backup-20070828-232542-627 O4 - HKLM\..\Run: [uvnx] c:\windows\system32\uvcx.exe
backup-20070828-232542-644 O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\knriucyl.dll ",realset
backup-20070828-232542-666 O4 - HKCU\..\Run: [Shell explorer driver] C:\WINDOWS\csrss.exe
backup-20070828-232542-843 O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\wyuccrrb.dll ",realset
backup-20070828-232542-846 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
backup-20070828-232542-847 O4 - HKLM\..\Run: [j1201636] rundll32 C:\WINDOWS\system32\j1201636.dll sook
backup-20070828-232542-867 O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
backup-20070828-232542-912 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000274.exe 61A847B5BBF72810329B385475FD01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

Ledraisel · 2007/08/28

-- File Associations ----------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys <Not Verified; McAfee; McAfee Personal Firewall>
R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
R3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
R3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
R3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
R3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
R3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth USB Miniport Driver(Windows2000,WindowsXP)>

S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --

R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>

S4 DomainService - c:\docume~1\sethmo~1\locals~1\temp\tmpa5.tmp.exe /service (file missing)
S4 License Management Service ESD - "c:\program files\common files\element5 shared\service\licence manager esd.exe "

-- Device Manager: Disabled --------------

No disabled devices found.

-- Scheduled Tasks -----------------------------------

2007-08-28 07:50:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-08-18 01:48:23 360 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (MYLAPTOP-Seth Morel).job

-- Files created between 2007-07-28 and 2007-08-28 ------

2007-08-28 21:56:02 0 d-------- C:\WINDOWS\system32\appmgmt
2007-08-28 21:48:52 0 d-------- C:\Documents and Settings\Seth Morel\Application Data\Grisoft
2007-08-28 21:48:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-28 21:37:52 0 d-------- C:\VundoFix Backups
2007-08-28 21:22:23 0 d-------- C:\!KillBox
2007-08-23 20:28:12 131458 --a------ C:\WINDOWS\effeff.dll
2007-08-23 20:25:06 241664 --a------ C:\WINDOWS\wmpenv.dll <Not Verified; ; IEXPLORE>
2007-08-23 20:25:06 32768 --a------ C:\WINDOWS\main_uninstaller.exe
2007-08-23 20:25:06 208896 --a------ C:\WINDOWS\duocore.dll <Not Verified; ; BhoNew Module>
2007-08-23 20:23:57 0 d-------- C:\Program Files\VideoAccessCodec
2007-08-22 14:49:49 0 d-------- C:\Program Files\Bethesda Softworks
2007-08-08 22:58:50 0 d-------- C:\Games
2007-08-07 21:59:17 589824 --a------ C:\WINDOWS\system32\DVDRProX.dll <Not Verified; NuMedia Soft, Inc.; DVDRProX Module>
2007-08-07 21:59:15 0 d-------- C:\Program Files\Fujifilm e-Systems
2007-08-07 21:43:49 0 d-------- C:\Documents and Settings\Seth Morel\Application Data\Digital Album Organizer

-- Find3M Report ---------------------------------------------

2007-08-28 21:56:00 0 d-------- C:\Program Files\Common Files
2007-08-28 07:51:21 0 d-------- C:\Program Files\Google
2007-08-24 10:36:09 0 d-------- C:\Program Files\gPhotoShow Toolbar
2007-08-24 10:28:52 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-08-22 14:49:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-12 15:03:13 53934 --a------ C:\WINDOWS\system32\xpdx.sys
2007-07-20 05:31:37 0 d-------- C:\Program Files\rpg2003
2007-07-16 19:49:46 0 d-------- C:\Program Files\rpgXP
2007-07-16 19:25:21 684029 --a------ C:\rmreckerb2.exe
2007-07-11 15:45:15 0 d-------- C:\Program Files\SamLogic
2007-07-11 15:44:50 5411328 --a------ C:\cdmsetup.exe <Not Verified; Inner Media, Inc.; 32-bit Active Delivery Self Extracting Front End>
2007-07-06 19:42:55 353 ---hs---- C:\WINDOWS\system32\mnnmp.ini2
2007-06-18 13:40:59 262144 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2007-06-18 13:40:59 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2007-06-10 01:44:38 5224 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-06-10 01:44:37 104 -r-hs---- C:\WINDOWS\system32\4CD6F9AFD2.sys
2007-06-08 18:14:47 12 --a------ C:\WINDOWS\system32\sl.bin
2007-06-06 19:44:35 12800 --a------ C:\WINDOWS\system32\it_pl.dll <Not Verified; Microsoft; Windows Explorer cdrom optimizer>
2007-06-06 19:44:32 24576 --a------ C:\WINDOWS\system32\it_reg.exe <Not Verified; Microsoft; MYBHOHelpInstallUtility>
2007-06-05 23:32:44 2513093 --a------ C:\WallpaperSSLT.exe <Not Verified; gPhotoShow; Wallpaper Slideshow LT>

-- Registry Dump ------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{D3FBBA39-B2CD-4A1A-81B5-E940850BDF59} "= C:\Program Files\gPhotoShow Toolbar\v3.2.0.0\gPhotoShow_Toolbar.dll [ ]

[-HKEY_CLASSES_ROOT\CLSID\{D3FBBA39-B2CD-4A1A-81B5-E940850BDF59}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 03:01 PM]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/24/2005 07:36 AM]
"igfxtray "= "C:\WINDOWS\system32\igfxtray.exe" [07/19/2005 11:09 AM]
"igfxhkcmd "= "C:\WINDOWS\system32\hkcmd.exe" [07/19/2005 11:06 AM]
"igfxpers "= "C:\WINDOWS\system32\igfxpers.exe" [07/19/2005 11:10 AM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [11/09/2006 04:07 PM]
"IntelWireless "= "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/30/2004 03:59 PM]
"dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 02:05 AM]
"MCUpdateExe "= "C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [01/11/2006 12:05 PM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [03/14/2007 08:05 PM]
"MCAgentExe "= "c:\PROGRA~1\mcafee.com\agent\McAgent.exe" [09/22/2005 06:29 PM]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [02/16/2007 11:54 AM]
"MSConfig "= "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/10/2004 06:00 AM]
"SigmatelSysTrayApp "= "stsystra.exe" [06/21/2005 10:33 AM C:\WINDOWS\stsystra.exe]
"!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
"@ "=" " []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport "= "C:\Program Files\Dell Support\DSAgnt.exe" [05/15/2005 03:04 AM]
"BitTorrent "= "C:\Program Files\BitTorrent\bittorrent.exe" [03/01/2007 06:11 PM]
"Aim6 "= "C:\Program Files\AIM6\aim6.exe" [04/27/2007 04:17 PM]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [05/31/2005 02:04 AM]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"WallpaperSS "= "C:\Program Files\WallpaperSS\WallpaperSS.exe" [03/12/2007 11:52 PM]
"Shell explorer driver "= "C:\WINDOWS\csrss.exe" []
"Kernel Fault Safe "= "C:\WINDOWS\smss.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [12/22/2004 2:42:22 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [11/29/2005 12:49:07 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle "=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme "=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools "=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"7H28X9M91L "=C:\WINDOWS\winlogon32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Seth Morel^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\Seth Morel\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\updater.exe 61A847B5BBF72810329B385475FD01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F146C9B1-VMVQ-A9RC-NUFL-D02300B4E999}]
C:\WINDOWS\system32\tmrsrv32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}]
C:\WINDOWS\system32\idleserv.exe

-- End of Deckard's System Scanner: finished at 2007-08-28 23:35:24 --

Also, the AVG AS report isn't there, but I do have a list of the programs that have been quarantined.

noahdfear · 2007/08/29

Once again, please make sure that Tea-Timer is disabled and not running.

Scan again with HijackThis, place a check next to the following entries, close all other windows and click Fix Checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
O3 - Toolbar: gPhotoShow Toolbar - {D3FBBA39-B2CD-4A1A-81B5-E940850BDF59} - C:\Program Files\gPhotoShow Toolbar\v3.2.0.0\gPhotoShow_Toolbar.dll (file missing)
O4 - HKCU\..\Run: [Shell explorer driver] C:\WINDOWS\csrss.exe
O4 - HKCU\..\Run: [Kernel Fault Safe] C:\WINDOWS\smss.exe

When complete, click Config, then Backups. Locate and check the following entries (1 of each ONLY), then click Restore.

backup-20070824-191948-196 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
backup-20070827-095427-380 O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

Now click Delete All.
Close HijackThis.

Copy the contents of the quote box below to a blank notepad. Save it to the desktop as;

Filename: fix.reg
Save as type: All Files (*.*)

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"7H28X9M91L "=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F146C9B1-VMVQ-A9RC-NUFL-D02300B4E999}]

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}]
Click to expand...

Double click fix.reg and allow it to merge with the registry.

Highlight and copy the following bolded command. Click Start>Run then paste the command into the Run dialog box and hit enter.

sc delete DomainService

Download SmitfraudFix by S!Ri, saving it to the desktop. Don't use it yet.

Copy the bolded list of files below by highlighting and pressing Ctrl+C

C:\WINDOWS\effeff.dll
C:\WINDOWS\wmpenv.dll
C:\WINDOWS\main_uninstaller.exe
C:\WINDOWS\duocore.dll
C:\WINDOWS\system32\xpdx.sys
C:\WINDOWS\system32\4CD6F9AFD2.sys
C:\WINDOWS\system32\sl.bin
C:\WINDOWS\system32\it_pl.dll
C:\WINDOWS\system32\it_reg.exe

Double-click the KillBox icon on your desktop to open it

Select the box Delete on Reboot

Then click the All Files button.

Click File on the Menu and choose Paste from Clipboard.

Click the red x [Delete File] button.

Click Yes at the Delete on Reboot prompt. Click Yes at the Pending Operations prompt.

If the computer does not reboot on it's own, restart it yourself.

Restart the computer in Safe Mode by tapping the F8 key upon startup and selecting Safe Mode from the Advanced Startup Menu. Logon to your account.

Double-click SmitfraudFix.exe to start the tool and press 2, then hit Enter.

You will be prompted 'Do you want to clean the registry?' answer Y (yes) and hit Enter.

If prompted to replace the infected wininet.dll file (if found), answer Y (yes) and hit Enter to restore a clean file.

Reboot to normal mode when the tool completes.

Post the contents of C:\rapport.txt and a fresh HijackThis log.

Ledraisel · 2007/08/29

Logfile of HijackThis v1.99.1
Scan saved at 9:25:10 PM, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WallpaperSS\WallpaperSS.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe "
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WallpaperSS] C:\Program Files\WallpaperSS\WallpaperSS.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bonniesbookstore/sis/popcaploader_v10.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

SmitFraudFix v2.217

Scan done at 21:21:38.25, Wed 08/29/2007
Run from C:\Documents and Settings\Seth Morel\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\susp.exe Deleted
C:\Program Files\VideoAccessCodec\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{13C0E84E-BD62-4228-B86F-C762555D09B5}: DhcpNameServer=68.109.202.25 68.109.202.30 68.11.16.25
HKLM\SYSTEM\CS2\Services\Tcpip\..\{13C0E84E-BD62-4228-B86F-C762555D09B5}: DhcpNameServer=68.109.202.25 68.109.202.30 68.11.16.25
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.109.202.25 68.109.202.30 68.11.16.25
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.109.202.25 68.109.202.30 68.11.16.25

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System "=" "

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

noahdfear · 2007/08/29

Well done!

Just to be sure, is your ISP Cox Communications?

Let's make sure we haven't overlooked something and do an online scan.

One or the other (both if you want );

Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC now button

A new window will open...click the Check Now button

Enter your Country

Enter your State/Province

Enter your e-mail address and click send

Select either Home User or Company

Select the appropriate Yes or No to receiving marketing information

Click the Free Online Scan button

If it wants to install an ActiveX component allow it

It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)

When download is complete, click on My Computer to start the scan

When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the ActiveScan report along with a fresh HJT log.

or

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:

Once the files have been downloaded click on NEXT

Now click on Scan Settings

In the scan settings make that the following are selected:

Scan using the following Anti-Virus database:

Extended (if available otherwise Standard)

Scan Options:

Scan Archives
Scan Mail Bases

Click OK

Now under select a target to scan:

Select My Computer

This will program will start and scan your system.

The scan will take a while so be patient and let it run.

Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Copy and paste that information in your next post.

Post the Kaspersky log and one more fresh HijackThis log.

Ledraisel · 2007/08/29

Logfile of HijackThis v1.99.1
Scan saved at 10:47:42 PM, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe "
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WallpaperSS] C:\Program Files\WallpaperSS\WallpaperSS.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bonniesbookstore/sis/popcaploader_v10.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Incident Status Location

Adware:adware/commad Not disinfected c:\windows\system32\atmtd.dll
Virus:trj/cimuz.be Disinfected Operating system
Adware:adware/tubby Not disinfected c:\windows\system32\WER8274.DLL
Adware:adware/ncase Not disinfected c:\windows\180ax.exe
Spyware:spyware/betterinet Not disinfected c:\windows\bi.dll
Adware:adware/twain-tech Not disinfected c:\windows\satmat.exe
Adware:adware/topconvert Not disinfected c:\windows\updatetc.exe
Adware:adware/surfassistant Not disinfected Windows Registry
Adware:adware/transponder Not disinfected Windows Registry
Adware:adware/powerstrip Not disinfected Windows Registry
Adware:adware/404search Not disinfected Windows Registry
Adware:adware/adlogix Not disinfected Windows Registry
Spyware:spyware/searchcentrix Not disinfected Windows Registry
Adware:Adware/VideoPlugin Not disinfected C:\!KillBox\duocore.dll
Adware:Adware/VideoPlugin Not disinfected C:\!KillBox\main_uninstaller.exe
Adware:Adware/VideoPlugin Not disinfected C:\!KillBox\wmpconf.dll
Adware:Adware/VideoPlugin Not disinfected C:\!KillBox\wmpconf.dll( 2)
Adware:Adware/VideoPlugin Not disinfected C:\!KillBox\wmpconf.dll( 4)
Adware:Adware/VideoPlugin Not disinfected C:\!KillBox\wmpenv.dll
Adware:Adware/WinAntivirus2006 Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\SETHMO~1\LOCALS~1\Temp\ICD1.tmp\UWA7P_0001_N91M0809NetInstaller.inf
Virus:Trj/Spammer.ACJ Disinfected C:\Deckard\System Scanner\backup\DOCUME~1\SETHMO~1\LOCALS~1\Temp\spoolsv32.exe
Adware:Adware/eZula Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\SETHMO~1\LOCALS~1\Temp\tmp34.tmp.exe
Virus:Trj/Downloader.MDW Disinfected C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\popcaploader.dll
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Seth Morel\Cookies\seth morel@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Seth Morel\Cookies\seth morel@azjmp[1].txt
Spyware:Cookie/DelfinMedia Not disinfected C:\Documents and Settings\Seth Morel\Cookies\seth morel@delfinproject[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Seth Morel\Cookies\seth morel@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Seth Morel\Cookies\seth morel@klik.klikadvertising[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Seth Morel\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Seth Morel\Desktop\SmitfraudFix\restart.exe
Virus:Trj/Cimuz.CI Disinfected C:\Documents and Settings\Seth Morel\Local Settings\Temporary Internet Files\Content.IE5\0LMNO1UF\installer[1].exe
Virus:Generic Backdoor Not disinfected C:\Documents and Settings\Seth Morel\Local Settings\Temporary Internet Files\Content.IE5\4HAJG9Q7\NewSoftware2007Install[1].cab[miniinstaller.exe]
Virus:Trj/Netlist.D Disinfected C:\Documents and Settings\Seth Morel\Local Settings\Temporary Internet Files\Content.IE5\7YYWJ181\winbb[1].exe
Adware:Adware/MediaTickets Not disinfected C:\Documents and Settings\Seth Morel\Local Settings\Temporary Internet Files\Content.IE5\DIC3MYIT\dohinst-103[1].0000
Adware:Adware/eZula Not disinfected C:\Documents and Settings\Seth Morel\Local Settings\Temporary Internet Files\Content.IE5\DIC3MYIT\papamisha[1]
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Seth Morel\Local Settings\Temporary Internet Files\Content.IE5\O1ENW16Z\winraser[1].exe
Virus:Trj/Netlist.D Disinfected C:\Documents and Settings\Seth Morel\Local Settings\Temporary Internet Files\Content.IE5\S3NNI09X\winbb1[1].exe
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Seth Morel\Local Settings\Temporary Internet Files\Content.IE5\S3NNI09X\winraser[1].exe
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\agesdktm.dll.bad
Virus:Trj/Agent.EAZ Disinfected C:\VundoFix Backups\ctqtvuyb.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\durdnyro.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\gpwvotac.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\itgwcqtx.dll.bad
Adware:Adware/WebSearch Not disinfected C:\VundoFix Backups\jxrjyyrk.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\mdpfnmgw.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\qogamitv.dll.bad
Adware:Adware/WebSearch Not disinfected C:\VundoFix Backups\tntqsysm.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\vuqskkpg.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\xooknyga.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\hpoxmcxd.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\sefmflsd.dll

noahdfear · 2007/08/29

Copy the bolded list of files below by highlighting and pressing Ctrl+C

C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\mnnmp.ini2
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\WER8274.DLL
C:\WINDOWS\180ax.exe
C:\WINDOWS\bi.dll
C:\WINDOWS\satmat.exe
C:\WINDOWS\updatetc.exe
C:\WINDOWS\system32\hpoxmcxd.dll
C:\WINDOWS\system32\sefmflsd.dll

Double-click the KillBox icon on your desktop to open it

Select the box Delete on Reboot

Then click the All Files button.

Click File on the Menu and choose Paste from Clipboard.

Click the red x [Delete File] button.

Click Yes at the Delete on Reboot prompt. Click Yes at the Pending Operations prompt.

If the computer does not reboot on it's own, restart it yourself.

Delete all of the following tools we have used, and the files/folders they created.

C:\Deckard
C:\!KillBox
C:\VundoFix Backups
dss.exe
SmitfraudFix.exe and SmitfraudFix folder
vundofix.exe
all vundofix and SmitfraudFix logs

Go to Add\Remove Programs and uninstall all versions of Java (JRE), the delete the contents of the C:\Prgram Files\Java folder. Get the latest version from the link below.
http://java.com/en/download/index.jsp

Download ATF Cleaner by Atribune and save it to your Desktop.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
Recycle bin
Cookies

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Reboot.

Recommend you download, install, update and do a full system scan with both Ad-aware, removing what it finds. Update and scan with Spybot as well. While Spybot is open, click Mode on the menu and select Advanced. Click Yes to the prompt. In the left pane, click Immunize. If promted that 0 (zero) products are blocked, click OK, then click the green plus sign labeled immunize in the upper left corner. Check the box below labeled Enable permanent blocking of bad addresses in Internet Explorer. Now click the Tools button in the left pane. Click Resident. Check the box labeled Resident "SD Helper" (Internet Explorer bad download blocker) active.

Otherwise, it looks as though you're system is clean.

Once you're done with the above, if you're satisfied that the computer is working properly, clear the System Restore points. They are infected.

Clear past system restore points and create a new one.
Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply. Click OK, then OK to close the System Properties dialog.

Verify a new restore point was created.
Click Start>All Programs>Accessories>System Tools>System Restore
Select 'Restore my computer to an earlier time', then click next.
You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next.

Finally, re-enable Tea-Timer.

Geri has posted some very helpful information and recommendations regarding future protection in the following link.

http://www.windowsbbs.com/showpost.php?p=356653&postcount=49

Surf safe!

Ledraisel · 2007/08/30

Thanks for the help...
I think it's fixed for now.

noahdfear · 2007/08/30

You're most welcome.

Log in or Sign up

Solved wmpconf.dll file suspected infection

Ledraisel Inactive Thread Starter

noahdfear Inactive

Ledraisel Inactive Thread Starter

noahdfear Inactive

Ledraisel Inactive Thread Starter

Ledraisel Inactive Thread Starter

Ledraisel Inactive Thread Starter

Ledraisel Inactive Thread Starter

Ledraisel Inactive Thread Starter

noahdfear Inactive

Ledraisel Inactive Thread Starter

noahdfear Inactive

Ledraisel Inactive Thread Starter

noahdfear Inactive

Ledraisel Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Solved wmpconf.dll file suspected infection

Ledraisel Inactive Thread Starter

noahdfear Inactive

Ledraisel Inactive Thread Starter

noahdfear Inactive

Ledraisel Inactive Thread Starter

Ledraisel Inactive Thread Starter

Ledraisel Inactive Thread Starter

Ledraisel Inactive Thread Starter

Ledraisel Inactive Thread Starter

noahdfear Inactive

Ledraisel Inactive Thread Starter

noahdfear Inactive

Ledraisel Inactive Thread Starter

noahdfear Inactive

Ledraisel Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches