0

File: ynnwYpnhehU.exe
Status:
INFECTED/MALWARE
MD5: 3f312cd28a281a4e352fc8d7a11fa78e
Packers detected:
-

0

Oh, it just changed and added something else to the report, think I maybe posted wrong one?

Last file scanned at least one scanner reported something about: yfhvbeqf.exe_B51B840C63165EF706FBF74B83F78ECA.tmp (MD5: b51b840c63165ef706fbf74b83f78eca, size: 139264 bytes), detected by:

Scanner Malware name
A-Squared Win32.SuspectCrc
AntiVir TR/Spy.Agent.eey
ArcaVir Trojan.Spy.Agent.Eey
Avast Win32:Trojan-gen {Other}
AVG Antivirus X
BitDefender Trojan.Generic.692630
ClamAV X
CPsecure X
Dr.Web Trojan.Spambot.3574
F-Prot Antivirus X
F-Secure Anti-Virus Trojan-Spy.Win32.Agent.eey
Ikarus Trojan-Spy.Win32.Agent.eey
Kaspersky Anti-Virus Trojan-Spy.Win32.Agent.eey
NOD32 probably a variant of Win32/Genetik
Norman Virus Control W32/Smalldrp.AJGM
Panda Antivirus X
Sophos Antivirus Troj/Agent-HPD
VirusBuster X
VBA32 Trojan.Spambot.3574

0

Ok, please do the following;

Download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
Doubleclick the combofix icon on the desktop to run the program.

Windows will issue a prompt asking whether you wish to run the program, click Run
You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer.

Now just sit back and allow the program to run

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

When all is complete then please post back here with that log.

0

here it is:
ComboFix 08-09-16.05 - Claire Macklin 2008-09-17 20:52:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.552 [GMT 2:00]
Running from: C:\Documents and Settings\Claire Macklin\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Claire Macklin\Local Settings\Application Data\uyswo_navfx.dat
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\tdsspopup.dll
C:\WINDOWS\system32\tdsspopup1.url
C:\WINDOWS\system32\tdsspopup2.url
C:\WINDOWS\system32\tdsspopup3.url
C:\WINDOWS\system32\windows_update.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_TDSSserv


((((((((((((((((((((((((( Files Created from 2008-08-17 to 2008-09-17 )))))))))))))))))))))))))))))))
.

2008-09-17 14:41 . 2008-09-17 14:41 98,816 --a------ C:\Documents and Settings\Claire Macklin\ynnwYpnhehU.exe
2008-09-17 14:03 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-16 18:19 . 2008-09-16 18:21 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-16 18:19 . 2008-09-16 18:19 <DIR> d-------- C:\Documents and Settings\Claire Macklin\Application Data\Malwarebytes
2008-09-16 18:19 . 2008-09-16 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-16 18:19 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-16 18:19 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-15 21:21 . 2008-09-15 21:21 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2008-09-15 18:54 . 2008-09-15 18:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-15 18:39 . 2006-07-13 11:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-09-15 18:39 . 2006-07-13 11:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-09-15 18:39 . 2006-07-13 11:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2008-09-15 18:39 . 2008-01-26 20:39 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-09-15 18:39 . 2008-09-15 21:21 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-14 19:20 . 2008-09-14 19:20 <DIR> d-------- C:\Program Files\SCAR 3.12
2008-09-08 10:18 . 2008-09-08 10:20 <DIR> d-------- C:\Program Files\SwiftKit
2008-09-08 10:18 . 2008-09-08 10:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SwiftKit
2008-09-02 10:14 . 2008-09-02 10:14 <DIR> d-------- C:\Documents and Settings\Claire Macklin\Application Data\Subversion
2008-09-01 14:13 . 2008-09-01 14:17 <DIR> d-------- C:\Program Files\Cheat Engine
2008-09-01 14:13 . 2007-12-26 17:30 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-09-01 14:13 . 2007-12-26 17:30 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2008-09-01 13:48 . 2008-09-01 13:49 <DIR> d-------- C:\Program Files\ArtMoney
2008-08-31 12:00 . 2008-09-17 20:39 24 --a------ C:\Documents and Settings\Claire Macklin\jagex_runescape_preferences.dat
2008-08-30 22:12 . 2008-08-30 22:12 <DIR> d-------- C:\Program Files\GALA-NET
2008-08-30 21:03 . 2008-08-30 23:19 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-08-30 20:39 . 2008-08-30 20:39 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-08-30 17:42 . 2008-08-30 17:42 <DIR> d-------- C:\Documents and Settings\Claire Macklin\Application Data\MSNInstaller
2008-08-30 17:39 . 2008-08-30 17:39 11 -ra------ C:\WINDOWS\amunres.lsl
2008-08-30 07:20 . 2008-08-30 07:20 <DIR> d-------- C:\Documents and Settings\Claire Macklin\Application Data\Publish Providers
2008-08-30 07:20 . 2008-08-30 18:01 156 --a------ C:\WINDOWS\Twunk001.MTX
2008-08-30 07:20 . 2008-08-30 18:01 3 --a------ C:\WINDOWS\Twain001.Mtx
2008-08-30 07:20 . 2008-08-30 07:20 0 --a------ C:\WINDOWS\Twunk002.MTX
2008-08-30 07:19 . 2008-08-30 07:19 <DIR> d-------- C:\Documents and Settings\Claire Macklin\Application Data\Sony
2008-08-30 07:14 . 2008-08-30 07:14 <DIR> d-------- C:\Program Files\Sony
2008-08-30 07:13 . 2008-08-30 07:13 <DIR> d-------- C:\Program Files\Sony Setup
2008-08-26 17:57 . 2008-08-26 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-08-26 17:48 . 2008-08-26 17:48 <DIR> d-------- C:\Program Files\Bonjour
2008-08-26 17:23 . 2008-08-26 17:23 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-08-26 17:06 . 2008-08-26 17:06 <DIR> d-------- C:\Program Files\uTorrent
2008-08-26 17:06 . 2008-08-30 22:12 <DIR> d-------- C:\Documents and Settings\Claire Macklin\Application Data\uTorrent
2008-08-19 21:17 . 2008-08-19 21:17 <DIR> d-------- C:\Program Files\WoW-2.3.0.7561-enGB
2008-08-19 21:17 . 2008-08-19 21:17 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-08-19 17:30 . 2008-08-22 15:53 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-08-18 12:58 . 2008-08-18 13:23 <DIR> d-------- C:\Documents and Settings\Claire Macklin\Application Data\PowerChallenge
2008-08-18 09:23 . 2008-08-18 09:23 <DIR> d-------- C:\Program Files\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-17 12:21 --------- d-----w C:\Program Files\Wanadoo
2008-09-17 12:03 --------- d-----w C:\Program Files\Java
2008-09-17 11:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-17 06:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-30 19:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-08-30 16:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-30 15:40 --------- d-----w C:\Program Files\Google
2008-08-26 15:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-18 09:26 --------- d-----w C:\Program Files\SXS Sniffer
2008-07-23 10:11 --------- d-----w C:\Program Files\Notepad++
2008-07-17 11:54 --------- d-----w C:\Program Files\LimeWire
2008-07-17 11:52 --------- d-----w C:\Program Files\GnuWin32
2008-07-17 11:50 --------- d-----w C:\Program Files\BitLord
2008-04-23 18:00 69,120 ----a-w C:\Documents and Settings\Claire Macklin\Application Data\obgargu.exe
2008-01-25 08:08 56 --sh--r C:\WINDOWS\system32\37AAD9A3BD.sys
2007-12-19 14:53 88 --sh--r C:\WINDOWS\system32\BDA3D9AA37.sys
2008-01-25 08:08 6,580 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-04 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 118784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 286720]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-07-13 26112]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 C:\WINDOWS\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-13 24576]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-05-04 124400]
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-07-11 111376]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-07-11 51984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-12-09 21:29 49152 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
--a------ 2004-08-23 15:50 122880 C:\Program Files\Wanadoo\Shell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
--------- 2004-10-14 17:55 32768 C:\PROGRA~1\Wanadoo\GestMAJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--------- 2004-08-23 15:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"43594:TCP"= 43594:TCP:server
"43594:UDP"= 43594:UDP:server

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ModemOnHold - C:\Program Files\NetWaiting\netWaiting.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Claire Macklin\Application Data\Mozilla\Firefox\Profiles\5y8oc16f.default\
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1202.1501\npCIDetect11.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-17 20:59:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-09-17 21:07:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-17 19:07:16

Pre-Run: 22,647,238,656 bytes free
Post-Run: 23,393,857,536 bytes free

205 --- E O F --- 2008-09-17 05:06:31

0

Obviously all is not and was not cleaned out.

Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked at this time and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us here.

0

IT didn't find any threats, and there was no log saved in my program files =/

0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:22:44, on 18/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11103 bytes

0

Progress! This is the first HJT log that does NOT have one of those
F2 - REG:system.ini: Shell=explorer.exe "C:\Documents and Settings\Claire Macklin\(name changing).exe"
listings in it.
One more clean up step and then after that run a new HJT scan for me ok?
SDFix Instructions:

1. Please print these instructions as they will be needed later when Internet access is not available.

2. Logon to your computer with an account that has Administrator privileges.

3. Download SDFix.exe save it to your desktop.
Confirm that the file SDFix.exe now resides on your desktop.
4. Now, double-click on the SDFix icon that should now be residing on your desktop. If a Open File - Security Warning box opens, click on the Run button.

5. A window will open asking where you would like to install SDFix to.
# Do not change anything and press the Install button. This will install the program into the default location of C:\SDFix. At this point, you should not run SDFix, but instead continue to the next step where you will reboot into safe mode.

6. Next, please reboot your computer into Safe Mode by doing the following:

1. Restart your computer

2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3. Instead of Windows loading as normal, a menu should appear

4. Select the first option, to run Windows in Safe Mode.

5. When you are at the logon prompt, log in as the same user that you had performed the previous steps as.

7. When your computer has started in safe mode, and you see the desktop, close all open Windows.

8. Click on the Start button, click on the Run menu option, and type the following into the Open: field:

C:\SDFix\RunThis.bat

Then press the OK button.

9. The SDFix window will open containing some brief info and a disclaimer on the use of the tool. # If you want to continue, please press the Y key on your keyboard and then press enter. Otherwise, you can press the N key to exit the program.

10. SDFix will now start scanning your computer for known infections. This process can take a while, so you may want to do something else and periodically check back on the status of SDFix. As the scanning process continues you will continue to see new messages on the screen.
11. When the scanning process has finished you will see a new screen stating that you need to restart your computer in order to continue. # At this point you should press any key on your computer's keyboard in order to restart the computer.

12. When your computer reboots, you will be presented with a screen stating that SDFix has finished. # At this point you should press any key on your computer's keyboard in order to continue to your desktop.

13. When you are back at your Windows desktop, the SDFix log will automatically be opened in notepad. Save that log for posting here.
Then run the new HJT scan and save the log. Post back here with both new logs.
Judy

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.