ANy help with this Vundo.JD would be greatly appreciated.

Status
Not open for further replies.
F

Futures

Beta member
Messages
3
So yesterday at some point the main PC starts going crazy (normally how this starts out, right). We were getting some logon.exe errors and AVG Resident shield was giving some threat listings, and when I logged into my own account, dsca.exe was taking up 50% of the processor (core 2 duo) right off the bat, which even though its recommended not to just delete files randomly, it was hogging resources, so I went and deleted it outright from its folder. I couldnt run things otherwise.

I then Ran AVG9 which listed us being infected with Vundo.JD, but even after 3 scans saying it had been cleaned, still had the problems and any google search would result on my browser being re-directed to various sites. Any attemp to enter SafeMode resulted in the Blue Screen of Death.

In my searches I luckily stumbled onto Osiris great tutorial - Spyware Asylum. Before I ran through the full scan version, I downloaded and ran Microsoft Security Essentials which discovered a Worm in my logon.exe file mentioned before. I've just got done running all 3 programs and was hoping someone could let me know if I was able to kill the beast.

Also, quick question, I loved AVG but this has caused me to doubt it. Before I re-install I was wondering if anyone had recommendations on other free anti-virus programs, or if this was just a freak and AVG should be good to go. I wish I knew exactly how this happened, but at least 4 different people can use this machine in a day, let alone a week. No clue on who did what. Thinking it was some p2p someone did Sat night, but I scanned the music files and they come up clean. Thanks for any and all help on this, great site.

ComboFix Log:

ComboFix 09-12-21.02 - Alex 12/21/2009 23:53:27.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2037.1635 [GMT -6:00]
Running from: c:\documents and settings\Alex\Desktop\gado saves christmas\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Alex\Application Data\inst.exe
c:\documents and settings\Kids\My Documents\ZbThumbnail.info
C:\LOG.TXT
c:\program files\Common Files\SLMSS
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\Downloaded Program Files\popcaploader.inf

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-11-22 to 2009-12-22 )))))))))))))))))))))))))))))))
.

2009-12-22 05:28 . 2009-12-22 05:44 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-12-22 05:13 . 2009-11-03 02:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-22 05:00 . 2009-08-07 01:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-12-22 05:00 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-21 21:19 . 2009-12-21 21:19 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-21 12:26 . 2001-08-18 04:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-12-21 12:26 . 2001-08-18 04:36 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-12-21 12:26 . 2001-08-18 04:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-12-21 12:26 . 2001-08-18 04:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-12-21 12:26 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-12-21 12:26 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-12-21 12:26 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2009-12-21 12:26 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-12-21 12:26 . 2001-08-17 20:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-12-21 12:26 . 2001-08-17 20:55 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2009-12-21 12:26 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-12-21 12:26 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-12-21 07:07 . 2009-12-21 21:15 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-20 21:36 . 2009-12-20 21:36 49816 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-16 00:25 . 2009-12-16 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-16 00:24 . 2009-12-16 00:24 -------- d-----w- c:\program files\Bonjour
2009-12-16 00:22 . 2009-08-29 01:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-22 06:05 . 2008-04-01 06:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-21 21:51 . 2009-06-01 22:35 -------- d-----w- c:\program files\AVG
2009-12-21 21:48 . 2008-04-12 07:30 -------- d-----w- c:\documents and settings\Alex\Application Data\Apple Computer
2009-12-21 13:08 . 2009-05-05 23:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-21 13:07 . 2008-04-12 06:39 -------- d-----w- c:\program files\NetCaptor
2009-12-21 12:28 . 2008-04-01 06:30 -------- d-----w- c:\program files\Java
2009-12-21 04:36 . 2009-04-06 02:57 -------- d-----w- c:\documents and settings\Kids\Application Data\uTorrent
2009-12-16 00:32 . 2008-04-12 16:02 -------- d-----w- c:\documents and settings\Ma y Pa\Application Data\Apple Computer
2009-12-16 00:32 . 2008-04-12 06:25 -------- d-----w- c:\program files\iTunes
2009-12-16 00:30 . 2008-04-12 05:18 72784 ----a-w- c:\documents and settings\Ma y Pa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-16 00:25 . 2008-04-12 06:22 -------- d-----w- c:\program files\iPod
2009-12-16 00:25 . 2008-12-21 22:03 -------- d-----w- c:\program files\Common Files\Apple
2009-12-16 00:24 . 2008-04-12 06:40 -------- d-----w- c:\program files\QuickTime
2009-12-03 22:14 . 2009-05-05 23:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 22:13 . 2009-05-05 23:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-30 04:59 . 2009-09-06 06:40 63 ----a-w- c:\documents and settings\Kids\jagex_runescape_preferences2.dat
2009-11-30 04:59 . 2008-07-01 17:33 38 ----a-w- c:\documents and settings\Kids\jagex_runescape_preferences.dat
2009-11-15 06:28 . 2009-11-15 06:22 -------- d-----w- c:\program files\Common Files\Remote Control Software Shared
2009-11-15 06:26 . 2009-11-15 06:26 -------- d-----w- c:\program files\Common Files\Remote Control USB Driver
2009-11-15 06:26 . 2008-04-01 06:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-15 06:22 . 2009-11-15 06:22 -------- d-----w- c:\program files\Logitech
2009-10-11 10:17 . 2009-05-06 00:24 411368 ----a-w- c:\windows\system32\deploytk.dll
.
Code: 
<pre>
c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\Common Files\Roxio Shared\System\EngUtil .exe
c:\program files\DIGStream\digstream .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Java\jre1.6.0_03\bin\jusched .exe
c:\program files\LIVEUPDATE\LiveUpdate .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\QuickTime\qttask       .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-14 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-14 16132608]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [N/A]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 102400]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [N/A]
"Ulead Photo Express Calendar Checker"="c:\documents and settings\Kids\My Documents\iris\pictures!\calcheck.exe" [N/A]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartUp This"="c:\program files\Laplink\PCmover\LaunchSt.exe" [2007-11-01 247088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe" [2009-02-03 240544]

c:\documents and settings\Alex\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 3746856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2008-4-1 7168]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Laplink\\PCmover\\PCmover.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Documents and Settings\\Kids\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [8/3/2005 2:59 PM 4736]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [8/3/2005 2:59 PM 8960]
S3 PortAcc;Spearit Port Access;c:\program files\Laplink\PCmover\PortAcc.sys [11/1/2007 5:49 AM 16176]
.
------- Supplementary Scan -------
.
uStart Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080401
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*Yahoo! SearchBar Home Page
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=YkhVJlFXh6xHPDcDI0tVt4tIZwU
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Windows &Live Favorites - Sign In
DPF: ConferenceRoom Java Client - hxxp://java.irc.liveharmony.org:8080/java/cr.cab
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
DPF: {38F5F92F-BD40-40DF-A569-6C1FCB638190} - hxxp://www.powerleap.com/cab_files/InSPECS3_0.cab
DPF: {CA11EB7C-1C85-4577-8A49-9E28EFB30184} - hxxp://66.116.118.66:8000/streamjet/bin/streamjet4.cab
FF - ProfilePath - c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\default.p1t\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.
- - - - ORPHANS REMOVED - - - -

BHO-{333398C6-5559-1CBA-5161-5E00CEC889B7} - (no file)
BHO-{3C5A1871-BA0D-4C62-B33F-0940EEF921CF} - c:\windows\system32\awvvu.dll
BHO-{E6ADAB4F-6D83-7B65-DE5C-3DE600825FED} - (no file)
AddRemove-A11V_is1 - c:\program files\Internet Antivirus Pro\unins000.exe
AddRemove-DivX Codec - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-DivX Player - c:\program files\DivX\DivXPlayerUninstall.exe
AddRemove-KB870669 - c:\windows\muninst.exe
AddRemove-SBC Yahoo! Base Components - c:\progra~1\Yahoo!\Common\unybase.exe
AddRemove-SBC Yahoo! Dial Connection Manager - c:\program files\SBC Yahoo!\Connection Manager\uninst.exe
AddRemove-SBC Yahoo! DSL - c:\progra~1\Yahoo!\browser\unyb.exe
AddRemove-SBC Yahoo! DSL Extras - c:\progra~1\Yahoo!\Common\unwise.exe
AddRemove-SBC Yahoo! Parental Controls - c:\progra~1\Yahoo!\PARENT~1\unypc.exe
AddRemove-SBC Yahoo! UMUninstaller - c:\program files\SBC Yahoo!\umuninst.exe
AddRemove-Windows Media Format Runtime - c:\program files\Windows Media Player\wmsetsdk.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-12-22 00:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Dantz\Retrospect\retrorun.exe
c:\progra~1\Dantz\RETROS~1\wdsvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-12-22 00:11:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-22 06:11

Pre-Run: 65,592,152,064 bytes free
Post-Run: 72,807,829,504 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - E0447645F3665E4FFDED2F69A520C084





MalwareBytes Log:


Malwarebytes' Anti-Malware 1.42
Database version: 3407
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/22/2009 12:24:46 AM
mbam-log-2009-12-22 (00-24-46).txt

Scan type: Quick Scan
Objects scanned: 165564
Time elapsed: 5 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Andy\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 
Not all antiviruses will find all viruses, spyware, malware, etc. AVG 9 is good, its what I use and use at work on my servers.

So after running these scans, are you still having the same problem?
 
No, it seems to have taken care of things, but it's not my main PC so my use is limited. I ran out of space in the previous post for the last log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:59 AM, on 12/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Alex\Desktop\gado saves christmas\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080401
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080401
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=YkhVJlFXh6xHPDcDI0tVt4tIZwU
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: (no name) - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Documents and Settings\Kids\My Documents\iris\pictures!\calcheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKUS\S-1-5-18\..\Run: [StartUp This] "C:\Program Files\Laplink\PCmover\LaunchSt.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [StartUp This] "C:\Program Files\Laplink\PCmover\LaunchSt.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - Sign In
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ConferenceRoom Java Client - http://java.irc.liveharmony.org:8080/java/cr.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {38F5F92F-BD40-40DF-A569-6C1FCB638190} (InSPECS3_0 Control) - http://www.powerleap.com/cab_files/InSPECS3_0.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_4us.cab
O16 - DPF: {CA11EB7C-1C85-4577-8A49-9E28EFB30184} (UMediaPlayer Class) - http://66.116.118.66:8000/streamjet/bin/streamjet4.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - ijji - Where Gamers Unite!
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 10399 bytes



Just hoping you guys can tell me if things look ok, or if there's anything I need to take care of still. Thanks again for your tutorial.
 
Yeah, I just haven't had time to do a backup. You say its clean I should get to it this week. Thanks!
 
After you do the update, run the scans one more times and post the logs so I can take one last look.
 
Status
Not open for further replies.

Similar threads

J
Freezing up
Replies
5
Views
3K
jetsmell
J
N
Your computer appears to be correctly configured, but the device or resource (DNS server) is not responding"
Replies
0
Views
4K
nev
N
T
Hijackthis Log Win 10 Can Anybody look at this?
Replies
1
Views
3K
carnageX
carnageX
alex_boothby
Excel Help
Replies
2
Views
2K
Technician1
Technician1
T
Could you look at this?
Replies
2
Views
4K
Taz202
T
Back
Top Bottom