Troj/Rustok-N

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:31:13, on 1/4/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\\\\\\\\Windows\\\\\\\\system32\\\\\\\\csrss.exe
C:\\\\\\\\Windows\\\\\\\\system32\\\\\\\\wininit.exe
C:\\\\\\\\Windows\\\\\\\\system32\\\\\\\\csrss.exe
C:\\\\\\\\Windows\\\\\\\\system32\\\\\\\\winlogon.exe
C:\\\\\\\\Windows\\\\\\\\system32\\\\\\\\services.exe
C:\\\\\\\\Windows\\\\\\\\system32\\\\\\\\lsass.exe
C:\\\\\\\\Windows\\\\\\\\system32\\\\\\\\lsm.exe
C:\\\\\\\\Windows\\\\\\\\system32\\\\\\\\svchost.exe
C:\\\\\\\\Windows\\\\\\\\system32\\\\\\\\svchost.exe
C:\\\\\\\\Windows\\\\\\\\System32\\\\\\\\svchost.exe
C:\\\\\\\\Windows\\\\\\\\System32\\\\\\\\svchost.exe
C:\\\\\\\\Windows\\\\\\\\system32\\\\\\\\svchost.exe
C:\\\\\\\\Windows\\\\\\\\system32\\\\\\\\svchost.exe
C:\\\\\\\\Windows\\\\\\\\system32\\\\\\\\SLsvc.exe
C:\\\\\\\\Windows\\\\\\\\system32\\\\\\\\svchost.exe
C:\\\\\\\\Windows\\\\\\\\system32\\\\\\\\svchost.exe
C:\\\\\\\\Windows\\\\\\\\System32\\\\\\\\WLTRYSVC.EXE
C:\\\\\\\\Windows\\\\\\\\System32\\\\\\\\bcmwltry.exe
C:\\\\\\\\Windows\\\\\\\\System32\\\\\\\\spoolsv.exe
C:\\\\\\\\Windows\\\\\\\\system32\\\\\\\\svchost.exe
C:\\\\\\\\Windows\\\\\\\\system32\\\\\\\\aestsrv.exe
C:\\\\\\\\Program Files\\\\\\\\Common Files\\\\\\\\Apple\\\\\\\\Mobile Device Support\\\\\\\\bin\\\\\\\\AppleMobileDeviceService.exe
C:\\\\\\\\Program Files\\\\\\\\Bonjour\\\\\\\\mDNSResponder.exe
C:\\\\\\\\Windows\\\\\\\\system32\\\\\\\\svchost.exe
C:\\\\\\\\Program Files\\\\\\\\Creative\\\\\\\\Shared Files\\\\\\\\CTAudSvc.exe
c:\\\\\\\\PROGRA~1\\\\\\\\COMMON~1\\\\\\\\mcafee\\\\\\\\mcproxy\\\\\\\\mcproxy.exe
C:\\\\\\\\PROGRA~1\\\\\\\\McAfee\\\\\\\\VIRUSS~1\\\\\\\\mcshield.exe
C:\\\\\\\\Program Files\\\\\\\\McAfee\\\\\\\\MPF\\\\\\\\MPFSrv.exe
C:\\\\\\\\Program Files\\\\\\\\McAfee\\\\\\\\MSK\\\\\\\\MskSrver.exe
C:\\\\\\\\Windows\\\\\\\\system32\\\\\\\\taskeng.exe
C:\\\\\\\\Program Files\\\\\\\\Common Files\\\\\\\\Nero\\\\\\\\Nero BackItUp 4\\\\\\\\NBService.exe
C:\\\\\\\\Program Files\\\\\\\\Raxco\\\\\\\\PerfectDisk2008\\\\\\\\PD91Agent.exe
C:\\\\\\\\Windows\\\\\\\\system32\\\\\\\\svchost.exe
C:\\\\\\\\Windows\\\\\\\\System32\\\\\\\\rpcnet.exe
C:\\\\\\\\Program Files\\\\\\\\Dell Support Center\\\\\\\\bin\\\\\\\\sprtsvc.exe
C:\\\\\\\\Windows\\\\\\\\system32\\\\\\\\STacSV.exe
C:\\\\\\\\Windows\\\\\\\\system32\\\\\\\\svchost.exe
C:\\\\\\\\Windows\\\\\\\\System32\\\\\\\\svchost.exe
C:\\\\\\\\Windows\\\\\\\\system32\\\\\\\\SearchIndexer.exe
C:\\\\\\\\Windows\\\\\\\\system32\\\\\\\\DRIVERS\\\\\\\\xaudio.exe
C:\\\\\\\\Program Files\\\\\\\\Spybot - Search & Destroy\\\\\\\\SDWinSec.exe
C:\\\\\\\\Windows\\\\\\\\system32\\\\\\\\taskeng.exe
C:\\\\\\\\Windows\\\\\\\\system32\\\\\\\\Dwm.exe
C:\\\\\\\\Windows\\\\\\\\Explorer.EXE
C:\\\\\\\\PROGRA~1\\\\\\\\McAfee\\\\\\\\MSC\\\\\\\\mcmscsvc.exe
C:\\\\\\\\PROGRA~1\\\\\\\\McAfee.com\\\\\\\\Agent\\\\\\\\mcagent.exe
C:\\\\\\\\Windows\\\\\\\\System32\\\\\\\\alg.exe
C:\\\\\\\\Program Files\\\\\\\\Raxco\\\\\\\\PerfectDisk2008\\\\\\\\PD91AgentS1.exe
C:\\\\\\\\Program Files\\\\\\\\DellTPad\\\\\\\\Apoint.exe
C:\\\\\\\\Windows\\\\\\\\OEM02Mon.exe
C:\\\\\\\\Windows\\\\\\\\System32\\\\\\\\WLTRAY.EXE
C:\\\\\\\\Program Files\\\\\\\\Dell\\\\\\\\Dell Webcam Manager\\\\\\\\DellWMgr.exe
C:\\\\\\\\Program Files\\\\\\\\Dell\\\\\\\\MediaDirect\\\\\\\\PCMService.exe
C:\\\\\\\\Program Files\\\\\\\\Google\\\\\\\\Google Desktop Search\\\\\\\\GoogleDesktop.exe
C:\\\\\\\\Program Files\\\\\\\\Creative\\\\\\\\Sound Blaster X-Fi\\\\\\\\Volume Panel\\\\\\\\VolPanlu.exe
C:\\\\\\\\Program Files\\\\\\\\DellTPad\\\\\\\\ApMsgFwd.exe
C:\\\\\\\\Windows\\\\\\\\System32\\\\\\\\rundll32.exe
C:\\\\\\\\Program Files\\\\\\\\DellTPad\\\\\\\\HidFind.exe
C:\\\\\\\\Program Files\\\\\\\\DellTPad\\\\\\\\Apntex.exe
C:\\\\\\\\PROGRA~1\\\\\\\\McAfee\\\\\\\\VIRUSS~1\\\\\\\\mcsysmon.exe
C:\\\\\\\\Program Files\\\\\\\\Dell Support Center\\\\\\\\bin\\\\\\\\sprtcmd.exe
C:\\\\\\\\Program Files\\\\\\\\SigmaTel\\\\\\\\C-Major Audio\\\\\\\\WDM\\\\\\\\sttray.exe
C:\\\\\\\\Windows\\\\\\\\System32\\\\\\\\rundll32.exe
C:\\\\\\\\Windows\\\\\\\\System32\\\\\\\\rundll32.exe
C:\\\\\\\\Windows\\\\\\\\System32\\\\\\\\rundll32.exe
C:\\\\\\\\Program Files\\\\\\\\Java\\\\\\\\jre6\\\\\\\\bin\\\\\\\\jusched.exe
C:\\\\\\\\Windows\\\\\\\\system32\\\\\\\\wbem\\\\\\\\wmiprvse.exe
C:\\\\\\\\Program Files\\\\\\\\PowerISO\\\\\\\\PWRISOVM.EXE
C:\\\\\\\\Program Files\\\\\\\\iTunes\\\\\\\\iTunesHelper.exe
C:\\\\\\\\Program Files\\\\\\\\DellSupport\\\\\\\\DSAgnt.exe
C:\\\\\\\\Windows\\\\\\\\ehome\\\\\\\\ehtray.exe
C:\\\\\\\\Program Files\\\\\\\\Google\\\\\\\\GoogleToolbarNotifier\\\\\\\\GoogleToolbarNotifier.exe
C:\\\\\\\\Program Files\\\\\\\\Common Files\\\\\\\\InstallShield\\\\\\\\UpdateService\\\\\\\\ISUSPM.exe
C:\\\\\\\\Program Files\\\\\\\\DAEMON Tools Lite\\\\\\\\daemon.exe
C:\\\\\\\\Program Files\\\\\\\\DNA\\\\\\\\btdna.exe
C:\\\\\\\\Program Files\\\\\\\\Windows Media Player\\\\\\\\wmpnscfg.exe
C:\\\\\\\\Windows\\\\\\\\ehome\\\\\\\\ehmsas.exe
C:\\\\\\\\Program Files\\\\\\\\WIDCOMM\\\\\\\\Bluetooth Software\\\\\\\\BTTray.exe
C:\\\\\\\\Program Files\\\\\\\\Digital Line Detect\\\\\\\\DLG.exe
C:\\\\\\\\Program Files\\\\\\\\Dell\\\\\\\\QuickSet\\\\\\\\quickset.exe
C:\\\\\\\\Program Files\\\\\\\\GameSpot\\\\\\\\GameSpotDownloadManager_Win32.exe
c:\\\\\\\\PROGRA~1\\\\\\\\COMMON~1\\\\\\\\mcafee\\\\\\\\mna\\\\\\\\mcnasvc.exe
C:\\\\\\\\Program Files\\\\\\\\Windows Media Player\\\\\\\\wmpnetwk.exe
c:\\\\\\\\Program Files\\\\\\\\WIDCOMM\\\\\\\\Bluetooth Software\\\\\\\\BtStackServer.exe
c:\\\\\\\\PROGRA~1\\\\\\\\mcafee\\\\\\\\msc\\\\\\\\mcuimgr.exe
C:\\\\\\\\Program Files\\\\\\\\iPod\\\\\\\\bin\\\\\\\\iPodService.exe
C:\\\\\\\\Program Files\\\\\\\\Google\\\\\\\\Google Desktop Search\\\\\\\\GoogleDesktop.exe
C:\\\\\\\\Program Files\\\\\\\\iTunes\\\\\\\\iTunes.exe
C:\\\\\\\\Program Files\\\\\\\\Common Files\\\\\\\\Apple\\\\\\\\Mobile Device Support\\\\\\\\bin\\\\\\\\AppleMobileDeviceHelper.exe
C:\\\\\\\\Program Files\\\\\\\\Common Files\\\\\\\\Apple\\\\\\\\Mobile Device Support\\\\\\\\bin\\\\\\\\distnoted.exe
C:\\\\\\\\Program Files\\\\\\\\Common Files\\\\\\\\InstallShield\\\\\\\\UpdateService\\\\\\\\agent.exe
C:\\\\\\\\Program Files\\\\\\\\Common Files\\\\\\\\InstallShield\\\\\\\\UpdateService\\\\\\\\ISUSPM.exe
C:\\\\\\\\PROGRA~1\\\\\\\\FlashGet\\\\\\\\flashget.exe
C:\\\\\\\\Program Files\\\\\\\\BitTorrent\\\\\\\\bittorrent.exe
C:\\\\\\\\Windows\\\\\\\\system32\\\\\\\\wuauclt.exe
C:\\\\\\\\Program Files\\\\\\\\Internet Explorer\\\\\\\\iexplore.exe
C:\\\\\\\\Program Files\\\\\\\\Internet Explorer\\\\\\\\iexplore.exe
C:\\\\\\\\Users\\\\\\\\Alex\\\\\\\\Desktop\\\\\\\\Download_SDAV6.0.0.362i-sdregnow-sdasetup-AVP.exe
C:\\\\\\\\Users\\\\\\\\Alex\\\\\\\\Desktop\\\\\\\\hijackgpthis.exe
C:\\\\\\\\Windows\\\\\\\\system32\\\\\\\\wbem\\\\\\\\wmiprvse.exe
R1 - HKCU\\\\\\\\Software\\\\\\\\Microsoft\\\\\\\\Internet Explorer\\\\\\\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\\\\\\\Software\\\\\\\\Microsoft\\\\\\\\Internet Explorer\\\\\\\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\\\\\\\Software\\\\\\\\Microsoft\\\\\\\\Internet Explorer\\\\\\\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\\\\\\\Software\\\\\\\\Microsoft\\\\\\\\Internet Explorer\\\\\\\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\\\\\\\Software\\\\\\\\Microsoft\\\\\\\\Internet Explorer\\\\\\\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\\\\\\\\Software\\\\\\\\Microsoft\\\\\\\\Internet Explorer\\\\\\\\Search,SearchAssistant =
R0 - HKLM\\\\\\\\Software\\\\\\\\Microsoft\\\\\\\\Internet Explorer\\\\\\\\Search,CustomizeSearch =
R1 - HKCU\\\\\\\\Software\\\\\\\\Microsoft\\\\\\\\Internet Explorer\\\\\\\\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\\\\\\\\Software\\\\\\\\Microsoft\\\\\\\\Windows\\\\\\\\CurrentVersion\\\\\\\\Internet Settings,ProxyOverride = *.local
R0 - HKCU\\\\\\\\Software\\\\\\\\Microsoft\\\\\\\\Internet Explorer\\\\\\\\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Common
Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\\PROGRA~1\\FlashGet\\jccatch.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\\PROGRA~1\\mcafee\\msk\\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre6\\bin\\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\\Program Files\\McAfee\\VirusScan\\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\\program files\\google\\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\2.0.301.7164
\\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\\Program Files\\Dell\\BAE\\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\\Program Files\\FlashGet\\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\\program files\\google\\googletoolbar2.dll
O4 - HKLM\\..\\Run: [Windows Defender] %ProgramFiles%\\Windows Defender\\MSASCui.exe -hide
O4 - HKLM\\..\\Run: [ECenter] C:\\Dell\\E-Center\\EULALauncher.exe
O4 - HKLM\\..\\Run: [Apoint] C:\\Program Files\\DellTPad\\Apoint.exe
O4 - HKLM\\..\\Run: [OEM02Mon.exe] C:\\Windows\\OEM02Mon.exe
O4 - HKLM\\..\\Run: [Broadcom Wireless Manager UI] C:\\Windows\\system32\\WLTRAY.exe
O4 - HKLM\\..\\Run: [DELL Webcam Manager] "C:\\Program Files\\Dell\\Dell Webcam Manager\\DellWMgr.exe" /s
O4 - HKLM\\..\\Run: [ISUSPM Startup] C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup
O4 - HKLM\\..\\Run: [ISUSScheduler] "C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe" -start
O4 - HKLM\\..\\Run: [PCMService] "C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"
O4 - HKLM\\..\\Run: [dscactivate] "C:\\Program Files\\Dell Support Center\\gs_agent\\custom\\dsca.exe"
O4 - HKLM\\..\\Run: [Google Desktop Search] "C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe" /startup
O4 - HKLM\\..\\Run: [mcagent_exe] C:\\Program Files\\McAfee.com\\Agent\\mcagent.exe /runkey
O4 - HKLM\\..\\Run: [VolPanel] "C:\\Program Files\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanlu.exe" /r
O4 - HKLM\\..\\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
O4 - HKLM\\..\\Run: [RoxWatchTray] "C:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatchTray9.exe"
O4 - HKLM\\..\\Run: [Flashget] C:\\Program Files\\FlashGet\\flashget.exe /min
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] "C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe"
O4 - HKLM\\..\\Run: [DellSupportCenter] "C:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\\..\\Run: [SigmatelSysTrayApp] %ProgramFiles%\\SigmaTel\\C-Major Audio\\WDM\\sttray.exe
O4 - HKLM\\..\\Run: [NvSvc] RUNDLL32.EXE C:\\Windows\\system32\\nvsvc.dll,nvsvcStart
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [NvMediaCenter] RUNDLL32.EXE C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\\..\\Run: [NVHotkey] rundll32.exe C:\\Windows\\system32\\nvHotkey.dll,Start
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] "C:\\Program Files\\Java\\jre6\\bin\\jusched.exe"
O4 - HKLM\\..\\Run: [PWRISOVM.EXE] C:\\Program Files\\PowerISO\\PWRISOVM.EXE
O4 - HKLM\\..\\Run: [AppleSyncNotifier] C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleSyncNotifier.exe
O4 - HKLM\\..\\Run: [QuickTime Task] "C:\\Program Files\\QuickTime\\QTTask.exe" -atboottime
O4 - HKLM\\..\\Run: [iTunesHelper] "C:\\Program Files\\iTunes\\iTunesHelper.exe"
O4 - HKLM\\..\\Run: [61E.tmp] C:\\Windows\\temp\\61E.tmp
O4 - HKLM\\..\\Run: [WiniGuard] C:\\Program Files\\WiniGuard Software\\WiniGuard\\WiniGuard.exe -min
O4 - HKCU\\..\\Run: [DellSupport] "C:\\Program Files\\DellSupport\\DSAgnt.exe" /startup
O4 - HKCU\\..\\Run: [ehTray.exe] C:\\Windows\\ehome\\ehTray.exe
O4 - HKCU\\..\\Run: [swg] C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe
O4 - HKCU\\..\\Run: [Steam] C:\\Program Files\\Valve\\Steam\\\\Steam.exe -silent
O4 - HKCU\\..\\Run: [ISUSPM] "C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe" -scheduler
O4 - HKCU\\..\\Run: [DellSupportCenter] "C:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\\..\\Run: [SpybotSD TeaTimer] C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe
O4 - HKCU\\..\\Run: [DAEMON Tools Lite] "C:\\Program Files\\DAEMON Tools Lite\\daemon.exe" -autorun
O4 - HKCU\\..\\Run: [syscmd] C:\\ProgramData\\syscmd\\jupgbype.exe
O4 - HKCU\\..\\Run: [ReU0fPY507] C:\\ProgramData\\zqdyvyre\\fuhypepm.exe
O4 - HKCU\\..\\Run: [BitTorrent DNA] "C:\\Program Files\\DNA\\btdna.exe"
O4 - HKCU\\..\\Run: [WMPNSCFG] C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe
O4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\\S-1-5-19\\..\\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\\S-1-5-18\\..\\Run: [DelayShred] "C:\\Program Files\\McAfee\\MSHR\\ShrCL.EXE" /P7 /q C:\\Users\\Alex\\AppData\\Local\\MICROS~1
\\Windows\\TEMPOR~1\\Content.IE5\\0XK987CW\\1346_1~1.SH! C:\\Users\\Alex\\AppData\\Local\\MICROS~1\\Windows\\TEMPOR~1\\Content.IE5\\0XK987CW\\V_1_~1.SH!
C:\\Users\\Alex\\AppData\\Local\\MICROS~1\\Windows\\TEMPOR~1\\Content.IE5\\08CHERCV\\1375_1~1.SH! C:\\Users\\Alex\\AppData\\Local\\MICROS~1
\\Windows\\TEMPOR~1\\Content.IE5\\08CHERCV\\V_1_~1.SH! C:\\Users\\Alex\\AppData\\Local\\Temp\\GOOGLE~1\\{17841~1.SH! C:\\$Recycle.Bin\\S-1-5-~4
\\$RAUD3CH.SH! C:\\$Recycle.Bin\\S-1-5-~4\\$R4MFAU8\\LEFT4D~1\\sound\\weapons\\DUAL_P~1.SH! (User 'SYSTEM')
O4 - HKUS\\.DEFAULT\\..\\Run: [DelayShred] "C:\\Program Files\\McAfee\\MSHR\\ShrCL.EXE" /P7 /q C:\\Users\\Alex\\AppData\\Local\\MICROS~1
\\Windows\\TEMPOR~1\\Content.IE5\\0XK987CW\\1346_1~1.SH! C:\\Users\\Alex\\AppData\\Local\\MICROS~1\\Windows\\TEMPOR~1\\Content.IE5\\0XK987CW\\V_1_~1.SH!
C:\\Users\\Alex\\AppData\\Local\\MICROS~1\\Windows\\TEMPOR~1\\Content.IE5\\08CHERCV\\1375_1~1.SH! C:\\Users\\Alex\\AppData\\Local\\MICROS~1
\\Windows\\TEMPOR~1\\Content.IE5\\08CHERCV\\V_1_~1.SH! C:\\Users\\Alex\\AppData\\Local\\Temp\\GOOGLE~1\\{17841~1.SH! C:\\$Recycle.Bin\\S-1-5-~4
\\$RAUD3CH.SH! C:\\$Recycle.Bin\\S-1-5-~4\\$R4MFAU8\\LEFT4D~1\\sound\\weapons\\DUAL_P~1.SH! (User 'Default user')
O4 - Startup: GameSpot Download Manager.lnk = C:\\Program Files\\GameSpot\\GameSpotDownloadManager_Win32.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\\Program Files\\Digital Line Detect\\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\\Program Files\\Dell\\QuickSet\\quickset.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\\PROGRA~1\\FlashGet\\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\\PROGRA~1\\FlashGet\\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~3\\Office12\\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~3\\Office12\\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\\Program Files\\WIDCOMM\\Bluetooth
Software\\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\\Program Files\\FlashGet\\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\\Program Files\\FlashGet\\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\\PROGRA~1\\SPYBOT~1
\\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{7203B79F-EB3E-49A0-984B-52E563BEF3C4}: NameServer = 85.255.115.66,85.255.112.185
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{BEFA480B-8A82-4370-821A-522865112EEA}: NameServer = 85.255.115.66,85.255.112.185
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{FF7E59DB-3BEB-4802-9DFB-7CDF235D58C6}: NameServer = 85.255.115.66,85.255.112.185
O20 - AppInit_DLLs: C:\\PROGRA~1\\Google\\GOOGLE~2\\GOEC62~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\\Windows\\System32\\DreamScene.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\\Windows\\system32\\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\\Program Files\\Creative\\Shared Files\\CTAudSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\\Program Files\\DellSupport\\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\\Program Files\\Google\\Google Desktop
Search\\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\1050
\\Intel 32\\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\\PROGRA~1\\McAfee\\MSC\\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\\PROGRA~1\\COMMON~1\\mcafee\\mna\\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\\PROGRA~1\\McAfee\\VIRUSS~1\\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\\PROGRA~1\\COMMON~1\\mcafee\\mcproxy\\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\\PROGRA~1\\McAfee\\VIRUSS~1\\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\\PROGRA~1\\McAfee\\VIRUSS~1\\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\\Program Files\\McAfee\\MPF\\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\\Program Files\\McAfee\\MSK\\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\\Program Files\\Common Files\\Nero\\Nero BackItUp 4\\NBService.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\\Program Files\\Raxco\\PerfectDisk2008\\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\\Program Files\\Raxco\\PerfectDisk2008\\PD91Engine.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\\Program Files\\KALiNKOsoft\\Pinnacle Game
Profiler\\pinnacle_updater.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\\Program Files\\Roxio\\Digital Home 9\\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\\Program Files\\Common Files\\Roxio Shared\\9.0
\\SharedCOM\\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\\Program Files\\Common Files\\Roxio Shared\\9.0
\\SharedCOM\\RoxWatch9.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\\Windows\\System32\\rpcnet.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\\Program Files\\Spybot - Search &
Destroy\\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\\Program Files\\Dell
Support Center\\bin\\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\\Windows\\system32\\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\\Program Files\\Common Files\\Steam\\SteamService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\\Windows\\System32\\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\\Windows\\system32\\DRIVERS\\xaudio.exe
--
End of file - 18734 bytes

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O4 - HKCU\\..\\Run: [syscmd] C:\\ProgramData\\syscmd\\jupgbype.exe
  O4 - HKCU\\..\\Run: [ReU0fPY507] C:\\ProgramData\\zqdyvyre\\fuhypepm.exe
  O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{7203B79F-EB3E-49A0-984B-52E563BEF3C4}: NameServer = 85.255.115.66,85.255.112.185
  O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{BEFA480B-8A82-4370-821A-522865112EEA}: NameServer = 85.255.115.66,85.255.112.185
  O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{FF7E59DB-3BEB-4802-9DFB-7CDF235D58C6}: NameServer = 85.255.115.66,85.255.112.185
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Delete these two folders in bold:
C:\ProgramData\syscmd
C:\ProgramData\zqdyvyre

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.32
Database version: 1618
Windows 6.0.6001 Service Pack 1
1/5/2009 14:09:47
mbam-log-2009-01-05 (14-09-47).txt
Scan type: Quick Scan
Objects scanned: 66877
Time elapsed: 13 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 10
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WiniGuard (Rogue.WiniGuard) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\61e.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7203b79f-eb3e-49a0-984b-52e563bef3c4}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.66,85.255.112.185 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7203b79f-eb3e-49a0-984b-52e563bef3c4}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.66,85.255.112.185 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{befa480b-8a82-4370-821a-522865112eea}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.66,85.255.112.185 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ff7e59db-3beb-4802-9dfb-7cdf235d58c6}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.66,85.255.112.185 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ff7e59db-3beb-4802-9dfb-7cdf235d58c6}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.66,85.255.112.185 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7203b79f-eb3e-49a0-984b-52e563bef3c4}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.66,85.255.112.185 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7203b79f-eb3e-49a0-984b-52e563bef3c4}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.66,85.255.112.185 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{befa480b-8a82-4370-821a-522865112eea}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.66,85.255.112.185 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ff7e59db-3beb-4802-9dfb-7cdf235d58c6}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.66,85.255.112.185 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ff7e59db-3beb-4802-9dfb-7cdf235d58c6}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.66,85.255.112.185 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

Ignore.

Last edited by Belahzur on 5th January 2009, 10:23 pm; edited 1 time in total

do you want me to do that again cause i just did that

No, I made a mistake, sorry.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  Link 3
  
• Double click DDS.scr to run
  
• When complete, DDS.txt will open.
  
• Click No for Optional Scan.
  
• Save the report to your Desktop.
  
• Copy and paste the report back here.
  

DDS (Version 1.1.0) - NTFSx86
Run by Alex at 17:38:10.26 on Mon 01/05/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_10
Microsoft Windows Vista Ultimate 6.0.6001.1.1252.1.1033.18.3069.1441 [GMT -5:00]

============== Running Processes ===============
C:\\Windows\\system32\\wininit.exe
C:\\Windows\\system32\\lsm.exe
C:\\Windows\\system32\\svchost.exe -k DcomLaunch
C:\\Windows\\system32\\svchost.exe -k rpcss
C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted
C:\\Windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted
C:\\Windows\\system32\\svchost.exe -k netsvcs
C:\\Windows\\system32\\svchost.exe -k GPSvcGroup
C:\\Windows\\system32\\SLsvc.exe
C:\\Windows\\system32\\svchost.exe -k LocalService
C:\\Windows\\system32\\svchost.exe -k NetworkService
C:\\Windows\\System32\\WLTRYSVC.EXE
C:\\Windows\\System32\\bcmwltry.exe
C:\\Windows\\System32\\spoolsv.exe
C:\\Windows\\system32\\svchost.exe -k LocalServiceNoNetwork
C:\\Windows\\system32\\aestsrv.exe
C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
C:\\Program Files\\Bonjour\\mDNSResponder.exe
C:\\Windows\\system32\\svchost.exe -k bthsvcs
C:\\Program Files\\Creative\\Shared Files\\CTAudSvc.exe
c:\\PROGRA~1\\COMMON~1\\mcafee\\mcproxy\\mcproxy.exe
C:\\PROGRA~1\\McAfee\\VIRUSS~1\\mcshield.exe
C:\\Program Files\\McAfee\\MPF\\MPFSrv.exe
C:\\Program Files\\McAfee\\MSK\\MskSrver.exe
C:\\Program Files\\Common Files\\Nero\\Nero BackItUp 4\\NBService.exe
C:\\Program Files\\Raxco\\PerfectDisk2008\\PD91Agent.exe
C:\\Windows\\system32\\svchost.exe -k NetworkServiceNetworkRestricted
C:\\Windows\\System32\\rpcnet.exe
C:\\Program Files\\Spyware Doctor\\pctsAuxs.exe
C:\\Program Files\\Spyware Doctor\\pctsSvc.exe
C:\\Program Files\\Dell Support Center\\bin\\sprtsvc.exe
C:\\Windows\\system32\\STacSV.exe
C:\\Windows\\system32\\taskeng.exe
C:\\Windows\\system32\\svchost.exe -k imgsvc
C:\\Windows\\System32\\svchost.exe -k WerSvcGroup
C:\\Windows\\system32\\SearchIndexer.exe
C:\\Windows\\system32\\DRIVERS\\xaudio.exe
C:\\Program Files\\Spybot - Search & Destroy\\SDWinSec.exe
C:\\PROGRA~1\\McAfee\\MSC\\mcmscsvc.exe
C:\\Windows\\System32\\alg.exe
C:\\PROGRA~1\\McAfee\\VIRUSS~1\\mcsysmon.exe
c:\\PROGRA~1\\COMMON~1\\mcafee\\mna\\mcnasvc.exe
C:\\PROGRA~1\\McAfee.com\\Agent\\mcagent.exe
C:\\Windows\\system32\\taskeng.exe
C:\\Windows\\system32\\Dwm.exe
C:\\Windows\\Explorer.EXE
C:\\Program Files\\DellTPad\\Apoint.exe
C:\\Windows\\OEM02Mon.exe
C:\\Windows\\System32\\WLTRAY.EXE
C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe
C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe
C:\\Program Files\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanlu.exe
C:\\Windows\\System32\\rundll32.exe
C:\\Program Files\\FlashGet\\flashget.exe
C:\\Program Files\\DellTPad\\ApMsgFwd.exe
C:\\Program Files\\SigmaTel\\C-Major Audio\\WDM\\sttray.exe
C:\\Windows\\System32\\rundll32.exe
C:\\Windows\\System32\\rundll32.exe
C:\\Windows\\System32\\rundll32.exe
C:\\Windows\\system32\\wbem\\wmiprvse.exe
C:\\Program Files\\DellTPad\\Apntex.exe
C:\\Program Files\\Java\\jre6\\bin\\jusched.exe
C:\\Program Files\\PowerISO\\PWRISOVM.EXE
C:\\Program Files\\DellTPad\\HidFind.exe
C:\\Program Files\\iTunes\\iTunesHelper.exe
C:\\Program Files\\Spyware Doctor\\pctsTray.exe
C:\\Program Files\\DellSupport\\DSAgnt.exe
C:\\Windows\\ehome\\ehtray.exe
C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe
C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe
C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe
C:\\Program Files\\DAEMON Tools Lite\\daemon.exe
C:\\Program Files\\DNA\\btdna.exe
C:\\Program Files\\Windows Media Player\\wmpnscfg.exe
C:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe
C:\\Windows\\ehome\\ehmsas.exe
C:\\Program Files\\Digital Line Detect\\DLG.exe
c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BtStackServer.exe
C:\\Program Files\\Dell\\QuickSet\\quickset.exe
C:\\Program Files\\GameSpot\\GameSpotDownloadManager_Win32.exe
C:\\Program Files\\Windows Media Player\\wmpnetwk.exe
c:\\PROGRA~1\\mcafee\\msc\\mcuimgr.exe
C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe
C:\\Program Files\\iPod\\bin\\iPodService.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\agent.exe
C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe
C:\\Windows\\system32\\wuauclt.exe
C:\\Windows\\System32\\mobsync.exe
C:\\Program Files\\iTunes\\iTunes.exe
C:\\Windows\\servicing\\TrustedInstaller.exe
C:\\Users\\Alex\\Desktop\\dds.com
C:\\Windows\\system32\\wbem\\wmiprvse.exe

============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4071026
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\\program files\\common files\\adobe\\acrobat\\activex\\AcroIEHelper.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\\program files\\flashget\\jccatch.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\\progra~1\\mcafee\\msk\\mcapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\\progra~1\\spybot~1\\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\\program files\\java\\jre6\\bin\\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\\program files\\mcafee\\virusscan\\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\\program files\\google\\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\\program files\\google\\googletoolbarnotifier\\2.0.301.7164\\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\\program files\\dell\\bae\\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\\program files\\java\\jre6\\bin\\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\\program files\\flashget\\getflash.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\\program files\\google\\googletoolbar2.dll
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
uRun: [DellSupport] "c:\\program files\\dellsupport\\DSAgnt.exe" /startup
uRun: [ehTray.exe] c:\\windows\\ehome\\ehTray.exe
uRun: [swg] c:\\program files\\google\\googletoolbarnotifier\\GoogleToolbarNotifier.exe
uRun: [Steam] c:\\program files\\valve\\steam\\\\Steam.exe -silent
uRun: [ISUSPM] "c:\\program files\\common files\\installshield\\updateservice\\ISUSPM.exe" -scheduler
uRun: [DellSupportCenter] "c:\\program files\\dell support center\\bin\\sprtcmd.exe" /P DellSupportCenter
uRun: [SpybotSD TeaTimer] c:\\program files\\spybot - search & destroy\\TeaTimer.exe
uRun: [DAEMON Tools Lite] "c:\\program files\\daemon tools lite\\daemon.exe" -autorun
uRun: [BitTorrent DNA] "c:\\program files\\dna\\btdna.exe"
uRun: [WMPNSCFG] c:\\program files\\windows media player\\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\\Windows Defender\\MSASCui.exe -hide
mRun: [ECenter] c:\\dell\\e-center\\EULALauncher.exe
mRun: [Apoint] c:\\program files\\delltpad\\Apoint.exe
mRun: [OEM02Mon.exe] c:\\windows\\OEM02Mon.exe
mRun: [Broadcom Wireless Manager UI] c:\\windows\\system32\\WLTRAY.exe
mRun: [DELL Webcam Manager] "c:\\program files\\dell\\dell webcam manager\\DellWMgr.exe" /s
mRun: [ISUSPM Startup] c:\\progra~1\\common~1\\instal~1\\update~1\\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\\program files\\common files\\installshield\\updateservice\\issch.exe" -start
mRun: [PCMService] "c:\\program files\\dell\\mediadirect\\PCMService.exe"
mRun: [dscactivate] "c:\\program files\\dell support center\\gs_agent\\custom\\dsca.exe"
mRun: [Google Desktop Search] "c:\\program files\\google\\google desktop search\\GoogleDesktop.exe" /startup
mRun: [mcagent_exe] c:\\program files\\mcafee.com\\agent\\mcagent.exe /runkey
mRun: [VolPanel] "c:\\program files\\creative\\sound blaster x-fi\\volume panel\\VolPanlu.exe" /r
mRun: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
mRun: []
mRun: [RoxWatchTray] "c:\\program files\\common files\\roxio shared\\9.0\\sharedcom\\RoxWatchTray9.exe"
mRun: [Flashget] c:\\program files\\flashget\\flashget.exe /min
mRun: [Adobe Reader Speed Launcher] "c:\\program files\\adobe\\reader 8.0\\reader\\Reader_sl.exe"
mRun: [DellSupportCenter] "c:\\program files\\dell support center\\bin\\sprtcmd.exe" /P DellSupportCenter
mRun: [SigmatelSysTrayApp] %ProgramFiles%\\SigmaTel\\C-Major Audio\\WDM\\sttray.exe
mRun: [NvSvc] RUNDLL32.EXE c:\\windows\\system32\\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\\windows\\system32\\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\\windows\\system32\\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\\windows\\system32\\nvHotkey.dll,Start
mRun: [SunJavaUpdateSched] "c:\\program files\\java\\jre6\\bin\\jusched.exe"
mRun: [PWRISOVM.EXE] c:\\program files\\poweriso\\PWRISOVM.EXE
mRun: [AppleSyncNotifier] c:\\program files\\common files\\apple\\mobile device support\\bin\\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\\program files\\quicktime\\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\\program files\\itunes\\iTunesHelper.exe"
mRun: [ISTray] "c:\\program files\\spyware doctor\\pctsTray.exe"
dRun: [DelayShred] "c:\\program files\\mcafee\\mshr\\shrcl.exe" /p7 /q c:\\users\\alex\\appdata\\local\\micros~1\\windows\\tempor~1\\content.ie5\\0xk987cw\\1346_1~1.sh!
c:\\users\\alex\\appdata\\local\\micros~1\\windows\\tempor~1\\content.ie5\\0xk987cw\\v_1_~1.sh! c:\\users\\alex\\appdata\\local\\micros~1\\windows\\tempor~1\\content.ie5\\08chercv\\1375_1~1.sh!
c:\\users\\alex\\appdata\\local\\micros~1\\windows\\tempor~1\\content.ie5\\08chercv\\v_1_~1.sh! c:\\users\\alex\\appdata\\local\\temp\\google~1\\{17841~1.sh! c:\\$recycle.bin\\s-1-5-~4\\$raud3ch.sh!
c:\\$recycle.bin\\s-1-5-~4\\$r4mfau8\\left4d~1\\sound\\weapons\\DUAL_P~1.SH!
StartupFolder: c:\\users\\alex\\appdata\\roaming\\micros~1\\windows\\startm~1\\programs\\startup\\gamesp~1.lnk - c:\\program files\\gamespot\\GameSpotDownloadManager_Win32.exe
StartupFolder: c:\\progra~2\\micros~1\\windows\\startm~1\\programs\\startup\\blueto~1.lnk - c:\\program files\\widcomm\\bluetooth software\\BTTray.exe
StartupFolder: c:\\progra~2\\micros~1\\windows\\startm~1\\programs\\startup\\digita~1.lnk - c:\\program files\\digital line detect\\DLG.exe
StartupFolder: c:\\progra~2\\micros~1\\windows\\startm~1\\programs\\startup\\quickset.lnk - c:\\program files\\dell\\quickset\\quickset.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download All with FlashGet - c:\\program files\\flashget\\jc_all.htm
IE: &Download with FlashGet - c:\\program files\\flashget\\jc_link.htm
IE: E&xport to Microsoft Excel - c:\\progra~1\\micros~3\\office12\\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\\program files\\widcomm\\bluetooth software\\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\\program files\\widcomm\\bluetooth software\\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\\program files\\widcomm\\bluetooth software\\btsendto_ie.htm
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\\program files\\flashget\\FlashGet.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\\progra~1\\micros~3\\office12\\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\\progra~1\\spybot~1\\SDHelper.dll
LSP: c:\\program files\\common files\\pc tools\\lsp\\PCTLsp.dll
AppInit_DLLs: c:\\progra~1\\google\\google~2\\GOEC62~1.DLL
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\\System32\\DreamScene.dll
================= FIREFOX ===================
FF - ProfilePath - c:\\users\\alex\\appdata\\roaming\\mozilla\\firefox\\profiles\\cgvtf71o.default\\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - component: c:\\program files\\mozilla firefox\\components\\GoogleDesktopMozilla.dll
FF - plugin: c:\\program files\\mozilla firefox\\plugins\\npbittorrent.dll
FF - plugin: c:\\program files\\mozilla firefox\\plugins\\npGoogleGadgetPluginFirefoxWin.dll
============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================
2009-01-05 16:32 1,524,736 a------- c:\\windows\\system32\\wucltux.dll
2009-01-05 16:31 162,064 a------- c:\\windows\\system32\\wuwebv.dll
2009-01-05 16:31 31,232 a------- c:\\windows\\system32\\wuapp.exe
2009-01-04 21:32
a-d----- c:\\programdata\\TEMP
2009-01-04 21:32 160,792 a------- c:\\windows\\system32\\drivers\\pctfw2.sys
2009-01-04 21:32
--d----- c:\\program files\\common files\\PC Tools
2009-01-04 21:32 81,288 a------- c:\\windows\\system32\\drivers\\iksyssec.sys
2009-01-04 21:32 42,376 a------- c:\\windows\\system32\\drivers\\ikfilesec.sys
2009-01-04 21:32 29,576 a------- c:\\windows\\system32\\drivers\\kcom.sys
2009-01-04 21:32 66,952 a------- c:\\windows\\system32\\drivers\\iksysflt.sys
2009-01-04 21:32
--d----- c:\\users\\alex\\appdata\\roaming\\PC Tools
2009-01-04 21:32
--d----- c:\\programdata\\PC Tools
2009-01-04 21:32
--d----- c:\\program files\\Spyware Doctor
2009-01-04 21:32
--d----- c:\\progra~2\\PC Tools
2009-01-04 05:28 0 a---h--- c:\\windows\\system32\\drivers\\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-01-01 17:16
--d----- c:\\program files\\Audacity
2008-12-30 16:02
--d----- c:\\users\\alex\\appdata\\roaming\\Malwarebytes
2008-12-30 16:02 15,504 a------- c:\\windows\\system32\\drivers\\mbam.sys
2008-12-30 16:02 38,496 a------- c:\\windows\\system32\\drivers\\mbamswissarmy.sys
2008-12-30 16:02
--d----- c:\\programdata\\Malwarebytes
2008-12-30 16:02
--d----- c:\\progra~2\\Malwarebytes
2008-12-30 16:02
--d----- c:\\program files\\Malwarebytes' Anti-Malware
2008-12-27 16:53
--dsh--- c:\\windows\\ftpcache
2008-12-22 23:04 385,024 a------- c:\\windows\\system32\\xa542959046.exe
2008-12-22 23:04 385,024 a------- c:\\windows\\system32\\xa542958796.exe
2008-12-22 23:00 385,024 a------- c:\\windows\\system32\\xa542696168.exe
2008-12-22 23:00 385,024 a------- c:\\windows\\system32\\xa542695934.exe
2008-12-16 19:06
--d----- c:\\program files\\Combined Community Codec Pack
==================== Find3M ====================
2009-01-05 14:13 17,408 a------- c:\\windows\\system32\\rpcnetp.exe
2009-01-05 14:13 47,104 a------- c:\\windows\\system32\\rpcnet.dll
2008-12-27 17:03 143,360 a------- c:\\windows\\inf\\infstrng.dat
2008-12-27 17:03 51,200 a------- c:\\windows\\inf\\infpub.dat
2008-12-27 17:02 86,016 a------- c:\\windows\\inf\\infstor.dat
2008-12-25 00:38 147,128 a------- c:\\users\\alex\\appdata\\roaming\\nvModes.dat
2008-12-01 21:28 410,976 a------- c:\\windows\\system32\\deploytk.dll
2008-11-25 16:46 17,408 a------- c:\\windows\\system32\\rpcnetp.dll
2008-11-21 16:47 524,288 a------- c:\\windows\\system32\\DivXsm.exe
2008-11-21 16:47 3,596,288 a------- c:\\windows\\system32\\qt-dx331.dll
2008-11-21 16:46 1,044,480 a------- c:\\windows\\system32\\libdivx.dll
2008-11-21 16:46 200,704 a------- c:\\windows\\system32\\ssldivx.dll
2008-11-21 16:44 161,096 a------- c:\\windows\\system32\\DivXCodecVersionChecker.exe
2008-11-21 16:44 12,288 a------- c:\\windows\\system32\\DivXWMPExtType.dll
2008-10-15 13:46 108,144 a------- c:\\windows\\system32\\CmdLineExt.dll
2008-08-06 00:39 174 a--sh--- c:\\program files\\desktop.ini
2008-08-06 00:23 665,600 a------- c:\\windows\\inf\\drvindex.dat
2008-02-13 20:36 516 a------- c:\\users\\alex\\appdata\\roaming\\wklnhst.dat
2006-11-02 07:40 287,440 a------- c:\\windows\\inf\\perflib\\0409\\perfi.dat
2006-11-02 07:40 287,440 a------- c:\\windows\\inf\\perflib\\0409\\perfh.dat
2006-11-02 07:40 30,674 a------- c:\\windows\\inf\\perflib\\0409\\perfd.dat
2006-11-02 07:40 30,674 a------- c:\\windows\\inf\\perflib\\0409\\perfc.dat
2006-11-02 04:20 287,440 a------- c:\\windows\\inf\\perflib\\0000\\perfi.dat
2006-11-02 04:20 287,440 a------- c:\\windows\\inf\\perflib\\0000\\perfh.dat
2006-11-02 04:20 30,674 a------- c:\\windows\\inf\\perflib\\0000\\perfd.dat
2006-11-02 04:20 30,674 a------- c:\\windows\\inf\\perflib\\0000\\perfc.dat
2007-10-25 16:49 76 ---shr-- c:\\windows\\CT4CET.bin
2008-09-17 13:48 16,384 a--sh--- c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat
2008-09-17 13:48 32,768 a--sh--- c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat
2008-09-17 13:48 16,384 a--sh--- c:\\windows\\serviceprofiles\\localservice\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat
============= FINISH: 17:39:39.72 ===============

Delete these four files:
c:\\windows\\system32\\xa542959046.exe
c:\\windows\\system32\\xa542958796.exe
c:\\windows\\system32\\xa542696168.exe
c:\\windows\\system32\\xa542695934.exe

What problems remain?

i dont think any problems remain... i am now able to update mcafee, windows, and spybot now... i also have none of the other problems i had...thank you for your quick responses and for all the help

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems! Good luck.

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.