Options

My lil bro screwed it up! Please help!

Let's just say my 14 year old brother is a game addict and is hooked on Runescape. :eek: He downloads all kinds of stuff and now the computer has tons of viruses, adware, etc. Neither my fiance or I have been able to fix it. :thumbsdow It will not let us update any virus software, download new software, and everytime you search something, say for instance, on Google or MSN, the links take you to more websites that get you to try to download more viruses. :confused: We've used McAfee, Avast!, Ad-aware and CCleaner to try to fix it. I couldn't get AVG to download but that's what I'm used to. :confused2 I'm out of ideas and so is he. Can you please help. Here is the Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:34 PM, on 12/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6071217
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60313
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60313
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60313
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6071217
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/forgotPassword.asp?affid=105-258&langid=1&close=true&RW=1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm860MTUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 10294 bytes


Thanks in advance! :bigggrin:

Comments

  • VekaVeka Finland
    edited December 2008
    Hi, welcome to Icrontic.


    Download GMER Rootkit Scanner from here or here.

    Unzip it to your Desktop.

    Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.


    Double-click gmer.exe

    The program will begin to run. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click Yes. Once the scan is complete, you may receive another notice about rootkit activity. Click OK. GMER will produce a log. Click on the Save button, and save the log file somewhere you can easily find it, such as your desktop. Please attach that log to your next reply.

    If you do not receive notice about possible rootkit activity, remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. It will produce a log. Click on the Save button, and save the log file somewhere you can easily find it, such as your desktop. Please attach that log to your next reply.
  • edited December 2008
    Hi Veka,
    I've been leaving the computer in standby mode at night so it's easier to get on the next day and my dad shut it off last night......it took 5+ times (I stopped counting) to just get the computer to start up so I could get on the internet to see your reply.

    And then, I was super excited to have something to try so we can get the computer fixed and then boo...I tried clicking on both links and searching around to see if I could find a way to download the tool, but it didn't work. Everytime I try to click on a link to a website it goes to the "Internet Explorer cannot display the webpage" page. Sometimes I can use the cache to get to the webpage but then once I finally get to the download and click on it, the internet goes back to the "...cannot display..." page again.

    So now what do we do?

    Thanks for your patience with my parents' sucky computer, I wanna go all "Office Space" on it.

    ~Amy
  • VekaVeka Finland
    edited December 2008
    It seems the infection prevents downloading GMER. I renamed the gmer.zip to MarksGirl.zip and uploaded it on MediaFire.

    Download GMER (MarksGirl.zip) from the link below:

    http://www.mediafire.com/file/odxdjkkytuy/MarksGirl.zip

    If this works, follow carry on with the instructions.
  • edited December 2008
    Still no luck. What if you emailed it to me?
  • VekaVeka Finland
    edited December 2008
    Are you facing the problems with downloading or running GMER?
  • edited December 2008
    Okay, so I tried to download it again to see if things work better without a nagging brother sitting beside you and it downloaded! :) I unzipped the file and double-clicked the gmer.exe so the box pops up and I press run and then nothing. It shows up in the Windows Task Manager under Processes but nothing seems to be happening. :confused:

    Amy
  • VekaVeka Finland
    edited December 2008
    It might take a while but if there is no progress, say, in a couple of hours, we need to try another way.
  • edited December 2008
    Nothing happened all night. :( On to plan B.

    Amy
  • VekaVeka Finland
    edited December 2008
    All right. :)

    Please check your Private Messages for instructions before you continue here.


    We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    Once installed, you should see a blue screen prompt that says:

    The Recovery Console was successfully installed.

    Please continue as follows:
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    2. Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    Hijackthis Log
  • edited December 2008
    Yay! It ran and here are the logs:

    Combo Fix:
    ComboFix 08-12-12.02 - Cheryl Shannon 2008-12-12 18:41:26.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.664 [GMT -6:00]
    Running from: c:\documents and settings\Cheryl Shannon\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Cheryl Shannon\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    * Created a new restore point
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\windows\system32\Drivers\TDSSmqlt.sys
    c:\windows\system32\msiconf.exe
    c:\windows\system32\TDSShrxx.dll
    c:\windows\system32\TDSSkkai.log
    c:\windows\system32\TDSSlxwp.dll
    c:\windows\system32\TDSSmtvd.dat
    c:\windows\system32\TDSSoiqt.dll
    c:\windows\system32\TDSSvkql.dll
    c:\windows\system32\x64
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    \Legacy_TDSSSERV.SYS
    \Service_TDSSserv.sys

    ((((((((((((((((((((((((( Files Created from 2008-11-13 to 2008-12-13 )))))))))))))))))))))))))))))))
    .
    2008-12-11 15:51 . 2008-12-11 15:54 1,393 --a
    c:\windows\imsins.BAK
    2008-12-10 18:04 . 2008-12-10 18:04 <DIR> d
    c:\documents and settings\Guest\.jagex_cache_32
    2008-12-10 18:04 . 2008-12-12 16:59 31 --a
    c:\documents and settings\Guest\jagex_runescape_preferences.dat
    2008-12-10 17:43 . 2007-12-17 10:32 <DIR> d
    c:\documents and settings\Guest\Application Data\Roxio
    2008-12-10 17:43 . 2007-12-17 10:13 <DIR> d
    c:\documents and settings\Guest\Application Data\InstallShield
    2008-12-10 17:43 . 2008-12-10 18:04 <DIR> d
    c:\documents and settings\Guest
    2008-12-07 20:01 . 2008-12-07 20:01 <DIR> d
    c:\program files\Trend Micro
    2008-12-07 19:25 . 2008-12-07 19:25 50,968 --a
    c:\windows\system32\avgfwdx.dll
    2008-12-07 19:25 . 2008-12-07 19:25 29,208 --a
    c:\windows\system32\drivers\avgfwdx.sys
    2008-12-07 19:25 . 2008-12-07 19:25 4,128 --a
    C:\INFCACHE.1
    2008-12-06 23:16 . 2008-12-06 23:16 <DIR> d
    c:\program files\CCleaner
    2008-12-06 22:19 . 2008-12-06 22:19 <DIR> d
    c:\program files\Lavasoft
    2008-12-06 22:19 . 2008-12-06 22:19 <DIR> d
    c:\documents and settings\All Users\Application Data\Lavasoft
    2008-12-06 22:18 . 2008-12-06 22:18 <DIR> d
    c:\program files\Common Files\Wise Installation Wizard
    2008-12-06 21:03 . 2008-12-06 21:03 <DIR> d
    c:\program files\Alwil Software
    2008-12-05 17:54 . 2008-12-05 17:54 80,384 --a
    c:\program files\Common Files\ThfLE11I.exe
    2008-11-24 22:03 . 2008-11-24 22:03 <DIR> d
    c:\program files\Apple Software Update
    2008-11-22 17:30 . 2008-12-05 17:58 <DIR> d
    c:\program files\Video Enhancer
    2008-11-22 17:30 . 2008-11-22 17:30 <DIR> d
    c:\program files\Common Files\Download Manager
    2008-11-16 19:22 . 2008-11-16 19:22 2 --a
    c:\windows\msoffice.ini
    2008-11-16 15:27 . 2008-11-16 15:27 <DIR> d
    c:\program files\MSBuild
    2008-11-16 15:25 . 2008-11-16 15:25 <DIR> d
    c:\windows\system32\XPSViewer
    2008-11-16 15:24 . 2008-11-16 15:24 <DIR> d
    c:\program files\Reference Assemblies
    2008-11-16 15:23 . 2006-06-29 13:07 14,048
    c:\windows\system32\spmsg2.dll
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-13 00:48
    d
    w c:\program files\dl_cats
    2008-12-13 00:14
    d
    w c:\program files\McAfee
    2008-12-11 21:55
    d
    w c:\documents and settings\All Users\Application Data\Microsoft Help
    2008-12-07 06:10
    d
    w c:\program files\Dell
    2008-11-17 01:40
    d
    w c:\program files\Google
    2008-11-17 01:35
    d
    w c:\program files\Yahoo!
    2008-11-17 01:34
    d
    w c:\program files\Common Files\SureThing Shared
    2008-11-17 01:30
    d--h--w c:\program files\InstallShield Installation Information
    2008-11-17 01:26
    d
    w c:\program files\iWin.com
    2008-11-17 01:23
    d
    w c:\program files\Common Files\AOL
    2008-11-17 01:23
    d
    w c:\documents and settings\All Users\Application Data\AOL
    2008-11-16 21:33
    d
    w c:\documents and settings\All Users\Application Data\iWin Games
    2008-11-16 21:29
    d
    w c:\program files\Sony
    2008-11-16 21:20
    d
    w c:\program files\Sony Setup
    2008-10-28 01:28
    d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2008-10-25 00:49
    d
    w c:\program files\Java
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-24 11:21 455,296
    w c:\windows\system32\dllcache\mrxsmb.sys
    2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
    2008-10-23 12:36 286,720
    w c:\windows\system32\dllcache\gdi32.dll
    2008-10-21 20:51
    d
    w c:\program files\Microsoft Silverlight
    2008-10-17 08:08 3,593,216
    w c:\windows\system32\dllcache\mshtml.dll
    2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 20:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
    2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
    2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 20:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
    2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 20:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
    2008-10-16 20:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
    2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 20:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
    2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 20:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
    2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-16 13:11 70,656
    w c:\windows\system32\dllcache\ie4uinit.exe
    2008-10-16 13:11 13,824
    w c:\windows\system32\dllcache\ieudinit.exe
    2008-10-15 16:34 337,408
    w c:\windows\system32\dllcache\netapi32.dll
    2008-10-15 07:06 633,632
    w c:\windows\system32\dllcache\iexplore.exe
    2008-10-15 07:04 161,792
    w c:\windows\system32\dllcache\ieakui.dll
    2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
    2008-10-03 10:02 247,326
    w c:\windows\system32\dllcache\strmdll.dll
    2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
    2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
    2008-09-15 12:12 1,846,400
    w c:\windows\system32\dllcache\win32k.sys
    2008-07-25 00:52 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008072420080725\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-16 142104]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-16 162584]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
    "DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-06-06 106496]
    "RTHDCPL"="RTHDCPL.EXE" [2007-07-16 c:\windows\RTHDCPL.EXE]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-17 24576]
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
    backup=c:\windows\pss\Service Manager.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Documents and Settings^David Shannon^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
    path=c:\documents and settings\David Shannon\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
    backup=c:\windows\pss\iWin Desktop Alerts.lnkStartup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a
    2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
    --a
    2008-08-13 17:32 206064 c:\program files\Dell Support Center\bin\sprtcmd.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcxmon.exe]
    --a
    2006-06-13 17:51 286720 c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
    --a
    2007-11-15 09:24 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
    --a
    2007-05-24 07:03 17920 c:\dell\E-Center\EULALauncher.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
    --a
    2006-06-14 15:03 307200 c:\program files\Dell PC Fax\fm3032.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a
    2008-02-19 13:10 267048 c:\program files\iTunes\iTunesHelper.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
    --a
    2007-08-03 22:33 582992 c:\program files\McAfee.com\Agent\mcagent.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
    --a
    2006-06-26 16:34 299008 c:\program files\Dell Photo AIO Printer 926\memcard.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
    2006-10-20 17:23 118784 c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    --a
    2007-07-16 19:45 138008 c:\windows\system32\igfxpers.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a
    2008-01-31 23:13 385024 c:\program files\QuickTime\QTTask.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    --a
    2006-08-17 09:00 1116920 c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    --a
    2006-11-05 11:22 221184 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a
    2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    --a
    2007-07-16 19:48 69632 c:\windows\ALCMTR.EXE
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "AntiVirusOverride"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\WINDOWS\\system32\\dlcxcoms.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-06 78416]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-06 20560]
    R3 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service []
    S2 0273581229127249mcinstcleanup;McAfee Application Installer Cleanup (0273581229127249);c:\windows\TEMP\027358~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
    S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-12-07 29208]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-12-07 29208]
    *Newly Created Service* - 0273581229127249MCINSTCLEANUP
    .
    - - - - ORPHANS REMOVED - - - -
    WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
    WebBrowser-{CE0C2586-DA36-452B-ACDB-320D9BCB19BF} - (no file)

    .
    Supplementary Scan
    .
    uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/forgotPassword.asp?affid=105-258&langid=1&close=true&RW=1
    IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm860MTUS
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
    hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    c:\windows\Downloaded Program Files\SysReqLab3.osd
    .
    **************************************************************************
    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-12 18:44:39
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    Other Running Processes
    .
    c:\program files\Lavasoft\Ad-Aware\aawservice.exe
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\progra~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\Alwil Software\Avast4\ashDisp.exe
    c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
    c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
    c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
    c:\program files\McAfee\MPF\MpfSrv.exe
    c:\program files\McAfee\MSK\msksrver.exe
    c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    c:\progra~1\McAfee\MSC\mcuimgr.exe
    c:\program files\Alwil Software\Avast4\ashMaiSv.exe
    c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
    c:\windows\system32\dlcxcoms.exe
    c:\windows\system32\fxssvc.exe
    c:\windows\system32\imapi.exe
    .
    **************************************************************************
    .
    Completion time: 2008-12-12 18:49:19 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-12-13 00:49:14
    Pre-Run: 297,581,146,112 bytes free
    Post-Run: 298,208,178,176 bytes free
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    246 --- E O F --- 2008-12-11 21:55:05

    Hijack This:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:52:28 PM, on 12/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    c:\PROGRA~1\mcafee\msc\mcuimgr.exe
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\dlcxcoms.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\explorer.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60313
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60313
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6071217
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/forgotPassword.asp?affid=105-258&langid=1&close=true&RW=1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm860MTUS
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
    O23 - Service: McAfee Application Installer Cleanup (0273581229127249) (0273581229127249mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\027358~1.EXE (file missing)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    --
    End of file - 9653 bytes

    *prays for good results*
    Amy
  • VekaVeka Finland
    edited December 2008
    Good :)

    Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
    • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • edited December 2008
    20 items removed. They were either Trojans or Adware.... don't you just love my little brother?!

    Malwarebytes' Anti-Malware 1.31
    Database version: 1506
    Windows 5.1.2600 Service Pack 3
    12/16/2008 9:32:39 PM
    mbam-log-2008-12-16 (21-32-39).txt
    Scan type: Full Scan (C:\|)
    Objects scanned: 112706
    Time elapsed: 22 minute(s), 50 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 17
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    C:\Documents and Settings\David Shannon\Local Settings\Temp\TDSS91c5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSShrxx.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSoiqt.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSvkql.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\TDSSmqlt.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP313\A0026676.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP313\A0026683.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP313\A0026689.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP313\A0026690.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP313\A0026691.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP317\A0026787.exe (Adware.Comet) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP317\A0026789.exe (Adware.Comet) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP337\A0028928.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP338\A0028965.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP338\A0028966.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP338\A0028967.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\Documents and Settings\David Shannon\Local Settings\Temp\TDSS91b5.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  • VekaVeka Finland
    edited December 2008
    There is a suspicious file we need to have scanned by uploading them to VirusTotal.

    Plead go to VirusTotal.

    Copy and paste the following file path into the Search Box in the middle of the page:

    c:\program files\Common Files\ThfLE11I.exe

    Now click on the Send File button.

    NOTE: If you come to the "File has already been analysed:" page, select "Reanalyse file now" to get a fresh scan.

    Save a copy of the Anti-Virus results only. Post the results in your next reply.
  • edited December 2008
    Antivirus Version Last Update Result

    AhnLab- V32008.12.17.3 2008.12.17 -

    AntiVir 7.9.0.45 2008.12.17 TR/Crypt.XPACK.Gen

    Authentium 5.1.0.4 2008.12.17 -

    Avast 4.8.1281.0 2008.12.17 -

    AVG 8.0.0.199 2008.12.17 Downloader.Zlob

    BitDefender 7.2 2008.12.17 -

    CAT-QuickHeal 10.00 2008.12.17 Win32.TrojanDropper.Nuwar.gen!lds.4

    ClamAV 0.94.1 2008.12.17 -

    Comodo 771 2008.12.17 -

    DrWeb 4.44.0.09170 2008.12.17 -

    eSafe 7.0.17.0 2008.12.17 Suspicious File

    eTrust-Vet 31.6.6265 2008.12.17 -

    Ewido 4.0 2008.12.17 -

    F-Prot 4.4.4.56 2008.12.17 -

    F-Secure 8.0.14332.0 2008.12.17 Suspicious:W32/Malware!Gemini

    Fortinet 3.117.0.0 2008.12.17 -

    GData 19 2008.12.17 -

    Ikarus T3.1.1.45.0 2008.12.17 -

    K7AntiVirus 7.10.556 2008.12.17 -

    Kaspersky 7.0.0.125 2008.12.17 -

    McAfee 5466 2008.12.16 -

    McAfee+Artemis 5466 2008.12.16 -

    Microsoft 1.4205 2008.12.17 TrojanDownloader:Win32/Renos.HB

    NOD32 3699 2008.12.17 a variant of Win32/TrojanDownloader.FakeAlert.TF

    Norman 5.80.02 2008.12.17 -

    Panda 9.0.0.4 2008.12.17 -

    PCTools 4.4.2.0 2008.12.17 -

    Prevx 1V2 2008.12.17 Malicious Software

    Rising 21.08.22.00 2008.12.17 -

    SecureWeb-Gateway 6.7.6 2008.12.17 Trojan.Crypt.XPACK.Gen

    Sophos 4.37.0 2008.12.17 -

    Sunbelt 3.2.1801.2 2008.12.11 -

    Symantec 10 2008.12.17 -

    TheHacker 6.3.1.4.190 2008.12.17 -

    TrendMicro 8.700.0.1004 2008.12.17 -

    VBA32 3.12.8.10 2008.12.16 -

    ViRobot 2008.12.17.1523 2008.12.17 -

    VirusBuster 4.5.11.0 2008.12.17 -

    That was a fun trick.

    Amy
    Mark's Girl
  • VekaVeka Finland
    edited December 2008
    Thank you. Looks bad so let's get rid of it.

    Now, open Notepad (don't use any other texteditor than notepad or the script will fail).
    Copy & Paste the text in the Code-box below into notepad:
    File::
    c:\program files\Common Files\ThfLE11I.exe
    
    Save this as txtfile CFScript

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

    CFScript.gif

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
  • edited December 2008
    ComboFix 08-12-12.02 - Cheryl Shannon 2008-12-19 18:20:35.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.399 [GMT -6:00]
    Running from: c:\documents and settings\Cheryl Shannon\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Cheryl Shannon\Desktop\CFScript.txt
    * Created a new restore point
    FILE ::
    c:\program files\Common Files\ThfLE11I.exe
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\program files\Common Files\ThfLE11I.exe
    .
    ((((((((((((((((((((((((( Files Created from 2008-11-20 to 2008-12-20 )))))))))))))))))))))))))))))))
    .
    2008-12-16 06:42 . 2008-12-16 06:42 <DIR> d
    c:\program files\Malwarebytes' Anti-Malware
    2008-12-16 06:42 . 2008-12-16 06:42 <DIR> d
    c:\documents and settings\Cheryl Shannon\Application Data\Malwarebytes
    2008-12-16 06:42 . 2008-12-16 06:42 <DIR> d
    c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-12-16 06:42 . 2008-12-03 19:59 38,496 --a
    c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-16 06:42 . 2008-12-03 19:59 15,504 --a
    c:\windows\system32\drivers\mbam.sys
    2008-12-15 19:34 . 2008-12-19 17:39 31 --a
    c:\documents and settings\Cheryl Shannon\jagex_runescape_preferences.dat
    2008-12-13 08:38 . 2008-12-13 16:14 31 --a
    c:\documents and settings\Brandon Shannon\jagex_runescape_preferences.dat
    2008-12-11 15:51 . 2008-12-11 15:54 1,393 --a
    c:\windows\imsins.BAK
    2008-12-10 18:04 . 2008-12-10 18:04 <DIR> d
    c:\documents and settings\Guest\.jagex_cache_32
    2008-12-10 18:04 . 2008-12-12 16:59 31 --a
    c:\documents and settings\Guest\jagex_runescape_preferences.dat
    2008-12-10 17:43 . 2007-12-17 10:32 <DIR> d
    c:\documents and settings\Guest\Application Data\Roxio
    2008-12-10 17:43 . 2007-12-17 10:13 <DIR> d
    c:\documents and settings\Guest\Application Data\InstallShield
    2008-12-10 17:43 . 2008-12-10 18:04 <DIR> d
    c:\documents and settings\Guest
    2008-12-07 20:01 . 2008-12-07 20:01 <DIR> d
    c:\program files\Trend Micro
    2008-12-07 19:25 . 2008-12-07 19:25 50,968 --a
    c:\windows\system32\avgfwdx.dll
    2008-12-07 19:25 . 2008-12-07 19:25 29,208 --a
    c:\windows\system32\drivers\avgfwdx.sys
    2008-12-07 19:25 . 2008-12-07 19:25 4,128 --a
    C:\INFCACHE.1
    2008-12-06 23:16 . 2008-12-06 23:16 <DIR> d
    c:\program files\CCleaner
    2008-12-06 22:19 . 2008-12-06 22:19 <DIR> d
    c:\program files\Lavasoft
    2008-12-06 22:19 . 2008-12-06 22:19 <DIR> d
    c:\documents and settings\All Users\Application Data\Lavasoft
    2008-12-06 22:18 . 2008-12-06 22:18 <DIR> d
    c:\program files\Common Files\Wise Installation Wizard
    2008-12-06 21:03 . 2008-12-06 21:03 <DIR> d
    c:\program files\Alwil Software
    2008-11-24 22:03 . 2008-11-24 22:03 <DIR> d
    c:\program files\Apple Software Update
    2008-11-22 17:30 . 2008-12-05 17:58 <DIR> d
    c:\program files\Video Enhancer
    2008-11-22 17:30 . 2008-11-22 17:30 <DIR> d
    c:\program files\Common Files\Download Manager
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-20 00:10
    d
    w c:\program files\Modem Diagnostic Tool
    2008-12-19 20:02
    d
    w c:\program files\dl_cats
    2008-12-18 07:22
    d
    w c:\program files\McAfee
    2008-12-11 21:55
    d
    w c:\documents and settings\All Users\Application Data\Microsoft Help
    2008-12-07 06:10
    d
    w c:\program files\Dell
    2008-11-17 01:40
    d
    w c:\program files\Google
    2008-11-17 01:35
    d
    w c:\program files\Yahoo!
    2008-11-17 01:34
    d
    w c:\program files\Common Files\SureThing Shared
    2008-11-17 01:30
    d--h--w c:\program files\InstallShield Installation Information
    2008-11-17 01:26
    d
    w c:\program files\iWin.com
    2008-11-17 01:23
    d
    w c:\program files\Common Files\AOL
    2008-11-17 01:23
    d
    w c:\documents and settings\All Users\Application Data\AOL
    2008-11-16 21:33
    d
    w c:\documents and settings\All Users\Application Data\iWin Games
    2008-11-16 21:29
    d
    w c:\program files\Sony
    2008-11-16 21:27
    d
    w c:\program files\MSBuild
    2008-11-16 21:24
    d
    w c:\program files\Reference Assemblies
    2008-11-16 21:20
    d
    w c:\program files\Sony Setup
    2008-10-28 01:28
    d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2008-10-25 00:49
    d
    w c:\program files\Java
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-24 11:21 455,296
    w c:\windows\system32\dllcache\mrxsmb.sys
    2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
    2008-10-23 12:36 286,720
    w c:\windows\system32\dllcache\gdi32.dll
    2008-10-21 20:51
    d
    w c:\program files\Microsoft Silverlight
    2008-10-17 08:08 3,593,216
    w c:\windows\system32\dllcache\mshtml.dll
    2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 20:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
    2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
    2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 20:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
    2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 20:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
    2008-10-16 20:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
    2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 20:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
    2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 20:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
    2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-16 13:11 70,656
    w c:\windows\system32\dllcache\ie4uinit.exe
    2008-10-16 13:11 13,824
    w c:\windows\system32\dllcache\ieudinit.exe
    2008-10-15 16:34 337,408
    w c:\windows\system32\dllcache\netapi32.dll
    2008-10-15 07:06 633,632
    w c:\windows\system32\dllcache\iexplore.exe
    2008-10-15 07:04 161,792
    w c:\windows\system32\dllcache\ieakui.dll
    2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
    2008-10-03 10:02 247,326
    w c:\windows\system32\dllcache\strmdll.dll
    2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
    2008-07-25 00:52 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008072420080725\index.dat
    .
    ((((((((((((((((((((((((((((( snapshot@2008-12-12_18.48.43.93 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-12-06 23:27:22 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll
    + 2008-12-19 22:16:33 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll
    - 2008-12-06 23:27:22 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
    + 2008-12-19 22:16:33 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
    - 2008-07-19 15:43:08 1,163,960 ----a-w c:\windows\system32\aswBoot.exe
    + 2008-11-26 17:21:30 1,236,208 ----a-w c:\windows\system32\aswBoot.exe
    - 2008-07-19 15:30:53 94,392 ----a-w c:\windows\system32\AvastSS.scr
    + 2008-11-26 17:15:10 97,480 ----a-w c:\windows\system32\AvastSS.scr
    - 2008-12-13 00:14:12 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2008-12-19 20:57:11 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2008-12-13 00:14:12 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2008-12-19 20:57:11 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2008-07-19 15:32:15 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
    + 2008-11-26 17:15:35 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
    - 2008-07-19 15:37:42 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
    + 2008-11-26 17:17:25 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
    - 2008-01-17 17:34:01 93,264 ----a-w c:\windows\system32\drivers\aswmon.sys
    + 2008-11-26 17:18:25 93,296 ----a-w c:\windows\system32\drivers\aswmon.sys
    - 2008-07-19 15:37:21 94,416 ----a-w c:\windows\system32\drivers\aswmon2.sys
    + 2008-11-26 17:18:18 94,032 ----a-w c:\windows\system32\drivers\aswmon2.sys
    - 2008-07-19 15:33:42 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
    + 2008-11-26 17:16:29 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
    - 2008-07-19 15:35:18 78,416 ----a-w c:\windows\system32\drivers\aswSP.sys
    + 2008-11-26 17:17:36 111,184 ----a-w c:\windows\system32\drivers\aswSP.sys
    - 2008-07-19 15:32:36 42,912 ----a-w c:\windows\system32\drivers\aswTdi.sys
    + 2008-11-26 17:16:38 50,864 ----a-w c:\windows\system32\drivers\aswTdi.sys
    + 2008-12-19 21:44:19 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_398.dat
    + 2008-12-18 07:22:14 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5d8.dat
    + 2008-12-18 07:22:27 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5e0.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-16 142104]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-16 162584]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
    "DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-06-06 106496]
    "RTHDCPL"="RTHDCPL.EXE" [2007-07-16 c:\windows\RTHDCPL.EXE]
    c:\documents and settings\Cheryl Shannon\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-17 24576]
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
    backup=c:\windows\pss\Service Manager.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Documents and Settings^David Shannon^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
    path=c:\documents and settings\David Shannon\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
    backup=c:\windows\pss\iWin Desktop Alerts.lnkStartup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a
    2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
    --a
    2008-08-13 17:32 206064 c:\program files\Dell Support Center\bin\sprtcmd.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcxmon.exe]
    --a
    2006-06-13 17:51 286720 c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
    --a
    2007-11-15 09:24 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
    --a
    2007-05-24 07:03 17920 c:\dell\E-Center\EULALauncher.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
    --a
    2006-06-14 15:03 307200 c:\program files\Dell PC Fax\fm3032.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a
    2008-02-19 13:10 267048 c:\program files\iTunes\iTunesHelper.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
    --a
    2007-08-03 22:33 582992 c:\program files\McAfee.com\Agent\mcagent.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
    --a
    2006-06-26 16:34 299008 c:\program files\Dell Photo AIO Printer 926\memcard.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
    2006-10-20 17:23 118784 c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    --a
    2007-07-16 19:45 138008 c:\windows\system32\igfxpers.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a
    2008-01-31 23:13 385024 c:\program files\QuickTime\QTTask.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    --a
    2006-08-17 09:00 1116920 c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    --a
    2006-11-05 11:22 221184 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a
    2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    --a
    2007-07-16 19:48 69632 c:\windows\ALCMTR.EXE
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "AntiVirusOverride"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\WINDOWS\\system32\\dlcxcoms.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-06 111184]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-06 20560]
    R3 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service []
    S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-12-07 29208]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-12-07 29208]
    .
    .
    Supplementary Scan
    .
    uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/forgotPassword.asp?affid=105-258&langid=1&close=true&RW=1
    IE: &Search
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
    hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    c:\windows\Downloaded Program Files\SysReqLab3.osd
    .
    **************************************************************************
    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-19 18:22:15
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    DLLs Loaded Under Running Processes
    - - - - - - - > 'winlogon.exe'(712)
    c:\windows\system32\igfxdev.dll
    .
    Completion time: 2008-12-19 18:22:51
    ComboFix-quarantined-files.txt 2008-12-20 00:22:49
    ComboFix2.txt 2008-12-13 00:49:21
    Pre-Run: 297,845,964,800 bytes free
    Post-Run: 298,088,345,600 bytes free
    241 --- E O F --- 2008-12-11 21:55:05


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:23:13 PM, on 12/19/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dlcxcoms.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    c:\PROGRA~1\mcafee\msc\mcuimgr.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\WINDOWS\system32\imapi.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60313
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60313
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6071217
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/forgotPassword.asp?affid=105-258&langid=1&close=true&RW=1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    --
    End of file - 9472 bytes

    How we doing so far?

    Amy
    Mark's Girl
  • VekaVeka Finland
    edited December 2008
    Looks good. How is your computer running now?

    Note: it seems you have two antivirus (mcafee and avast) running simultaneously on your system which is not recommended as it may cause conflicts.
Sign In or Register to comment.