TheTechGuide Forum

General Category => Tech Clinic => Topic started by: Beck on August 27, 2006, 01:54:33 PM

Title: VIRUS???
Post by: Beck on August 27, 2006, 01:54:33 PM

Please help! I'm ready to smash my laptop against a brick wall . . . My computer keeps freezing up (Netscape, IE, Word, etc.). I continually get messages that say the "program is not responding." I have virus software: PC-cilin 2006, but I'm not sure it's very effective. My virus log shows a virus: A0005851.dll that cannot be cleaned, and when I run a new virus scan, I get a message which says that I have PE_Generic.Z malware, but PC-cilin gives me no help with cleaning or removing it. I'm desperate!!!

Title: VIRUS???
Post by: guestolo on August 27, 2006, 01:58:46 PM

From my signature below, download and save too a permanent folder of it's own onto your harddrive
Hijackthis 1.99.1
Open Hijackthis.exe

Do a "SCAN and Save a Log file"
A log will open in Notepad
Copy and paste the WHOLE contents of the log here... Don't try and fix anything yet----It is all important

Title: VIRUS???
Post by: Beck on August 27, 2006, 02:54:22 PM

Logfile of HijackThis v1.99.1
Scan saved at 2:50:47 PM, on 8/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway (http://\"http://www.dell4me.com/myway\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.Email (http://\"http://mysearch.Email\") Removed/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gtec.com/ (http://\"http://www.gtec.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 (http://\"http://go.microsoft.com/fwlink/?LinkId=54729\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID} (http://\"http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}\")
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.siue.edu/~reburns"); (C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\prefs.js)
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DosSpecFolder Object - {3E1BEA96-02D9-4992-B508-9B51819D9D86} - C:\WINDOWS\system32\sstqn.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {7160FB1B-3DE0-4C42-81F0-41B4269990B0} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v12/ticker.cab (http://\"http://fdl.msn.com/public/investor/v12/ticker.cab\")
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...als/Coupons.cab (http://\"http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/McNeilNutritionals/Coupons.cab\")
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: sstqn - C:\WINDOWS\system32\sstqn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Thank you!!!

Title: VIRUS???
Post by: guestolo on August 27, 2006, 04:53:53 PM

Please download [color=\"red\"]VundoFix.exe[/color] (http://\"http://www.atribune.org/ccount/click.php?id=4\")[/url] to your desktop.

Double-click VundoFix.exe to run it.
Put a check next to Run VundoFix as a task.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.

Back in Windows
Come back here and ==Download, install, and update Ewido anti-spyware (http://\"http://www.ewido.net/en/download/\")
Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")

Then click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
Don't use your computer while running the scan, let it complete
Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Reboot the computer afterwards

Back in Windows
Post a fresh hijackthis log and report from Ewido's
+Please post the contents of C:\vundofix.txt

If it takes more than one reply to post back all the info, do so please

Title: VIRUS???
Post by: Beck on August 27, 2006, 09:28:56 PM

Okay, it took me FOREVER to download and run everything, but (shock, shock), both Vundofix and Ewido found plenty. Thank you!! Here are my logs:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:00:50 PM 8/27/2006

+ Scan result:

C:\Documents and Settings\Becky\Local Settings\Temporary Internet Files\Content.IE5\Q3Z0I44X\Coupons[1].cab/cpbrkpie.ocx -> Adware.Coupons : No action taken.
C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : No action taken.
HKU\S-1-5-21-1740484225-2935656826-1141337983-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : No action taken.
C:\asdf.exe -> Downloader.Small : No action taken.
:mozilla.92:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.93:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Becky\Cookies\becky@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.107:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.108:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Becky\Cookies\becky@adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Becky\Cookies\becky@adrevolver[3].txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.126:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.127:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.38:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.39:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.40:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.41:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.35:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Becky\Cookies\becky@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.109:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Bfast : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.78:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Coremetrics : No action taken.
:mozilla.18:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.59:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : No action taken.
:mozilla.131:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.28:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.29:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.30:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.31:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.32:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.33:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.34:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.21:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.22:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.161:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.54:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.87:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.105:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.106:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Becky\Cookies\becky@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.61:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.62:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.63:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.64:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.65:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.66:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.67:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.68:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.17:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.19:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.20:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.60:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Becky\Local Settings\Temp\NI.UWA6P_0001_N69M0303\setup.exe -> Trojan.Fakealert : No action taken.

::Report end
-----------------------------------------------------------------------------------

VundoFix V6.1.2

Checking Java version...

Java version is 1.4.2.3

Scan started at 5:12:04 PM 8/27/2006

Listing files found while scanning....

C:\WINDOWS\system32\sstqn.dll
C:\WINDOWS\system32\nqtss.ini
C:\WINDOWS\system32\nqtss.bak1
C:\WINDOWS\system32\nqtss.bak2
C:\WINDOWS\system32\nqtss.ini2
C:\WINDOWS\system32\nqtss.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\sstqn.dll
C:\WINDOWS\system32\sstqn.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\nqtss.ini
C:\WINDOWS\system32\nqtss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\nqtss.bak1
C:\WINDOWS\system32\nqtss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\nqtss.bak2
C:\WINDOWS\system32\nqtss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\nqtss.ini2
C:\WINDOWS\system32\nqtss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\nqtss.tmp
C:\WINDOWS\system32\nqtss.tmp Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.2

Checking Java version...

Java version is 1.4.2.3

Scan started at 5:24:11 PM 8/27/2006

Listing files found while scanning....

C:\WINDOWS\system32\sstqn.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\sstqn.dll
C:\WINDOWS\system32\sstqn.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.2

Checking Java version...

Java version is 1.4.2.3

Scan started at 7:39:10 PM 8/27/2006

Listing files found while scanning....

No infected files were found.

------------------------------------------
What now?

Title: VIRUS???
Post by: guestolo on August 27, 2006, 11:59:26 PM

It looks better
The problem is you didn't let Ewido fix any of the bad guys
We should get you to run it again, this time follow the instructions I post please

Can you do the following
Access your add/remove programs and remove any older updates or version of Sun Java
They are outdated, we'll update it in a bit
You will know which they are by the coffee cup icon in the add/remove panel

Also, I would uninstall MyWay Search Assistant if found in add/remove
It comes preinstalled with Dell computers
Not a recommended search assistant

Load Ewido and then click the Update tab at the top.
Check for updates again, just in case
Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")

Then click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
Don't use your computer while running the scan, let it complete
Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Reboot the computer afterwards

Back in Windows

Access the following link to update to the newest Java
http://www.java.com/en/download/manual.jsp (http://\"http://www.java.com/en/download/manual.jsp\")
Save the Windows Offline installer to desktop
Double click to install and follow the prompts
When it's done installing you can delete the installer from desktop

I need to see all the following

1. Post a fresh hijackthis log
2. Post the new report from Ewido's

Title: VIRUS???
Post by: Beck on August 28, 2006, 08:57:38 PM

I rescanned my computer using Ewido and remembered to hit Apply all actions. I'll post the new report below. I ran a new Vundofix scan, but it didn't find anything new, so I don't have a new report. I also removed the two programs, as instructed, and installed the newest version of Java. Thank you so much for all of your help!!!

Becky

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:09:51 PM 8/28/2006

+ Scan result:

C:\Documents and Settings\Becky\Local Settings\Temporary Internet Files\Content.IE5\Q3Z0I44X\Coupons[1].cab/cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
HKU\S-1-5-21-1740484225-2935656826-1141337983-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\asdf.exe -> Downloader.Small : Cleaned with backup (quarantined).
:mozilla.92:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.93:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.107:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.108:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.126:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.127:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.38:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.39:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.40:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.35:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.109:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.78:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.18:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.59:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.131:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.28:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.29:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.30:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.31:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.32:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.33:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.34:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.21:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.22:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.161:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.54:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.87:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.105:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.106:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.61:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.62:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.63:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.64:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.65:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.66:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.67:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.68:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.17:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.19:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.20:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.60:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Becky\Local Settings\Temp\NI.UWA6P_0001_N69M0303\setup.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).

::Report end

-----------------------
What's next? =)

Title: VIRUS???
Post by: guestolo on August 28, 2006, 09:38:37 PM

Quote

1. Post a fresh hijackthis log
2. Post the new report from Ewido's

Can I see that new hijackthis log please!!!!!!!!!!

Title: VIRUS???
Post by: Beck on August 29, 2006, 08:20:35 AM

Sorry . . .

/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:09:51 PM 8/28/2006

+ Scan result:

C:\Documents and Settings\Becky\Local Settings\Temporary Internet Files\Content.IE5\Q3Z0I44X\Coupons[1].cab/cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
HKU\S-1-5-21-1740484225-2935656826-1141337983-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\asdf.exe -> Downloader.Small : Cleaned with backup (quarantined).
:mozilla.92:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.93:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.107:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.108:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.126:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.127:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.38:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.39:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.40:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.35:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.109:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.78:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.18:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.59:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.131:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.28:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.29:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.30:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.31:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.32:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.33:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.34:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.21:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.22:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.161:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.54:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.87:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.105:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.106:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.61:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.62:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.63:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.64:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.65:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.66:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.67:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.68:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.17:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.19:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.20:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.60:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Becky\Local Settings\Temp\NI.UWA6P_0001_N69M0303\setup.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).

::Report end

Title: VIRUS???
Post by: guestolo on August 29, 2006, 10:26:07 PM

Can I see that new hijackthis log please!!

Hijackthis is located in this location
C:\HJT\hijackthis\HijackThis.exe

Title: VIRUS???
Post by: Beck on August 30, 2006, 04:05:57 PM

Logfile of HijackThis v1.99.1
Scan saved at 4:04:18 PM, on 8/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRAM FILES\DELL SUPPORT\DSAGNT.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway (http://\"http://www.dell4me.com/myway\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gtec.com/ (http://\"http://www.gtec.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 (http://\"http://go.microsoft.com/fwlink/?LinkId=54729\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID} (http://\"http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}\")
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.siue.edu/~reburns"); (C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\prefs.js)
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DosSpecFolder Object - {3E1BEA96-02D9-4992-B508-9B51819D9D86} - C:\WINDOWS\system32\sstqn.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {7160FB1B-3DE0-4C42-81F0-41B4269990B0} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v12/ticker.cab (http://\"http://fdl.msn.com/public/investor/v12/ticker.cab\")
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...als/Coupons.cab (http://\"http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/McNeilNutritionals/Coupons.cab\")
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Title: VIRUS???
Post by: guestolo on August 30, 2006, 11:23:51 PM

Do a "System scan only" with Hijackthis and put a check next to these entries:

O2 - BHO: DosSpecFolder Object - {3E1BEA96-02D9-4992-B508-9B51819D9D86} - C:\WINDOWS\system32\sstqn.dll (file missing)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...als/Coupons.cab (http://\"http://a19.g.akamai.net/7/19/7125/4056/ftp...als/Coupons.cab\")

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot your computer

Back in Windows
Besides the above, and some entries running on startup that don't need to be running your log looks good
Post one last fresh hijackthis log
Let me know how things are running please

Title: VIRUS???
Post by: Beck on August 31, 2006, 11:32:25 AM

guestolo,

I did the "Fix Check" thing to the two entries, rebooted, and ran a new Hijackthis log. My computer is running e-x-t-r-e-m-e-l-y slow . . . It took about 7 min to reboot and 3.5 min to load my "VIRUS???" topic. Here's the fresh hijackthis log that you asked for:

Logfile of HijackThis v1.99.1
Scan saved at 11:10:13 AM, on 8/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway (http://\"http://www.dell4me.com/myway\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gtec.com/ (http://\"http://www.gtec.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 (http://\"http://go.microsoft.com/fwlink/?LinkId=54729\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID} (http://\"http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}\")
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.siue.edu/~reburns"); (C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\prefs.js)
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {7160FB1B-3DE0-4C42-81F0-41B4269990B0} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v12/ticker.cab (http://\"http://fdl.msn.com/public/investor/v12/ticker.cab\")
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

-----------------------------------------------------------------------------------------------------

Is there a way that I can eliminate all of the extra crap from running at startup?

Thanks a bunch!
Beck

/wink.gif\' class=\'bbc_emoticon\' alt=\';)\' />

Title: VIRUS???
Post by: guestolo on September 01, 2006, 08:24:03 AM

Can I just take a look at a couple more logs please
1. Download this file - [color=\"red\"]combofix.exe[/color] (http://\"http://download.bleepingcomputer.com/sUBs/combofix.exe\")
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Also:
Save Silent Runners.vbs (http://\"http://www.silentrunners.org/Silent%20Runners.vbs\") to your desktop
Right click on that link and choose Save Link As
Double click on it to run. You don't have to click yes or no, it will continue to run in a few seconds
If prompted by your AV, please let this script run, we are just collecting information

This will create a text file on your desktop
Open the text file and copy and paste the contents back here

NOTE: let silentrunners completely finish, it WILL prompt when it is done

Title: VIRUS???
Post by: Beck on September 01, 2006, 07:59:20 PM

questolo,

Here are the two logs that you asked for. Sorry it took me so long to get them to you--my browser (IE) kept freezing. Actually, this is the 2nd time I'm trying to post. The first time I clicked "Add Reply" IE went blank and came back with the page cannot be found message . . . and my post was gone. Hopefully it will work this time.

Thanks a bunch!
Beck

/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

----------------------------------------------------------------------------------------------------------------------

Becky - 06-09-01 19:26:14.54
ComboFix 06.08.30BT - Running from: C:\Documents and Settings\Becky\Desktop

((((((((((((((((((((((((((((((( Files Created from 2006-08-01 to 2006-09-01 ))))))))))))))))))))))))))))))))))

2006-08-26   22:13   4   --ah-----   C:\WINDOWS\uccspecb.sys

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-09-01 18:38   --------   d--------   C:\Program Files\ewido anti-spyware 4.0
2006-08-28 20:47   --------   d--------   C:\Program Files\Java
2006-08-28 20:45   --------   d--------   C:\Program Files\Common Files\Java
2006-08-28 20:45   --------   d--------   C:\Program Files\Common Files
2006-08-18 17:34   22284   --a------   C:\Documents and Settings\Becky\Application Data\Comma Separated Values (Windows).ADR
2006-08-18 17:23   38465   --a------   C:\Documents and Settings\Becky\Application Data\Comma Separated Values (DOS).ADR
2006-08-16 17:20   31248   --a------   C:\WINDOWS\system32\drivers\tmpreflt.sys
2006-08-16 17:20   197648   --a------   C:\WINDOWS\system32\drivers\tmxpflt.sys
2006-08-16 16:51   1051456   --a------   C:\WINDOWS\system32\drivers\VsapiNT.sys
2006-07-27 08:24   679424   --a------   C:\WINDOWS\system32\inetcomm.dll
2006-07-21 03:24   72704   --a------   C:\WINDOWS\system32\hlink.dll
2006-07-14 23:19   --------   d--------   C:\Program Files\Yahoo! Games
2006-07-09 20:20   --------   d--------   C:\Program Files\Internet Explorer
2006-07-03 19:25   --------   d--------   C:\Program Files\DBCBT
2006-07-02 19:24   3619   --a------   C:\Documents and Settings\Becky\Application Data\AdobeDLM.log
2006-07-02 19:24   0   --a------   C:\Documents and Settings\Becky\Application Data\dm.ini
2006-07-02 19:24   --------   d--------   C:\Program Files\Adobe
2006-07-02 18:45   --------   d--------   C:\Documents and Settings\Becky\Application Data\AdobeAUM
2006-07-02 18:45   --------   d--------   C:\Documents and Settings\Becky\Application Data\Adobe
2006-07-02 18:42   --------   d--------   C:\Program Files\Yahoo!
2006-07-02 17:19   --------   d--------   C:\Program Files\Common Files\Adobe
2006-06-25 19:33   56   -r-hs----   C:\WINDOWS\system32\D7D10B508E.sys
2006-06-25 19:33   3766   --ahs----   C:\WINDOWS\system32\KGyGaAvL.sys
2006-06-23 09:28   5512704   ---------   C:\WINDOWS\system32\ieframe.dll
2006-06-23 09:28   47616   ---------   C:\WINDOWS\system32\msfeedsbs.dll
2006-06-23 09:28   454144   ---------   C:\WINDOWS\system32\msfeeds.dll
2006-06-23 09:28   413696   --a------   C:\WINDOWS\system32\vbscript.dll
2006-06-23 09:28   223744   --a------   C:\WINDOWS\system32\webcheck.dll
2006-06-23 09:28   179200   ---------   C:\WINDOWS\system32\ieui.dll
2006-06-23 09:28   155648   --a------   C:\WINDOWS\system32\msls31.dll
2006-06-23 05:41   172544   ---------   C:\WINDOWS\system32\WinFXDocObj.exe
2006-06-23 05:40   78848   --a------   C:\WINDOWS\system32\ieencode.dll
2006-06-23 05:40   40960   --a------   C:\WINDOWS\system32\url.dll
2006-06-23 05:39   99328   --a------   C:\WINDOWS\system32\occache.dll
2006-06-23 05:39   39424   --a------   C:\WINDOWS\system32\licmgr10.dll
2006-06-23 05:37   14336   --a------   C:\WINDOWS\system32\corpol.dll
2006-06-23 05:34   81920   --a------   C:\WINDOWS\system32\admparse.dll
2006-06-23 05:34   50688   --a------   C:\WINDOWS\system32\ie4uinit.exe
2006-06-23 05:34   372736   --a------   C:\WINDOWS\system32\iedkcs32.dll
2006-06-23 05:34   228864   --a------   C:\WINDOWS\system32\ieaksie.dll
2006-06-23 05:34   167936   --a------   C:\WINDOWS\system32\ieakeng.dll
2006-06-23 05:33   54272   --a------   C:\WINDOWS\system32\iesetup.dll
2006-06-23 05:33   41984   --a------   C:\WINDOWS\system32\iernonce.dll
2006-06-23 05:33   121856   --a------   C:\WINDOWS\system32\advpack.dll
2006-06-23 05:30   11776   ---------   C:\WINDOWS\system32\msfeedssync.exe
2006-06-23 05:29   55296   ---------   C:\WINDOWS\system32\icardie.dll
2006-06-23 05:29   35328   --a------   C:\WINDOWS\system32\imgutil.dll
2006-06-23 05:27   251392   ---------   C:\WINDOWS\system32\iertutil.dll
2006-06-23 05:26   45568   --a------   C:\WINDOWS\system32\mshta.exe
2006-06-23 04:46   377856   ---------   C:\WINDOWS\system32\ieapfltr.dll
2006-06-23 04:45   48640   --a------   C:\WINDOWS\system32\mshtmler.dll
2006-06-23 04:41   172032   --a------   C:\WINDOWS\system32\ieakui.dll
2006-06-19 15:18   23552   ---------   C:\WINDOWS\system32\idndl.dll
2006-06-19 15:18   22752   --a------   C:\WINDOWS\system32\spupdsvc.exe
2006-06-19 15:18   20480   ---------   C:\WINDOWS\system32\normaliz.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"PRONoMgrWired"="C:\\Program Files\\Intel\\PROSetWired\\NCS\\PROSet\\PRONoMgr.exe"
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"Dell Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~3\\mimboot.exe"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2006\\pccguide.exe\""
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Mozilla Quick Launch"="\"C:\\Program Files\\Netscape\\Netscape\\Netscp.exe\" -turbo"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20060831-110947-552
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...als/Coupons.cab (http://\"http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/McNeilNutritionals/Coupons.cab\")
backup-20060830-232750-971
O2 - BHO: DosSpecFolder Object - {3E1BEA96-02D9-4992-B508-9B51819D9D86} - C:\WINDOWS\system32\sstqn.dll (file missing)

Completion time: Fri 09/01/2006 19:27:03.93
ComboFix.txt
-------------------------------------------------------------------------------------------------------------------------

"Silent Runners.vbs", revision 47, http://www.silentrunners.org/ (http://\"http://www.silentrunners.org/\")
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"DellSupport" = ""C:\Program Files\Dell Support\DSAgnt.exe" /startup" ["Gteko Ltd."]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Mozilla Quick Launch" = ""C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo" ["Mozilla, Netscape"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"PRONoMgrWired" = "C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" ["Intel® Corporation"]
"Dell QuickSet" = "C:\Program Files\Dell\QuickSet\quickset.exe" [empty string]
"Dell Wireless Manager UI" = "C:\WINDOWS\system32\WLTRAY" ["Dell Inc"]
"DVDLauncher" = ""C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"" ["CyberLink Corp."]
"RealTray" = "C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER" ["RealNetworks, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"dla" = "C:\WINDOWS\system32\dla\tfswctrl.exe" ["Sonic Solutions"]
"ISUSPM Startup" = ""C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup" ["InstallShield Software Corporation"]
"ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"]
"MimBoot" = "C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" ["Musicmatch, Inc."]
"pccguide.exe" = ""C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"" ["Trend Micro Incorporated."]
"igfxtray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"igfxhkcmd" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"igfxpers" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]
"Corel Photo Downloader" = "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" ["Corel, Inc."]
"Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06647158-359E-4D10-A8DE-E6145DA90BE9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Trend Micro Antifraud Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll" ["Trend Micro Incorporated."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = (no title provided)
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{48F45200-91E6-11CE-8A4F-0080C81A28D4}" = "TMD Shell Extension"
-> {HKLM...CLSID} = "TMD Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Trend Micro\Internet Security 2006\Tmdshell.dll" ["Trend Micro Incorporated."]
"{771A9DA0-731A-11CE-993C-00AA004ADB6C}" = "VBPropSheet"
-> {HKLM...CLSID} = "VBPropSheet"
\InProcServer32\(Default) = "C:\Program Files\Trend Micro\Internet Security 2006\VBProp.dll" ["Trend Micro Incorporated."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "autocheck autochk * stera" [file not found], [MS], [file not found], [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Becky\My Documents\My Pictures\Maltese in custome.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\sstext3d.scr" [MS]

Startup items in "Becky" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Digital Line Detect" -> shortcut to: "C:\Program Files\Digital Line Detect\DLG.exe" ["BVRP Software"]
"dlbcserv" -> shortcut to: "C:\Program Files\Dell Photo Printer 720\dlbcserv.exe" [null data]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{871F91FD-3A92-4988-A842-16AB2CFF5AF1}"
-> {HKLM...CLSID} = "Trend Micro Antifraud Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll" ["Trend Micro Incorporated."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Real.com"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Dell Wireless WLAN Tray Service, wltrysvc, "C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe" [null data]
ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
NICCONFIGSVC, NICCONFIGSVC, "C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe" ["Dell Inc."]
Trend Micro Central Control Component, PcCtlCom, "C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe" ["Trend Micro Incorporated."]
Trend Micro Personal Firewall, TmPfw, "C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe" ["Trend Micro Inc."]
Trend Micro Proxy Service, tmproxy, "C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe" ["Trend Micro Inc."]
Trend Micro Real-time Service, Tmntsrv, "C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe" ["Trend Micro Incorporated."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Dell Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
ssgb6 Langmon\Driver = "ssgb6mon.dll" ["Samsung Electronics."]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 43 seconds, including 18 seconds for message boxes)

Title: VIRUS???
Post by: guestolo on September 02, 2006, 12:37:03 AM

Can you do the follow please\
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe (http://\"ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe\")

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

Post the whole report from Dr.Web

Title: VIRUS???
Post by: Beck on September 02, 2006, 10:25:15 AM

guestolo,

Here's the Dr. Web log that you requested:

Silent Runners.vbs;C:\Documents and Settings\Becky\Desktop;Probably BATCH.Virus;;
A0012936.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP113;Trojan.Virtumod;Deleted.;
A0012937.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP113;Trojan.Virtumod;Deleted.;
A0013094.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115;Trojan.MulDrop.3406;Deleted.;
A0013095.ocx;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115;Adware.Coupons;;

Why doesn't my PC-cillin pick up on these things? Have I completely wasted my $ on it?

/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />

Becky

Title: VIRUS???
Post by: Beck on September 04, 2006, 12:20:58 AM

guestolo:

Yesterday morning I posted the Dr. Web log that you wanted (please see previous post). Tonight I took at look at the processes (in Task Manager), because I could bake a cake while waiting for a page to load . . . I'm pasting in all of the processes that are running on my computer (see below). Is it normal for this many to be running at one time when I only have one program going (that I am aware of)?

svchost.exe   SYSTEM    00    656 K
taskmgr.exe   Becky    00   4,952 K
TmPfw.exe    SYSTEM    00   2,052 K
wdfmgr.exe   LOCAL SERVICE 00    128 K
mim.exe    Becky    00   1,540 K
MMDiag.exe   Becky    00    242 K
wmiprvse.exe   SYSTEM    00    424 K
Netscp.exe    Becky    00   1,028 K
LEXPPS.EXE    SYSTEM    00    396 K
Spoolsv.exe   SYSTEM    00   2,328 K
LESBCES.EXE   SYSTEM    00    64 K
BCMWLTRY.EXE   SYSTEM    00   2,096 K
WLTRYSVC.EXE   SYSTEM    00    64 K
ctfmon.exe    Becky    00   1,728 K
PcCtlCom.exe   SYSTEM    00   1,216 K
DSAgnt.exe   Becky    00    532 K
ewido.exe    Becky    00   1,856 K
DLG.exe    Becky    00    344 K
jusched.exe   Becky    00    64 K
svchost.exe   LOCAL SERVICE 00    928 K
apdproxy.exe   Becky    00   1,128 K
svchost.exe   NETWORK SERVICE 00    868 K
svchost.exe   SYSTEM    00   8,692 K
svchost.exe   NETWORK SERVICE 00   1,580 K
igfxsrvc.exe   Becky    00    112 K
svchost.exe   SYSTEM    00   1,732 K
NicConfigSvc.exe   SYSTEM    00    416 K
MediaDetect.exe   Becky    00    500 K
lsass.exe    SYSTEM    00   1,132 K
services.exe   SYSTEM    00   1,604 K
winlogon.exe   SYSTEM    00   1,272 K
csrss.exe    SYSTEM    00   1,364 K
igfxpers.exe   Becky    00    984 K
hkcmd.exe    Becky 00   1,152 K
smss.exe    SYSTEM    00    60 K
pccguide.exe   Becky    00   3,684 K
issch.exe    Becky     00    296 K
tfswctrl.exe    Becky    00   1,228 K
realplay.exe   Becky    00   2,200 K
DVDLauncher.exe   Becky    00    456 K
guard.exe    SYSTEM    00   7,196 K
WLTRAY.EXE   Becky    00   1,068 K
quickset.exe   Becky    00    528 K
PRONoMgr.exe   Becky    00    280 K
SynTPEnh.exe   Becky    00   1,372 K
tmproxy.exe   SYSTEM    00 12,640 K
Tmntsrv.exe   SYSTEM    00    656 K
explorer.exe   Becky    02   8,428 K
System    SYSTEM    00    40 K
System Idle Process   SYSTEM    98    28 K

Beck

[attachment=1314:attachment]guestolo:

Yesterday morning I posted the Dr. Web log that you wanted (please see previous post). Tonight I took at look at the processes (in Task Manager), because I could bake a cake while waiting for a page to load . . . I'm attaching a copy of all of the processes that are running on my computer. Is it normal for this many to be running at one time when I only have one program going (that I am aware of)?

Beck

Title: VIRUS???
Post by: guestolo on September 04, 2006, 09:35:52 AM

Your system idle process is good, I still don't see anything bad
I put in IE7 in my wifes computer, I remember her home page was loading slowly after I did that
It changed a setting in IE's connection tab
Can you take a look please
In IE>>Click on TOOLS>>Internet Options>>Click on the Connections tab
Open LAN settings if your on broadband ISP or click on Settings under Dialup if that is your service
Uncheck All boxes in the next window
Take note of your original settings however
OK your way out
Close IE and then reopen it, any improvement?

If not
Try the following for testing purposes
Go to START>>RUN>>type in msconfig
Hit OK

Open the SERVICES tab>>
Put a Check in 'Hide a Microsoft Services'
Then click the Disable All button
Apply it

Then open the STARTUP tab>>
Click Disable All button
Apply and Close
Reboot the computer

Back in Windows
See if things speed up
We will also of disabled your firewall
Can you go into your Windows Control panel and enable the XP firewall temporarily
Let's not leave you totally unprotected

Remember, this is just for testing purposes
Browse the net, have things improved

Afterwards, go back into msconfig
For now, just enable any entries related to your AV and Firewall under the Services and Startup tabs
Reboot the computer
SERVICES
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

STARTUP
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"

Are things still OK?
If they are, by process of elimination, let's see if it's a legit entry slowing you down

Title: VIRUS???
Post by: Beck on September 04, 2006, 06:42:22 PM

Okay . . . the boxes under my LAN settings were already unchecked, so I went into msconfig and made the changes that you suggested. I logged into Blackboard (I teach English comp and use Blackboard in all of my classes). At first, I was able to navigate around quicker, but after a while, pages began opening up much slower again. Could all of this slowness be connected to my crummy Celeron M processor? Should I go back into msconfig and return to the normal setup, yet? What's strange is, I can press "enter" and wait minutes for a page to load, but if I reload the page 2x, it typically will load right away then.

Beck

/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' />

Title: VIRUS???
Post by: guestolo on September 04, 2006, 07:22:11 PM

I think I scanned through your combofix log to quickly
Can you do the following please

In IE, click on TOOLS>>Internet Options>>Under the General tab click
Delete.... under Browsing History

Then click the Delete Files... Delete Cookies.... Delete History....

============================================
Please download [color=\"#FF0000\"]ATF-Cleaner[/color] (http://\"http://www.atribune.org/ccount/click.php?id=1\") by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

This will remove all files from the items that are checked so if you have some cookies you'd like to save. please move them to a different directory first.
====================================================================

Open Hijackthis>>Open Misc Tools section>>Open "Delete File on Reboot"
In the filename field, copy>>Paste the next whole line in bold directly below

C:\WINDOWS\uccspecb.sys

Then click the OPEN button
Hijackthis should prompt that the file will be deleted on reboot

Allow to reboot the computer

Back in Windows
Can you post a fresh hijackthis log
Also, run Combofix again and post the new log

Title: VIRUS???
Post by: Beck on September 04, 2006, 10:58:51 PM

I downloaded ATF-Cleaner and did everything you said. Here are the new logs that you requested.

Thanks,
Becky

Logfile of HijackThis v1.99.1
Scan saved at 10:48:34 PM, on 9/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway (http://\"http://www.dell4me.com/myway\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gtec.com/ (http://\"http://www.gtec.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 (http://\"http://go.microsoft.com/fwlink/?LinkId=54729\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID} (http://\"http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}\")
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.siue.edu/~reburns"); (C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\prefs.js)
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {7160FB1B-3DE0-4C42-81F0-41B4269990B0} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v12/ticker.cab (http://\"http://fdl.msn.com/public/investor/v12/ticker.cab\")
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--------------------------------------------------------------------------------------------------------------------------

Becky - 06-09-04 22:50:19.26
ComboFix 06.08.30BT - Running from: C:\Documents and Settings\Becky\Desktop

((((((((((((((((((((((((((((((( Files Created from 2006-08-04 to 2006-09-04 ))))))))))))))))))))))))))))))))))

No new files created in this timespan

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-09-04 14:12   --------   d--------   C:\Program Files\ewido anti-spyware 4.0
2006-08-28 20:47   --------   d--------   C:\Program Files\Java
2006-08-28 20:45   --------   d--------   C:\Program Files\Common Files\Java
2006-08-28 20:45   --------   d--------   C:\Program Files\Common Files
2006-08-18 17:34   22284   --a------   C:\Documents and Settings\Becky\Application Data\Comma Separated Values (Windows).ADR
2006-08-18 17:23   38465   --a------   C:\Documents and Settings\Becky\Application Data\Comma Separated Values (DOS).ADR
2006-08-16 17:20   31248   --a------   C:\WINDOWS\system32\drivers\tmpreflt.sys
2006-08-16 17:20   197648   --a------   C:\WINDOWS\system32\drivers\tmxpflt.sys
2006-08-16 16:51   1051456   --a------   C:\WINDOWS\system32\drivers\VsapiNT.sys
2006-07-27 08:24   679424   --a------   C:\WINDOWS\system32\inetcomm.dll
2006-07-21 03:24   72704   --a------   C:\WINDOWS\system32\hlink.dll
2006-07-14 23:19   --------   d--------   C:\Program Files\Yahoo! Games
2006-07-09 20:20   --------   d--------   C:\Program Files\Internet Explorer
2006-07-02 19:24   3619   --a------   C:\Documents and Settings\Becky\Application Data\AdobeDLM.log
2006-07-02 19:24   0   --a------   C:\Documents and Settings\Becky\Application Data\dm.ini
2006-06-25 19:33   56   -r-hs----   C:\WINDOWS\system32\D7D10B508E.sys
2006-06-25 19:33   3766   --ahs----   C:\WINDOWS\system32\KGyGaAvL.sys
2006-06-23 09:28   5512704   ---------   C:\WINDOWS\system32\ieframe.dll
2006-06-23 09:28   47616   ---------   C:\WINDOWS\system32\msfeedsbs.dll
2006-06-23 09:28   454144   ---------   C:\WINDOWS\system32\msfeeds.dll
2006-06-23 09:28   413696   --a------   C:\WINDOWS\system32\vbscript.dll
2006-06-23 09:28   223744   --a------   C:\WINDOWS\system32\webcheck.dll
2006-06-23 09:28   179200   ---------   C:\WINDOWS\system32\ieui.dll
2006-06-23 09:28   155648   --a------   C:\WINDOWS\system32\msls31.dll
2006-06-23 05:41   172544   ---------   C:\WINDOWS\system32\WinFXDocObj.exe
2006-06-23 05:40   78848   --a------   C:\WINDOWS\system32\ieencode.dll
2006-06-23 05:40   40960   --a------   C:\WINDOWS\system32\url.dll
2006-06-23 05:39   99328   --a------   C:\WINDOWS\system32\occache.dll
2006-06-23 05:39   39424   --a------   C:\WINDOWS\system32\licmgr10.dll
2006-06-23 05:37   14336   --a------   C:\WINDOWS\system32\corpol.dll
2006-06-23 05:34   81920   --a------   C:\WINDOWS\system32\admparse.dll
2006-06-23 05:34   50688   --a------   C:\WINDOWS\system32\ie4uinit.exe
2006-06-23 05:34   372736   --a------   C:\WINDOWS\system32\iedkcs32.dll
2006-06-23 05:34   228864   --a------   C:\WINDOWS\system32\ieaksie.dll
2006-06-23 05:34   167936   --a------   C:\WINDOWS\system32\ieakeng.dll
2006-06-23 05:33   54272   --a------   C:\WINDOWS\system32\iesetup.dll
2006-06-23 05:33   41984   --a------   C:\WINDOWS\system32\iernonce.dll
2006-06-23 05:33   121856   --a------   C:\WINDOWS\system32\advpack.dll
2006-06-23 05:30   11776   ---------   C:\WINDOWS\system32\msfeedssync.exe
2006-06-23 05:29   55296   ---------   C:\WINDOWS\system32\icardie.dll
2006-06-23 05:29   35328   --a------   C:\WINDOWS\system32\imgutil.dll
2006-06-23 05:27   251392   ---------   C:\WINDOWS\system32\iertutil.dll
2006-06-23 05:26   45568   --a------   C:\WINDOWS\system32\mshta.exe
2006-06-23 04:46   377856   ---------   C:\WINDOWS\system32\ieapfltr.dll
2006-06-23 04:45   48640   --a------   C:\WINDOWS\system32\mshtmler.dll
2006-06-23 04:41   172032   --a------   C:\WINDOWS\system32\ieakui.dll
2006-06-19 15:18   23552   ---------   C:\WINDOWS\system32\idndl.dll
2006-06-19 15:18   22752   --a------   C:\WINDOWS\system32\spupdsvc.exe
2006-06-19 15:18   20480   ---------   C:\WINDOWS\system32\normaliz.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2006\\pccguide.exe\""
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PRONoMgrWired"="C:\\Program Files\\Intel\\PROSetWired\\NCS\\PROSet\\PRONoMgr.exe"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~3\\mimboot.exe"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"Dell Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY"
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mozilla Quick Launch"="\"C:\\Program Files\\Netscape\\Netscape\\Netscp.exe\" -turbo"
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

Completion time: Mon 09/04/2006 22:50:57.60
ComboFix Log.txt
ComboFix.txt
ComboFix2.txt

Title: VIRUS???
Post by: guestolo on September 05, 2006, 09:08:42 PM

How are things running????

The only file I don't recognize is this one
C:\WINDOWS\system32\D7D10B508E.sys

Can you ensure that windows is
Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.

Navigate to the above file
Can you right click on it and select properties
If a version tab, can you let me know what it's related to please
If unsure,
Go to either of these links
http://www.virustotal.com/flash/index_en.html (http://\"http://www.virustotal.com/flash/index_en.html\")
OR
http://virusscan.jotti.org/ (http://\"http://virusscan.jotti.org/\")
OR
Virus.org (http://\"http://scanner.virus.org/\")

Use the browse button and navigate to the file on your harddrive
Right click on the file and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please

Do you get the same slowdowns with Netscape when your browsing?
I'm not exactly sure what version of IE7 your using, but I don't think it's the latest
and don't forget it is Beta
The latest is IE7 RC1
You may want to update to this version
From what I understand there is no need to uninstall the older version, it is removed when installing the latest
Take a look at the following link
http://www.microsoft.com/downloads/details...;displaylang=en (http://\"http://www.microsoft.com/downloads/details.aspx?FamilyID=94e5bf41-2907-4415-8f72-da7c2c2ace09&displaylang=en\")

Here's a link on the release notes
http://msdn.microsoft.com/ie/releasenotes/default.aspx (http://\"http://msdn.microsoft.com/ie/releasenotes/default.aspx\")

I would create a new system restore point beforehand, if you decide to update IE
Just to be on the safe side
Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Create a New restore point
Name it and click create

Title: VIRUS???
Post by: swaniegotgame on September 05, 2006, 09:17:45 PM

if u dont have it working yet.... i had some trouble like that..... turned out that my computer was over heating cause my fan was broken =-9 cheak that

Title: VIRUS???
Post by: Beck on September 07, 2006, 07:40:50 PM

Well, I'm still having trouble. I upgraded IE, and that didn't help. I used Navigator for a while, and it's basically as slow as IE.

I had the mystery file scanned (I didn't have a version tab). Here are the results of the scan:

Results from the virus scan of uploaded sample
Return to the Virus.Org Scanning Service

The following represents the test results from the virus scanners used by the Virus.Org scanning service when it performed the scan on the file 'D7D10B508E.sys'.



File:   D7D10B508E.sys
SHA-1 Digest:   0aa74639bbfb0ace692a13191e559699b1854eee
Packers:   Unknown
Status:   Potentially Clean



Scanner   Scanner Version   Result   Scan Time
ArcaVir   1.0.3   Clean   0.784439 secs
avast!   2.0.0   Clean   0.00730085 secs
AVG Anti Virus   7.1.30   Clean   1.38923 secs
Avira Desktop   1.1.6-32   Clean   3.25781 secs
BitDefender   7.1   Clean   4.07102 secs
ClamAV   0.88/1815   Clean   0.00353694 secs
Dr. Web   4.33.0   Clean   5.65655 secs
F-PROT   4.6.5   Clean   0.424863 secs
H+BEDV AntiVir   NULL   Clean   3.54855 secs
Ikarus PSCAN   2.32   Clean   8.57994 secs
NOD32   2.51.1   Clean   2.07967 secs
Norman Virus Control   5.70.01   Clean   4.15496 secs
Sophos Sweep   4.05.0   Clean   2.72894 secs
VBA32   3.11.1   Clean   1.93916 secs
VirusBuster 2005   1.2.4   Clean   1.25759 secs

Any other suggestions?

Beck

Title: VIRUS???
Post by: guestolo on September 07, 2006, 10:42:57 PM

One more checkup
Can you do the following

Download GMER from here:
http://www.gmer.net/gmer.zip (http://\"http://www.gmer.net/gmer.zip\")

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

Could I see one more fresh hijackthis log also please

Title: VIRUS???
Post by: Beck on September 08, 2006, 08:35:30 PM

questolo,

I don't know what the heck to think about my computer now or what to do. Tonight it's running slower than ever. I have tried and tried to download (save) the GMER file, but I can't get it done. I've let IE run for over an hour, and it only manages to download 6%--Netscape downloads nothing. My DSL connection speed is fluctuating (anywhere from 11 Mbps to 36 Mbps). I went ahead and ran another Hijackthis log for you, and I'll post it below. Do you have any suggestions???

Beck

Logfile of HijackThis v1.99.1
Scan saved at 8:28:50 PM, on 9/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\EXPLORER.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRAM FILES\DELL SUPPORT\DSAGNT.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway (http://\"http://www.dell4me.com/myway\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gtec.com/ (http://\"http://www.gtec.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 (http://\"http://go.microsoft.com/fwlink/?LinkId=54729\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID} (http://\"http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}\")
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.siue.edu/~reburns"); (C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\prefs.js)
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {7160FB1B-3DE0-4C42-81F0-41B4269990B0} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v12/ticker.cab (http://\"http://fdl.msn.com/public/investor/v12/ticker.cab\")
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Title: VIRUS???
Post by: guestolo on September 09, 2006, 05:48:19 PM

I'm not seeing anything wrong, but I would like to see that log from GMER
You can transfer it from a computer that can download by either floppy, CD, or USB thumbdrive or similiar to the computer that won't download

Title: VIRUS???
Post by: Beck on September 09, 2006, 10:54:47 PM

I was finally able to save that zip file to my desktop, but every time I try to unzip it, I get an error message that says: "No files to extract." What now?

Beck

Title: VIRUS???
Post by: guestolo on September 09, 2006, 11:14:30 PM

It was a corrupt download most likely

Delete the copy you downloaded
I've uploaded GMER
From the bottom of this reply box download GMER.zip to desktop

Unzip it to desktop and try it again

Title: VIRUS???
Post by: Beck on September 10, 2006, 12:35:58 PM

The download worked this time. Here's the log:

Beck

GMER 1.0.10.10122 - http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit 2006-09-10 12:08:36
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.10 ----

SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwOpenProcess

SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess

---- Devices - GMER 1.0.10 ----

Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE A89BCC8A

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_DEVICE_CONTROL [AA1FF701]
tfsnifs.sys

Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_DEVICE_CONTROL [AA1FF701]
tfsnifs.sys

Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_DEVICE_CONTROL [AA1FF701]
tfsnifs.sys

Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_DEVICE_CONTROL [AA1FF701]
tfsnifs.sys

Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_DEVICE_CONTROL [AA1FF701]
tfsnifs.sys

Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL [AA1FF89D]
tfsnifs.sys

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}

---- EOF - GMER 1.0.10 ----

Title: VIRUS???
Post by: guestolo on September 10, 2006, 01:43:13 PM

GMER log looks good
Just to ensure that Ewido's guard isn't interfering
Can you go to START>>Run
type in services.msc
Hit OK

In the next window
Look for Ewido anti-spyware guard
Double click on it
In the startup type drop down window set to disabled
Then click the STOP button
Apply and OK out of there

Does that help?

What is slow on the computer?
All programs or just when browsing the Internet?

When did this slowness start?
After you installed Trend Micro?
After you installed IE7?
Are you connected wirelessly to the Internet? Have you tried to connect directly to the modem with cable and see if things improve on the Net

Title: VIRUS???
Post by: Beck on September 10, 2006, 05:19:51 PM

I was able to disable Ewido, but "Stop" wasn't an available option (the button remained pale grey).

I surfed around a bit, and it seems like it might be a tiny bit faster.

I'm not just having problems with IE, though. Today (and sporadic times in the past), Word, Excel, and Outlook freeze up, and I get the message that the program is not responding (Word and Excel did this today).

I am using a wireless connection, and I haven't tried to connect directly. Now that I think about it, I think most of the problems began when I installed Trend Micro. I upgraded my IE from 6 to 7 because I was having problems with it and thought a newer version would solve them--it hasn't.

Any more suggestions?

Beck

/wacko.gif\' class=\'bbc_emoticon\' alt=\':wacko:\' />

Title: VIRUS???
Post by: guestolo on September 10, 2006, 06:45:08 PM

One last check on something, can you do the following
Download [color=\"red\"]SmitfraudFix[/color] (http://\"http://siri.urz.free.fr/Fix/SmitfraudFix.zip\")[/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

[color=\"#3366FF\"]Note[/color] : [color=\"#FF0000\"]process.exe[/color] [color=\"#3366FF\"]is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.[/color]

Title: VIRUS???
Post by: Beck on September 11, 2006, 07:18:47 PM

I'm posting my SmitFraudFix log below. What next? Oh--none of my anti-virus programs picked up on SmitFraudFix running . . .

Beck

/cool.gif\' class=\'bbc_emoticon\' alt=\'B)\' />

SmitFraudFix v2.87

Scan done at 19:07:19.06, Mon 09/11/2006
Run from C:\Documents and Settings\Becky\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Becky\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Becky\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Title: VIRUS???
Post by: guestolo on September 12, 2006, 08:46:56 PM

We did clear some infections
As of now, it may be Trend Micro causing some problems
You should try to totally uninstall ALL of Trend Micro, this includes the Firewall
You can reinstall it if it's not the problem, but remove it for now
Sometimes just disabling it isn't enough
Reboot the computer afterwards

Back in Windows, ensure you turn on the XP firewall for now so as to not leave you exposed

Post a fresh hijackthis log and let me know how things are running

Title: VIRUS???
Post by: Beck on September 13, 2006, 09:20:57 PM

Okay--I removed Trend Micro completely, and made sure my XP firewall was turned on. I surfed around a bit. Just when I think things are running quicker, it really bogs down and takes forever to load a page. My connection speed is varying widely tonight. I have no idea why that happens. I'm sitting in the same place that I usually do when using the laptop. Sometimes it runs around 48 Mbsp, most often in the 20-30 Mbsp range, but tonight it's currently running at 5.5 Mbsp. My direct connect on my desktop model always runs at 100 Mbps.

I'm posting a fresh HijackThis log. What next?

/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' />

Logfile of HijackThis v1.99.1
Scan saved at 8:52:08 PM, on 9/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway (http://\"http://www.dell4me.com/myway\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gtec.com/ (http://\"http://www.gtec.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 (http://\"http://go.microsoft.com/fwlink/?LinkId=54729\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID} (http://\"http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}\")
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.siue.edu/~reburns"); (C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {7160FB1B-3DE0-4C42-81F0-41B4269990B0} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v12/ticker.cab (http://\"http://fdl.msn.com/public/investor/v12/ticker.cab\")
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Title: VIRUS???
Post by: guestolo on September 13, 2006, 09:31:58 PM

As I mentioned before, it could be your wireless router
You not picking up a great signal
Are there any cordless phones, microwaves, etc.. near the wireless basestation that could be causing interference?
Does your signal improve if you move closer to the router?

Shut off any other electronic devices nearby and see if your connection improves
The fewer walls, the better the signal, move closer to the router

Have you tried a Wired connection with your laptop and see if things improve