Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91863 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Please Help!


  • This topic is locked This topic is locked
17 replies to this topic

#1 Heffer58

Heffer58

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 04 May 2008 - 09:02 AM

Here is my log, thank you very much!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:15 AM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\AOL\1139091192\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\common files\aol\1139091192\ee\aolsoftware.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\NetProject\sbsm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearc...ce.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearc...ce.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: 527631 helper - {54160F28-994B-48DD-8D83-1B2F6B9EB054} - C:\WINDOWS\system32\527631\527631.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139091192\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [VirusHeat 4.4] "C:\Program Files\VirusHeat 4.4\VirusHeat 4.4.exe" /h
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PestTrap] C:\Program Files\PestTrap\PestTrap.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://qcmail.qc.cuny.edu/dwa7W.cab
O22 - SharedTaskScheduler: enswathes - {4d51e91c-e917-4b7f-89ff-abe471e16927} - C:\WINDOWS\system32\uyhjw.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 12455 bytes

    Advertisements

Register to Remove


#2 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 04 May 2008 - 10:16 AM

Hello Siiic812 and welcome to the What the Tech Forums

My name is Trevuren and I will be helping you with your problem.


A. First I will ask you to uninstall the following "rogue" programs:

PartyPoker/Party Gaming
Pest Trap


Justification for these removals can be found here, if required:

http://www.bleepingc...tall/Cat-P.html


B. Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#3 Heffer58

Heffer58

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 04 May 2008 - 11:34 AM

Thank you for the timely response.

I was unable to remove pest trap, but i think i did remove party gaming

Here is the report.txt

: Version 1.131

Run by melanie orlofsky on Sun 05/04/2008 at 01:02 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\MELANI~1\Desktop\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found






Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\explorer.exe
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 13:12:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"OfflineDetectionPending"=dword:00000001

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:Pando Application"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------


Files with Hidden Attributes:

Wed 1 Sep 2004 54,384 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe"
Wed 1 Sep 2004 156,784 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe"
Wed 1 Sep 2004 31,344 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe"
Thu 8 Nov 2007 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Sun 2 Mar 2008 104 ..SHR --- "C:\WINDOWS\system32\6C35CA980B.sys"
Sun 2 Mar 2008 4,704 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 9 May 2007 21,504 ...H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\~WRL0339.tmp"
Wed 9 May 2007 21,504 ...H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\~WRL1604.tmp"
Wed 9 May 2007 22,528 ...H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\~WRL1911.tmp"
Wed 9 May 2007 21,504 ...H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\~WRL2423.tmp"
Wed 9 May 2007 22,016 ...H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\~WRL3045.tmp"
Wed 9 May 2007 22,528 ...H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\~WRL4052.tmp"
Wed 9 May 2007 22,528 ...H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\~WRL4084.tmp"
Mon 7 Apr 2008 77,312 ...H. --- "C:\Documents and Settings\melanie orlofsky\Desktop\Resume\~WRL0109.tmp"
Mon 7 Apr 2008 76,800 ...H. --- "C:\Documents and Settings\melanie orlofsky\Desktop\Resume\~WRL0505.tmp"
Mon 7 Apr 2008 76,288 ...H. --- "C:\Documents and Settings\melanie orlofsky\Desktop\Resume\~WRL1456.tmp"
Mon 7 Apr 2008 76,288 ...H. --- "C:\Documents and Settings\melanie orlofsky\Desktop\Resume\~WRL2557.tmp"
Mon 7 Apr 2008 76,288 ...H. --- "C:\Documents and Settings\melanie orlofsky\Desktop\Resume\~WRL3535.tmp"
Wed 9 May 2007 22,016 ...H. --- "C:\Documents and Settings\melanie orlofsky\Application Data\Microsoft\Word\~WRL0004.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\melanie orlofsky\Application Data\U3\temp\Launchpad Removal.exe"
Fri 23 Nov 2007 48,128 A..H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Econ 206\~WRL0181.tmp"
Sun 17 Feb 2008 26,624 A..H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Media Studies\~WRL0045.tmp"
Tue 19 Feb 2008 45,568 A..H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Media Studies\~WRL0346.tmp"
Tue 19 Feb 2008 27,648 A..H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Media Studies\~WRL0794.tmp"
Sun 17 Feb 2008 88,064 A..H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Media Studies\~WRL1051.tmp"
Tue 19 Feb 2008 27,648 A..H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Media Studies\~WRL1168.tmp"
Tue 19 Feb 2008 28,160 A..H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Media Studies\~WRL1311.tmp"
Sun 17 Feb 2008 46,592 A..H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Media Studies\~WRL1574.tmp"
Tue 19 Feb 2008 118,784 A..H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Media Studies\~WRL1711.tmp"
Sun 17 Feb 2008 27,136 A..H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Media Studies\~WRL1843.tmp"
Tue 19 Feb 2008 103,424 A..H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Media Studies\~WRL1844.tmp"
Tue 19 Feb 2008 35,328 A..H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Media Studies\~WRL2088.tmp"
Tue 19 Feb 2008 46,592 A..H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Media Studies\~WRL2337.tmp"
Tue 19 Feb 2008 27,648 A..H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Media Studies\~WRL2860.tmp"
Sun 17 Feb 2008 88,064 A..H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Media Studies\~WRL2984.tmp"
Mon 28 Apr 2008 26,624 ...H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Media Studies\~WRL3078.tmp"
Mon 18 Feb 2008 118,784 A..H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Media Studies\~WRL3243.tmp"
Sun 17 Feb 2008 71,680 A..H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Media Studies\~WRL3534.tmp"
Tue 19 Feb 2008 46,592 A..H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Media Studies\~WRL3800.tmp"
Tue 19 Feb 2008 46,080 A..H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Media Studies\~WRL3819.tmp"
Thu 13 Mar 2008 28,672 ...H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Bala 103W\Orlofsky\~WRL0004.tmp"
Wed 26 Mar 2008 26,624 ...H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Bala 103W\Orlofsky\~WRL0162.tmp"
Wed 27 Feb 2008 20,992 A..H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Bala 103W\Orlofsky\~WRL0194.tmp"
Wed 26 Mar 2008 24,064 ...H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Bala 103W\Orlofsky\~WRL0234.tmp"
Wed 9 Apr 2008 25,600 ...H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Bala 103W\Orlofsky\~WRL0284.tmp"
Wed 27 Feb 2008 21,504 A..H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Bala 103W\Orlofsky\~WRL0613.tmp"
Wed 9 Apr 2008 29,696 ...H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Bala 103W\Orlofsky\~WRL0888.tmp"
Wed 9 Apr 2008 29,696 ...H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Bala 103W\Orlofsky\~WRL1557.tmp"
Wed 27 Feb 2008 29,184 A..H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Bala 103W\Orlofsky\~WRL1623.tmp"
Wed 27 Feb 2008 21,504 A..H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Bala 103W\Orlofsky\~WRL1666.tmp"
Wed 27 Feb 2008 28,672 A..H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Bala 103W\Orlofsky\~WRL1819.tmp"
Wed 27 Feb 2008 21,504 A..H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Bala 103W\Orlofsky\~WRL1991.tmp"
Wed 9 Apr 2008 27,648 ...H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Bala 103W\Orlofsky\~WRL2445.tmp"
Wed 26 Mar 2008 27,136 ...H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Bala 103W\Orlofsky\~WRL2905.tmp"
Wed 26 Mar 2008 24,064 ...H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Bala 103W\Orlofsky\~WRL3171.tmp"
Wed 27 Feb 2008 19,968 A..H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Bala 103W\Orlofsky\~WRL3407.tmp"
Mon 17 Mar 2008 28,672 ...H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Bala 103W\Orlofsky\~WRL3431.tmp"
Wed 9 Apr 2008 24,576 ...H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Bala 103W\Orlofsky\~WRL3481.tmp"
Mon 17 Mar 2008 28,160 ...H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Bala 103W\Orlofsky\~WRL3724.tmp"
Mon 17 Mar 2008 24,064 ...H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Bala 103W\Orlofsky\~WRL3786.tmp"
Mon 17 Mar 2008 28,672 ...H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Bala 103W\Orlofsky\~WRL3864.tmp"
Wed 26 Mar 2008 28,160 ...H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Bala 103W\Orlofsky\~WRL3872.tmp"
Wed 27 Feb 2008 22,016 A..H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Bala 103W\Orlofsky\~WRL3891.tmp"
Mon 17 Mar 2008 25,088 ...H. --- "C:\Documents and Settings\melanie orlofsky\My Documents\School\Bala 103W\Orlofsky\~WRL4090.tmp"
Sat 31 Dec 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Sat 31 Dec 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Sat 31 Dec 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
Mon 16 Jan 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"

Finished!

Here is the new hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:33:09 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\AOL\1139091192\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\VirusHeat 4.4\VirusHeat 4.4.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearc...ce.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearc...ce.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: 527631 helper - {54160F28-994B-48DD-8D83-1B2F6B9EB054} - C:\WINDOWS\system32\527631\527631.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139091192\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [VirusHeat 4.4] "C:\Program Files\VirusHeat 4.4\VirusHeat 4.4.exe" /h
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PestTrap] C:\Program Files\PestTrap\PestTrap.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://qcmail.qc.cuny.edu/dwa7W.cab
O22 - SharedTaskScheduler: enswathes - {4d51e91c-e917-4b7f-89ff-abe471e16927} - C:\WINDOWS\system32\uyhjw.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 11887 bytes

Thanks again

#4 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 04 May 2008 - 11:48 AM

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Double-click smitfraudfix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#5 Heffer58

Heffer58

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 04 May 2008 - 12:53 PM

SmitFraudFix v2.319 Scan done at 14:44:16.04, Sun 05/04/2008 Run from C:\Documents and Settings\melanie orlofsky\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\fxssvc.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Common Files\AOL\1139091192\ee\AOLSoftware.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Dell\QuickSet\Quickset.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\VirusHeat 4.4\VirusHeat 4.4.exe C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Pando Networks\Pando\Pando.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\AIM\aim.exe c:\program files\common files\aol\1139091192\ee\aolsoftware.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cmd.exe hosts C:\ C:\WINDOWS C:\WINDOWS\system C:\WINDOWS\Web C:\WINDOWS\system32 C:\WINDOWS\system32\LogFiles C:\Documents and Settings\melanie orlofsky C:\Documents and Settings\melanie orlofsky\Application Data Start Menu C:\DOCUME~1\MELANI~1\STARTM~1\Programs\PestTrap FOUND ! C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND ! C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND ! C:\DOCUME~1\MELANI~1\FAVORI~1 C:\DOCUME~1\MELANI~1\FAVORI~1\Online Security Test.url FOUND ! Desktop C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND ! C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url FOUND ! C:\Program Files C:\Program Files\NetProject\ FOUND ! Corrupted keys Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri +--------------------------------------------------+ [!] Suspicious: 527631.dll BHO: 527631 Class - {54160F28-994B-48DD-8D83-1B2F6B9EB054} BHO CLSID TypeLib: {E63648F7-3933-440E-AAAA-A8584DD7B7EB} Corrected TypeLib: {E63648F7-3933-440E-B4F6-A8584DD7B7EB} Interface: {F7D09218-46D7-4D3D-9B7F-315204CD0836} Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{4d51e91c-e917-4b7f-89ff-abe471e16927}"="enswathes" [HKEY_CLASSES_ROOT\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32] @="C:\WINDOWS\system32\uyhjw.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32] @="C:\WINDOWS\system32\uyhjw.dll" AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" Rustock DNS Description: Dell Wireless 1370 WLAN Mini-PCI Card - Packet Scheduler Miniport DNS Server Search Order: 24.29.103.15 DNS Server Search Order: 24.29.103.16 HKLM\SYSTEM\CCS\Services\Tcpip\..\{84F7CC0E-2328-4875-A75C-828799F8422F}: DhcpNameServer=24.29.103.15 24.29.103.16 HKLM\SYSTEM\CS1\Services\Tcpip\..\{84F7CC0E-2328-4875-A75C-828799F8422F}: DhcpNameServer=24.29.103.15 24.29.103.16 HKLM\SYSTEM\CS3\Services\Tcpip\..\{84F7CC0E-2328-4875-A75C-828799F8422F}: DhcpNameServer=24.29.103.15 24.29.103.16 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.29.103.15 24.29.103.16 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.29.103.15 24.29.103.16 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.29.103.15 24.29.103.16 Scanning for wininet.dll infection End

#6 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 04 May 2008 - 01:07 PM

Please print out or copy these instructions/tutorial to Notepad as the internet will not be available to you at certain points of the removal process (while in Safe Mode). Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.


1. Download, update and configure SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
DO NOT RUN THE PROGRAM YET

2. Reboot your computer into Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

3. Once in Safe Mode, double-click Smitfraudfix.exe
Select option #2 - Clean by typing 2 and press Enter to delete the infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will now check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


4. Clean out your Temporary Internet files. Proceed as follows:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.


5. Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

6. Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

7. Now, please run SuperAntispyeare by clicking on its icon
  • On the main screen, under "Scan for Harmful Software" click Scan your computer
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.

8.Reboot your system into Normal Windows Mode whether the tool prompts you to do so or not.

.
9. To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Please copy and paste the Scan Log results in your next reply along with afresh HJT log.
  • Click Close to exit the program.

10. Run SmitfraudFix. Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer YES to the question "Restore Trusted Zone?" by Typing Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

11. Please Post the following logs:
  • c:\rapport.txt
  • SuperAntispyware log
  • A new HijackThis log

Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#7 Heffer58

Heffer58

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 04 May 2008 - 02:48 PM

SmitFraudFix v2.319

Scan done at 15:30:23.42, Sun 05/04/2008
Run from C:\Documents and Settings\melanie orlofsky\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4d51e91c-e917-4b7f-89ff-abe471e16927}"="enswathes"

[HKEY_CLASSES_ROOT\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
@="C:\WINDOWS\system32\uyhjw.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
@="C:\WINDOWS\system32\uyhjw.dll"


Killing process


hosts

127.0.0.1 localhost

VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files

C:\DOCUME~1\MELANI~1\STARTM~1\Programs\PestTrap Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url Deleted
C:\DOCUME~1\MELANI~1\FAVORI~1\Online Security Test.url Deleted
C:\Program Files\NetProject\ Deleted

IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\WINDOWS\system32\527631\527631.dll deleted.
C:\WINDOWS\system32\527631\ deleted.


DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{84F7CC0E-2328-4875-A75C-828799F8422F}: DhcpNameServer=24.29.103.15 24.29.103.16
HKLM\SYSTEM\CS1\Services\Tcpip\..\{84F7CC0E-2328-4875-A75C-828799F8422F}: DhcpNameServer=24.29.103.15 24.29.103.16
HKLM\SYSTEM\CS3\Services\Tcpip\..\{84F7CC0E-2328-4875-A75C-828799F8422F}: DhcpNameServer=24.29.103.15 24.29.103.16
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.29.103.15 24.29.103.16
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.29.103.15 24.29.103.16
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.29.103.15 24.29.103.16


Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4d51e91c-e917-4b7f-89ff-abe471e16927}"="enswathes"

[HKEY_CLASSES_ROOT\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
@="C:\WINDOWS\system32\uyhjw.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
@="C:\WINDOWS\system32\uyhjw.dll"



End


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/04/2008 at 04:28 PM

Application Version : 4.0.1154

Core Rules Database Version : 3452
Trace Rules Database Version: 1444

Scan type : Quick Scan
Total Scan Time : 00:23:38

Memory items scanned : 424
Memory threats detected : 0
Registry items scanned : 453
Registry threats detected : 129
File items scanned : 17053
File threats detected : 24

Rogue.VirusHeat
[VirusHeat 4.4] C:\PROGRAM FILES\VIRUSHEAT 4.4\VIRUSHEAT 4.4.EXE
C:\PROGRAM FILES\VIRUSHEAT 4.4\VIRUSHEAT 4.4.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\VirusHeat 4.4.exe 4.4
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\GtLrkjr
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\hlsNwctUit
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\ikndxlk
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Implemented Categories
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\InprocServer32
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\InprocServer32#ThreadingModel
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\InprocServer32#Class
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\InprocServer32#Assembly
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\InprocServer32#RuntimeVersion
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\InprocServer32\1.0.5000.0
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\InprocServer32\1.0.5000.0#Class
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\InprocServer32\1.0.5000.0#Assembly
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\InprocServer32\1.0.5000.0#RuntimeVersion
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\InprocServer32\2.0.0.0
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\InprocServer32\2.0.0.0#RuntimeVersion
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\InprocServer32\2.0.0.0#Assembly
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\InprocServer32\2.0.0.0#Class
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Mocfrurazv
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\ProgId
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\trphc
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\yqjig
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\zrwswJudplb
HKCR\TypeLib\{23624BD0-2A69-4F91-BE6A-9F1F22B72C13}
HKCR\TypeLib\{23624BD0-2A69-4F91-BE6A-9F1F22B72C13}\1.0
HKCR\TypeLib\{23624BD0-2A69-4F91-BE6A-9F1F22B72C13}\1.0\0
HKCR\TypeLib\{23624BD0-2A69-4F91-BE6A-9F1F22B72C13}\1.0\0\win32
HKCR\TypeLib\{23624BD0-2A69-4F91-BE6A-9F1F22B72C13}\1.0\FLAGS
HKCR\TypeLib\{23624BD0-2A69-4F91-BE6A-9F1F22B72C13}\1.0\HELPDIR
HKCR\Interface\{0DFBA66B-DB48-4292-831A-E7186D8A61AE}
HKCR\Interface\{0DFBA66B-DB48-4292-831A-E7186D8A61AE}\ProxyStubClsid
HKCR\Interface\{0DFBA66B-DB48-4292-831A-E7186D8A61AE}\ProxyStubClsid32
HKCR\Interface\{0DFBA66B-DB48-4292-831A-E7186D8A61AE}\TypeLib
HKCR\Interface\{0DFBA66B-DB48-4292-831A-E7186D8A61AE}\TypeLib#Version
HKCR\Interface\{46F309AE-9D11-4C10-9D20-2C084B1C8BCE}
HKCR\Interface\{46F309AE-9D11-4C10-9D20-2C084B1C8BCE}\ProxyStubClsid
HKCR\Interface\{46F309AE-9D11-4C10-9D20-2C084B1C8BCE}\ProxyStubClsid32
HKCR\Interface\{46F309AE-9D11-4C10-9D20-2C084B1C8BCE}\TypeLib
HKCR\Interface\{46F309AE-9D11-4C10-9D20-2C084B1C8BCE}\TypeLib#Version
HKCR\Interface\{4CB95561-AF37-4BBD-823C-1E355A744A43}
HKCR\Interface\{4CB95561-AF37-4BBD-823C-1E355A744A43}\ProxyStubClsid
HKCR\Interface\{4CB95561-AF37-4BBD-823C-1E355A744A43}\ProxyStubClsid32
HKCR\Interface\{4CB95561-AF37-4BBD-823C-1E355A744A43}\TypeLib
HKCR\Interface\{4CB95561-AF37-4BBD-823C-1E355A744A43}\TypeLib#Version
HKCR\Interface\{76157861-4996-4711-90E4-6D868B877B24}
HKCR\Interface\{76157861-4996-4711-90E4-6D868B877B24}\ProxyStubClsid
HKCR\Interface\{76157861-4996-4711-90E4-6D868B877B24}\ProxyStubClsid32
HKCR\Interface\{76157861-4996-4711-90E4-6D868B877B24}\TypeLib
HKCR\Interface\{76157861-4996-4711-90E4-6D868B877B24}\TypeLib#Version
HKCR\Interface\{81DA01DB-8100-4865-B9B0-A83F54378435}
HKCR\Interface\{81DA01DB-8100-4865-B9B0-A83F54378435}\ProxyStubClsid
HKCR\Interface\{81DA01DB-8100-4865-B9B0-A83F54378435}\ProxyStubClsid32
HKCR\Interface\{81DA01DB-8100-4865-B9B0-A83F54378435}\TypeLib
HKCR\Interface\{81DA01DB-8100-4865-B9B0-A83F54378435}\TypeLib#Version
HKCR\Interface\{910EF37B-A486-41FC-8A1B-28C5581AB3AC}
HKCR\Interface\{910EF37B-A486-41FC-8A1B-28C5581AB3AC}\ProxyStubClsid
HKCR\Interface\{910EF37B-A486-41FC-8A1B-28C5581AB3AC}\ProxyStubClsid32
HKCR\Interface\{910EF37B-A486-41FC-8A1B-28C5581AB3AC}\TypeLib
HKCR\Interface\{910EF37B-A486-41FC-8A1B-28C5581AB3AC}\TypeLib#Version
HKCR\Interface\{A6B2BC38-7F2A-4202-9B43-A28615727FEE}
HKCR\Interface\{A6B2BC38-7F2A-4202-9B43-A28615727FEE}\ProxyStubClsid
HKCR\Interface\{A6B2BC38-7F2A-4202-9B43-A28615727FEE}\ProxyStubClsid32
HKCR\Interface\{A6B2BC38-7F2A-4202-9B43-A28615727FEE}\TypeLib
HKCR\Interface\{A6B2BC38-7F2A-4202-9B43-A28615727FEE}\TypeLib#Version
HKCR\Interface\{B11DA4C8-52DC-44A2-B21B-02BF7A93EB5B}
HKCR\Interface\{B11DA4C8-52DC-44A2-B21B-02BF7A93EB5B}\ProxyStubClsid
HKCR\Interface\{B11DA4C8-52DC-44A2-B21B-02BF7A93EB5B}\ProxyStubClsid32
HKCR\Interface\{B11DA4C8-52DC-44A2-B21B-02BF7A93EB5B}\TypeLib
HKCR\Interface\{B11DA4C8-52DC-44A2-B21B-02BF7A93EB5B}\TypeLib#Version
HKCR\Interface\{B5ADBFCA-C6DE-4E5A-A2DA-70AA2933B696}
HKCR\Interface\{B5ADBFCA-C6DE-4E5A-A2DA-70AA2933B696}\ProxyStubClsid
HKCR\Interface\{B5ADBFCA-C6DE-4E5A-A2DA-70AA2933B696}\ProxyStubClsid32
HKCR\Interface\{B5ADBFCA-C6DE-4E5A-A2DA-70AA2933B696}\TypeLib
HKCR\Interface\{B5ADBFCA-C6DE-4E5A-A2DA-70AA2933B696}\TypeLib#Version
HKCR\Interface\{B5AE5932-F1B3-45E4-842A-59EEA65B13A8}
HKCR\Interface\{B5AE5932-F1B3-45E4-842A-59EEA65B13A8}\ProxyStubClsid
HKCR\Interface\{B5AE5932-F1B3-45E4-842A-59EEA65B13A8}\ProxyStubClsid32
HKCR\Interface\{B5AE5932-F1B3-45E4-842A-59EEA65B13A8}\TypeLib
HKCR\Interface\{B5AE5932-F1B3-45E4-842A-59EEA65B13A8}\TypeLib#Version
HKCR\Interface\{BA18BA7B-9567-4408-9B87-3D3990C3969E}
HKCR\Interface\{BA18BA7B-9567-4408-9B87-3D3990C3969E}\ProxyStubClsid
HKCR\Interface\{BA18BA7B-9567-4408-9B87-3D3990C3969E}\ProxyStubClsid32
HKCR\Interface\{BA18BA7B-9567-4408-9B87-3D3990C3969E}\TypeLib
HKCR\Interface\{BA18BA7B-9567-4408-9B87-3D3990C3969E}\TypeLib#Version
HKCR\Interface\{D56509AB-9821-4DB0-BF2F-115159804140}
HKCR\Interface\{D56509AB-9821-4DB0-BF2F-115159804140}\ProxyStubClsid
HKCR\Interface\{D56509AB-9821-4DB0-BF2F-115159804140}\ProxyStubClsid32
HKCR\Interface\{D56509AB-9821-4DB0-BF2F-115159804140}\TypeLib
HKCR\Interface\{D56509AB-9821-4DB0-BF2F-115159804140}\TypeLib#Version
HKCR\Interface\{DFF203EA-222C-44FA-8B78-ED88B4587AA2}
HKCR\Interface\{DFF203EA-222C-44FA-8B78-ED88B4587AA2}\ProxyStubClsid
HKCR\Interface\{DFF203EA-222C-44FA-8B78-ED88B4587AA2}\ProxyStubClsid32
HKCR\Interface\{DFF203EA-222C-44FA-8B78-ED88B4587AA2}\TypeLib
HKCR\Interface\{DFF203EA-222C-44FA-8B78-ED88B4587AA2}\TypeLib#Version
HKCR\Interface\{EB22B708-E0D3-4FCE-800B-6DD0C5B30D42}
HKCR\Interface\{EB22B708-E0D3-4FCE-800B-6DD0C5B30D42}\ProxyStubClsid
HKCR\Interface\{EB22B708-E0D3-4FCE-800B-6DD0C5B30D42}\ProxyStubClsid32
HKCR\Interface\{EB22B708-E0D3-4FCE-800B-6DD0C5B30D42}\TypeLib
HKCR\Interface\{EB22B708-E0D3-4FCE-800B-6DD0C5B30D42}\TypeLib#Version
HKCR\Interface\{F1EA02F8-E536-4828-BFB7-3DE7FA4D4B09}
HKCR\Interface\{F1EA02F8-E536-4828-BFB7-3DE7FA4D4B09}\ProxyStubClsid
HKCR\Interface\{F1EA02F8-E536-4828-BFB7-3DE7FA4D4B09}\ProxyStubClsid32
HKCR\Interface\{F1EA02F8-E536-4828-BFB7-3DE7FA4D4B09}\TypeLib
HKCR\Interface\{F1EA02F8-E536-4828-BFB7-3DE7FA4D4B09}\TypeLib#Version
HKCR\Interface\{F6E18622-DFA8-4DBA-B05E-D3D147E16D44}
HKCR\Interface\{F6E18622-DFA8-4DBA-B05E-D3D147E16D44}\ProxyStubClsid
HKCR\Interface\{F6E18622-DFA8-4DBA-B05E-D3D147E16D44}\ProxyStubClsid32
HKCR\Interface\{F6E18622-DFA8-4DBA-B05E-D3D147E16D44}\TypeLib
HKCR\Interface\{F6E18622-DFA8-4DBA-B05E-D3D147E16D44}\TypeLib#Version
HKLM\Software\VirusHeat 4.4
HKLM\Software\VirusHeat 4.4#refid
HKLM\Software\VirusHeat 4.4#FirstStart
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusHeat 4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusHeat 4.4#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusHeat 4.4#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusHeat 4.4#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusHeat 4.4#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusHeat 4.4#NSIS:StartMenuDir
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusHeat 4.4#URLInfoAbout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusHeat 4.4#Publisher
C:\Program Files\VirusHeat 4.4\blacklist.txt
C:\Program Files\VirusHeat 4.4\Lang\English.ini
C:\Program Files\VirusHeat 4.4\Lang
C:\Program Files\VirusHeat 4.4\Logs
C:\Program Files\VirusHeat 4.4\msvcp71.dll
C:\Program Files\VirusHeat 4.4\msvcr71.dll
C:\Program Files\VirusHeat 4.4\Quarantine
C:\Program Files\VirusHeat 4.4\uninst.exe
C:\Program Files\VirusHeat 4.4\vht.dat
C:\Program Files\VirusHeat 4.4\VirusHeat 4.4.url
C:\Program Files\VirusHeat 4.4
C:\Documents and Settings\melanie orlofsky\Start Menu\Programs\VirusHeat 4.4\Uninstall VirusHeat 4.4.lnk
C:\Documents and Settings\melanie orlofsky\Start Menu\Programs\VirusHeat 4.4\VirusHeat 4.4 Website.lnk
C:\Documents and Settings\melanie orlofsky\Start Menu\Programs\VirusHeat 4.4\VirusHeat 4.4.lnk
C:\Documents and Settings\melanie orlofsky\Start Menu\Programs\VirusHeat 4.4
C:\WINDOWS\Prefetch\VIRUSHEAT 4.4.EXE-3604B8EC.pf

Trojan.Smitfraud Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{4d51e91c-e917-4b7f-89ff-abe471e16927}
HKCR\CLSID\{4D51E91C-E917-4B7F-89FF-ABE471E16927}
HKCR\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32
HKCR\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\UYHJW.DLL

Trojan.DNSChanger-Codec
HKCR\CLSID\E404.e404mgr
HKCR\CLSID\E404.e404mgr#UserId

Malware.System Defender
C:\Program Files\SystemDefender

Rogue.SystemDefender-Installer
C:\DOCUMENTS AND SETTINGS\MELANIE ORLOFSKY\APPLICATION DATA\SYSDEFENDER.EXE

Rogue.NetProject-Installer
C:\DOCUMENTS AND SETTINGS\MELANIE ORLOFSKY\DESKTOP\SETUP(2).EXE
C:\DOCUMENTS AND SETTINGS\MELANIE ORLOFSKY\DESKTOP\SETUP.EXE
C:\DOCUMENTS AND SETTINGS\MELANIE ORLOFSKY\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\A0G0UQ7R.DEFAULT\CACHE\DA5C47D8D01
C:\WINDOWS\Prefetch\SETUP.EXE-06885F5F.pf



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:48:21 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Common Files\AOL\1139091192\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139091192\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://qcmail.qc.cuny.edu/dwa7W.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 10083 bytes

#8 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 04 May 2008 - 03:01 PM

Wow, a few "baddies" there.

Now for what I hope to be the final scan:

Using Internet Explorer, please do a Kaspersky Online Scan

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure as follows:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will provide a report if your system is infected. It does not provide an option to clean/disinfect. We only require a report from it.

    Posted Image

  • Click the Save as Text button to save the file to your desktop and post it in your next reply along with a fresh HijackThis log.
* Turn off the real time scanner of any existing antivirus program while performing the online scan
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#9 Heffer58

Heffer58

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 04 May 2008 - 05:38 PM

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, May 04, 2008 7:36:07 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/05/2008
Kaspersky Anti-Virus database records: 740017
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 47339
Number of viruses found: 11
Number of infected objects: 25
Number of suspicious objects: 0
Duration of the scan process: 01:29:11

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\browser\history.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\melanie orlofsky\Application Data\Aim\bvtujxyb\reao87\cert8.db Object is locked skipped
C:\Documents and Settings\melanie orlofsky\Application Data\Aim\bvtujxyb\reao87\key3.db Object is locked skipped
C:\Documents and Settings\melanie orlofsky\Application Data\Sun\Java\Deployment\cache\6.0\37\3e36ace5-32f1b0bd/MagicApplet.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Documents and Settings\melanie orlofsky\Application Data\Sun\Java\Deployment\cache\6.0\37\3e36ace5-32f1b0bd/OwnClassLoader.class Infected: Trojan.Java.ClassLoader.au skipped
C:\Documents and Settings\melanie orlofsky\Application Data\Sun\Java\Deployment\cache\6.0\37\3e36ace5-32f1b0bd/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Documents and Settings\melanie orlofsky\Application Data\Sun\Java\Deployment\cache\6.0\37\3e36ace5-32f1b0bd ZIP: infected - 3 skipped
C:\Documents and Settings\melanie orlofsky\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-78753e5b-22eb0254.zip/MagicApplet.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Documents and Settings\melanie orlofsky\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-78753e5b-22eb0254.zip/OwnClassLoader.class Infected: Trojan.Java.ClassLoader.au skipped
C:\Documents and Settings\melanie orlofsky\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-78753e5b-22eb0254.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Documents and Settings\melanie orlofsky\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-78753e5b-22eb0254.zip ZIP: infected - 3 skipped
C:\Documents and Settings\melanie orlofsky\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-5-4-2008( 16-33-26 ).LOG Object is locked skipped
C:\Documents and Settings\melanie orlofsky\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\melanie orlofsky\Desktop\SDFix\backups_old1\backups.zip/backups/xlibgfl254.dll Infected: Trojan-Downloader.Win32.Agent.bfj skipped
C:\Documents and Settings\melanie orlofsky\Desktop\SDFix\backups_old1\backups.zip ZIP: infected - 1 skipped
C:\Documents and Settings\melanie orlofsky\Desktop\SDFix\backups_old1\catchme.zip/xlibgfl254.dll Infected: Trojan-Downloader.Win32.Agent.bfj skipped
C:\Documents and Settings\melanie orlofsky\Desktop\SDFix\backups_old1\catchme.zip ZIP: infected - 1 skipped
C:\Documents and Settings\melanie orlofsky\Desktop\SDFix\backups_old1\HOSTS Infected: Trojan.Win32.Qhost.nl skipped
C:\Documents and Settings\melanie orlofsky\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\melanie orlofsky\Desktop\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\melanie orlofsky\Desktop\SmitfraudFix.exe RAR: infected - 1 skipped
C:\Documents and Settings\melanie orlofsky\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\melanie orlofsky\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\melanie orlofsky\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\melanie orlofsky\Local Settings\Application Data\Pando\Pando Files\cert\cert8.db Object is locked skipped
C:\Documents and Settings\melanie orlofsky\Local Settings\Application Data\Pando\Pando Files\cert\key3.db Object is locked skipped
C:\Documents and Settings\melanie orlofsky\Local Settings\Application Data\Pando\Pando Files\pando.log Object is locked skipped
C:\Documents and Settings\melanie orlofsky\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\melanie orlofsky\Local Settings\Temp\~DFE545.tmp Object is locked skipped
C:\Documents and Settings\melanie orlofsky\Local Settings\Temp\~DFE552.tmp Object is locked skipped
C:\Documents and Settings\melanie orlofsky\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\melanie orlofsky\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\melanie orlofsky\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\melanie orlofsky\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\11.tmp Infected: Trojan-Downloader.Win32.FraudLoad.f skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\12.tmp Infected: Trojan-Downloader.Win32.FraudLoad.f skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\15.tmp Infected: Trojan-Downloader.Win32.FraudLoad.f skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\5.tmp Infected: not-virus:Hoax.Win32.Agent.ck skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP56\A0019390.dll Infected: not-a-virus:AdWare.Win32.E404.an skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP56\A0019436.exe Infected: not-a-virus:FraudTool.Win32.VirusHeat.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP56\A0019444.exe Infected: Trojan-Downloader.Win32.Adload.ma skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP56\A0019445.exe Infected: Trojan-Downloader.Win32.Zlob.mlb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP56\A0019446.exe Infected: Trojan-Downloader.Win32.Zlob.mlb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP56\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:12 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Common Files\AOL\1139091192\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\aol\1139091192\ee\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139091192\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://qcmail.qc.cuny.edu/dwa7W.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 10362 bytes

#10 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 04 May 2008 - 06:24 PM

A. Launch Notepad, and copy/paste everything in the codebox below into the new document, including the word REGEDIT4. Go up to "File Save As" and click the drop-down box to change the "Save As Type" to "All Files" and save it to your desktop as fixme.reg.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4d51e91c-e917-4b7f-89ff-abe471e16927}"=-

[-HKEY_CLASSES_ROOT\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}]


B.
  • Please RUN HijackThis.
  • Click the SCAN button to produce a log.

  • Place a check mark beside each one of the following items:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)



  • Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

  • Using Windows Explorer (Windows Key + E), locate the following files/folders, and DELETE them (if still present):

    C:\WINDOWS\system32\uyhjw.dll<==File
    C:\Documents and Settings\melanie orlofsky\Desktop\SDFix<==Folder and all its content
    C:\Documents and Settings\melanie orlofsky\Desktop\SmitfraudFix.exe<== Folder and all its content

  • Exit Explorer

  • Locate fixme.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer Yes and wait for a message to appear similar to Merged Successfully.

  • RESTART your system

  • Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now.

Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

    Advertisements

Register to Remove


#11 Heffer58

Heffer58

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 04 May 2008 - 07:32 PM

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:30:34 PM, on 5/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\AOL\1139091192\ee\AOLSoftware.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Dell\QuickSet\Quickset.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Pando Networks\Pando\Pando.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\AIM\aim.exe c:\program files\common files\aol\1139091192\ee\aolsoftware.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 2433 bytes

#12 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 04 May 2008 - 07:43 PM

Your post is missing most of the HijackThis log. Please run HijackThis again and post the entire log. Thanks, Trevuren
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#13 Heffer58

Heffer58

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 04 May 2008 - 07:54 PM

Not sure why that happened....but here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:54:36 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\AOL\1139091192\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM\aim.exe
c:\program files\common files\aol\1139091192\ee\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139091192\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://qcmail.qc.cuny.edu/dwa7W.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9742 bytes

#14 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 04 May 2008 - 08:04 PM

Your log looks clean. If you have no more malware-related problems that you are aware of, just give me the OK and we can start the final but essential cleanup procedures and recommendations.

Trevuren
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#15 Heffer58

Heffer58

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 04 May 2008 - 08:06 PM

Seems good to me.....I actually did just have a question. When I start my computer, it takes a really long time to load. I guess there are many programs starting up, but is there anyway to have it load quicker? Thanks

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users