Blue Screen of Death and viruses. Any Help??
Blue screen of death error C000021a. Happens all the time, I was told it is corrupted registry files, but not sure.
I can't install windows service pack 2, It says my computer is to "unstable".
Nor can i install windows updates.
Also browser hijacking (search-daily.com) Only when i search from google. And pop-ups
I have ran ad-aware and spybot and Panda active scan. Not enough room to put the PANDA active scan log on here, i will post if you need it. Thanks
Hijack this log:
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\dlcxcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Ryan\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = http://localhost;
O2 - BHO: (no name) - {0119DCFD-9735-44AB-BA64-DACFB16E9E75} - c:\windows\system32\bmnabmn.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09DD6B91-4E69-493A-8410-F3EA34DFB322} - c:\windows\system32\bmnabmn.dll
O2 - BHO: (no name) - {0D955C2E-269F-4C36-8BA8-2682E72B9B0A} - c:\windows\system32\bmnabmn.dll
O2 - BHO: (no name) - {11DB21A2-22E2-42E3-9E6A-80FC7A7B57A4} - C:\WINDOWS\System32\CREDU.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {94C33BE4-8A7F-4418-95B8-B17265515CB7} - c:\windows\system32\bmnabmn.dll
O2 - BHO: (no name) - {97087632-45CE-470A-A78E-0847F5F73179} - c:\windows\system32\bmnabmn.dll
O2 - BHO: (no name) - {EF72F2F0-625E-411C-8C84-4EE5A0AAD93B} - c:\windows\system32\bmnabmn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {5E92F538-B50B-46c5-9C5F-C6EECED3F6C6} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1188748624953
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ucclrezb - C:\WINDOWS\SYSTEM32\bmnabmn.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: dlcx_device - - C:\WINDOWS\System32\dlcxcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
I can't install windows service pack 2, It says my computer is to "unstable".
Nor can i install windows updates.
Also browser hijacking (search-daily.com) Only when i search from google. And pop-ups
I have ran ad-aware and spybot and Panda active scan. Not enough room to put the PANDA active scan log on here, i will post if you need it. Thanks
Hijack this log:
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\dlcxcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Ryan\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = http://localhost;
O2 - BHO: (no name) - {0119DCFD-9735-44AB-BA64-DACFB16E9E75} - c:\windows\system32\bmnabmn.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09DD6B91-4E69-493A-8410-F3EA34DFB322} - c:\windows\system32\bmnabmn.dll
O2 - BHO: (no name) - {0D955C2E-269F-4C36-8BA8-2682E72B9B0A} - c:\windows\system32\bmnabmn.dll
O2 - BHO: (no name) - {11DB21A2-22E2-42E3-9E6A-80FC7A7B57A4} - C:\WINDOWS\System32\CREDU.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {94C33BE4-8A7F-4418-95B8-B17265515CB7} - c:\windows\system32\bmnabmn.dll
O2 - BHO: (no name) - {97087632-45CE-470A-A78E-0847F5F73179} - c:\windows\system32\bmnabmn.dll
O2 - BHO: (no name) - {EF72F2F0-625E-411C-8C84-4EE5A0AAD93B} - c:\windows\system32\bmnabmn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {5E92F538-B50B-46c5-9C5F-C6EECED3F6C6} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1188748624953
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ucclrezb - C:\WINDOWS\SYSTEM32\bmnabmn.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: dlcx_device - - C:\WINDOWS\System32\dlcxcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
0
Comments
My name is Rahina Rescue and i will be helping you here.
( 1 )
Please download Combofix to your desktop.
- Double click on Combofix.exe & follow the prompts.
- When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall( 2 )
More information with a screenshot, can be found Here.
Please post Combofix.txt & Uninstall list in your next reply.
Thanks
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.326 [GMT -5:00]
Running from: C:\Documents and Settings\Ryan\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Colleen\Application Data\Sys6171f.DLL
C:\WINDOWS\system32\bmnabmn.dll
C:\WINDOWS\system32\cfg.dat
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\drivers\pmjyqgnl.sys
C:\WINDOWS\system32\drivers\qlsjddjr.sys
.
((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 )))))))))))))))))))))))))))))))
.
2007-11-27 13:46 <DIR> d
C:\Documents and Settings\Rick\Shared
2007-11-27 13:46 <DIR> d
C:\Documents and Settings\Rick\Incomplete
2007-11-27 13:46 <DIR> d
C:\Documents and Settings\Rick\Application Data\LimeWire
2007-11-26 16:12 <DIR> d
C:\Documents and Settings\Administrator\DoctorWeb
2007-11-26 12:58 <DIR> d
C:\Program Files\SpywareBlaster
2007-11-12 14:24 <DIR> d
C:\Documents and Settings\Rick\Application Data\Apple Computer
2007-11-12 14:23 <DIR> d
C:\Program Files\iTunes
2007-11-12 14:23 <DIR> d
C:\Program Files\iPod
2007-11-12 14:21 <DIR> d
C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-12 14:18 <DIR> d
C:\Program Files\Apple Software Update
2007-11-12 14:18 <DIR> d
C:\Documents and Settings\All Users\Application Data\Apple
2007-11-06 14:05 <DIR> d
C:\Program Files\Steam
2007-11-04 10:32 <DIR> d---s---- C:\Documents and Settings\Johnny Braz\UserData
2007-11-01 14:15 <DIR> d
C:\Documents and Settings\Rick\Application Data\AdobeUM
2007-11-01 14:12 <DIR> d
C:\Program Files\DellSupport
2007-11-01 13:57 <DIR> d
C:\Documents and Settings\Rick\WINDOWS
2007-11-01 13:57 <DIR> d--h
C:\Documents and Settings\Rick\Application Data\Gtek
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 18:46
d
w C:\Program Files\LimeWire
2007-11-26 18:48
d
w C:\Program Files\AIM6
2007-11-15 17:00
d
w C:\Documents and Settings\Ryan\Application Data\AdobeUM
2007-11-12 19:22
d
w C:\Program Files\QuickTime
2007-11-01 19:13
d--h--w C:\Documents and Settings\Ryan\Application Data\Gtek
2007-11-01 19:13
d--h--w C:\Documents and Settings\Johnny Braz\Application Data\Gtek
2007-11-01 19:13
d--h--w C:\Documents and Settings\Debbie\Application Data\Gtek
2007-11-01 19:13
d--h--w C:\Documents and Settings\Colleen\Application Data\GTek
2007-11-01 19:13
d
w C:\Documents and Settings\Administrator\Application Data\Gtek
2007-10-29 17:48
d
w C:\Program Files\Viewpoint
2007-10-29 17:47
d
w C:\Documents and Settings\Ryan\Application Data\Viewpoint
2007-10-29 17:47
d
w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-29 17:46
d
w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-29 17:46
d
w C:\Documents and Settings\All Users\Application Data\AOL
2007-10-24 18:53
d
w C:\Program Files\Coupons
2007-10-24 14:39
d--h--w C:\Program Files\InstallShield Installation Information
2007-10-06 15:02
d
w C:\Documents and Settings\Ryan\Application Data\acccore
2007-10-01 20:15 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-10-01 20:15 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-29 20:00 60,968 ----a-w C:\Documents and Settings\Colleen\GoToAssistDownloadHelper.exe
2007-08-26 14:30 108,330 ----a-w C:\Documents and Settings\All Users\Application Data\firstlsp.reg.dat
2003-09-03 01:27 16,251,072 -c--a-w C:\Program Files\AdbeRdr60_enu_full.exe
2003-08-10 15:50 42,616 -c--a-w C:\Documents and Settings\Colleen\Application Data\GDIPFONTCACHEV1.DAT
2003-05-20 23:06 207,759 -c--a-w C:\Program Files\INSTALL.LOG
2005-10-25 16:58 200 --sh--r C:\WINDOWS\SYSTEM32\70oh.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
C:\Documents and Settings\Rick\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-09-17 09:19:14]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
backup=C:\WINDOWS\pss\Verizon Online Support Center.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Colleen^Start Menu^Programs^Startup^360Share On Startup.lnk]
path=C:\Documents and Settings\Colleen\Start Menu\Programs\Startup\360Share On Startup.lnk
backup=C:\WINDOWS\pss\360Share On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avserve.exe]
C:\WINDOWS\avserve.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
-
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
C:\Program Files\Common Files\CMEII\CMESys.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGStream]
C:\Program Files\DIGStream\digstream.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcxmon.exe]
2007-01-12 11:57 292336 --a
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
C:\Program Files\Dell PC Fax\fm3032.exe /s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSAK]
C:\WINDOWS\FSAK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-10-19 07:59 126976 --a
C:\WINDOWS\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-10-19 07:59 155648 --a
C:\WINDOWS\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Washer Pro]
C:\PROGRA~1\INTERN~2\iw.exe min
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightLAN 01]
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe -l
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01]
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 3100 Series]
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBRKsk]
C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
C:\Program Files\McAfee.com\Agent\mcagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
2006-11-03 17:04 304008 --a
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Update]
Microsoft.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb]
C:\Program Files\nCase\msbb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\stcloader]
C:\WINDOWS\System32\stcloader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 12:03 36975 --a
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updater]
C:\Program Files\Common files\updater\wupdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZDJ]
C:\WINDOWS\ZDJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WANMiniportService"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"navapsvc"=2 (0x2)
"LiveUpdate"=3 (0x3)
"ISSVC"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
R2 dlcx_device;dlcx_device;C:\WINDOWS\System32\dlcxcoms.exe -service
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
azwtjqsr
.
Contents of the 'Scheduled Tasks' folder
"2007-11-26 19:24:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-27 16:52:57
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-27 16:55:13 - machine was rebooted
.
--- E O F ---
Scan saved at 5:05:58 PM, on 11/27/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\dlcxcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {5E92F538-B50B-46c5-9C5F-C6EECED3F6C6} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188748624953
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: dlcx_device - - C:\WINDOWS\System32\dlcxcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 3725 bytes
Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0
Adobe Shockwave Player
AIM 6
AOL Instant Messenger
Apple Software Update
Broadcom Advanced Control Suite
ccCommon
Conexant SmartHSFi V92 56K DF PCI Modem
Counter-Strike: Source
Coupon Printer for Windows
Crash Analysis Tool
DAO
Data Access Objects (DAO) 3.5
Dell Picture Studio - Dell Image Expert
Dell Solution Center
DellConnect
DellSupport
Digital Line Detect
HijackThis 2.0.2
iTunes
J2SE Runtime Environment 5.0 Update 6
LimeWire 4.14.10
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft Office XP Professional with FrontPage
Modem Helper
MSRedist
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005
Paint Shop Pro 7
Panda ActiveScan
QuickTime
RealOne Player
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905495)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Shockwave
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Steam
SymNet
Update for Windows XP (KB835409)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Viewpoint Media Player
Visual IP InSight(Verizon Online)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888162
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB896688
Windows XP Hotfix - KB905915
Windows XP Hotfix - KB911567
Windows XP Hotfix - KB912812
Windows XP Hotfix - KB916281
Windows XP Hotfix - KB918439
Windows XP Hotfix - KB918899
Windows XP Hotfix - KB925486
Windows XP Service Pack 2
You even have sasser!
You also seem to have parts of Kazaa on yuor system. KAZAA is a file-sharing program which unfortunately being ad-based includes "Cy-door" adware. It should be removed.
( 1 )
Open notepad and copy/paste the text in the quotebox below into it: ( Please make sure you copy everything in the code box )
ave this as CFScript.txt
Refering to the picture above, drag CFScript.txt into ComboFix.exe
( 2 )
I see you have Viewpoint installed.
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
( 3 )
Download ATF-Cleaner by Atribune to your desktop.
Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
( 4 )
Perform an onlinescan with Housecall AND Panda active scan and let me know the results.
Post back a fresh HijackThis log & Scan logs.
ComboFix 07-11-19.4 - Ryan 2007-11-28 15:18:41.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.401 [GMT -5:00]
Running from: C:\Documents and Settings\Ryan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ryan\My Documents\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\avserve.exe
C:\WINDOWS\SYSTEM32\70oh.exe
C:\WINDOWS\System32\stcloader.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-1054744159.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-1257552095.712536053
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-1476482372.712535979
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-1550700062.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-1675323418.713836840
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-1744624506.713836803
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-1767541886.713836716
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-1792851963.712535981
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-685991849.712535954
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-708065856.713836749
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-732913299.712536002
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-763019087.713836937
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\-96559883.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\1461440338.712535953
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\1564877131.712535908
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\253621806.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\302664943.MTZ
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\371878822.MTZ
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\385814962.712536011
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\501688438.712536046
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00\URLCache.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-1041161462.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-1216699398.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-1581821703.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-167467785.712535921
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-1694093698.mtz
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-1735078747.713836821
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-2040853405.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-285791000.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-378119151.712535947
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-560823618.MTZ
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-583022627.712535910
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-787478019.712535915
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\-982355842.712536070
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\1176327029.713836865
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\1220223377.712535992
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\1247495568.712535999
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\1304666343.712536034
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\1402632407.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\346281577.713836896
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\512589962.712536028
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\570073743.713863076
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\768763562.712535994
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\860502393.712536026
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\925975223.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01\URLCache.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1140250495.713836908
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1149444489.712536068
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1219180738.713836830
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1270717649.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1438713594.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1610302144.712536009
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1651440994.712535931
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1694093755.mts
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1801392204.712535990
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1817435829.712536059
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-1819899927.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-2034384745.713836872
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-2108356295.712535989
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-243470204.712536022
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-297552394.mtz
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-300725744.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-41890203.712536041
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-582640680.712536049
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-668285516.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-72580264.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-742808589.MTZ
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\-764272172.712535942
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\1229517749.712535939
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\1385903037.713836769
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\143415706.712536017
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\1520622600.712535996
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\172992995.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\407034558.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\434599021.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\651392014.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02\URLCache.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1037005395.713836741
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1106322216.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1294591352.712536065
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1307685966.713836843
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1562887950.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1603077681.712535983
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1625577909.713836700
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1720476204.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1799102199.713836711
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1877319710.713836793
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-1926077123.712535997
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-583862537.712536063
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\-66919675.712536043
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\1071317150.713836906
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\119964245.713836888
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\1217203110.MTZ
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\1382942631.713836864
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\1385887584.713836838
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\1418335590.713836807
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\1669572585.712536032
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\1838517554.712536007
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\2021793278.712535944
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\244781898.MTZ
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\489659170.712536061
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\581741786.713836754
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\582067880.712535985
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\746857229.713836914
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\770800983.712535978
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\774278043.MTZ
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\879056853.712535933
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\932053967.712536014
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\980018594.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03\URLCache.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\UpdateVersionList_v2.mtx
C:\Documents and Settings\Ryan\Application Data\Viewpoint
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-1270515883.mtz
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-1680835254.mts
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-218263572.mts
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-42816612.mtz
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\1388801438.mts
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\1623302464.swf
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\2055798291.mts
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-1270515876.mts
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-1722395694.mts
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-335346866.mts
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\104742107.swf
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\1239598183.mts
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\1546040361.swf
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\1576010142.mts
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\1620929497.mts
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\323330166.mts
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\90303049.mts
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-1264052672.mts
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-1627562342.mts
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-710214622.mts
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\407034558.ini
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\810288011.mts
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-1485189499.mzv
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\102814677.mts
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\1764270662.swf
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\448101002.mts
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\868238237.mts
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini
C:\Documents and Settings\Ryan\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\UpdateVersionList_v2.mtx
C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Common\VistaBoot.sdll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0305001C.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\BlueStreak.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Mts2Reader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VETScriptInterpreter.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo2.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownLoadHist.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MTSDownloadSites.txt
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt
C:\WINDOWS\SYSTEM32\70oh.exe
.
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 )))))))))))))))))))))))))))))))
.
2007-11-27 17:05 <DIR> d
C:\Program Files\Trend Micro
2007-11-27 13:46 <DIR> d
C:\Documents and Settings\Rick\Shared
2007-11-27 13:46 <DIR> d
C:\Documents and Settings\Rick\Incomplete
2007-11-27 13:46 <DIR> d
C:\Documents and Settings\Rick\Application Data\LimeWire
2007-11-26 16:12 <DIR> d
C:\Documents and Settings\Administrator\DoctorWeb
2007-11-26 12:58 <DIR> d
C:\Program Files\SpywareBlaster
2007-11-12 14:24 <DIR> d
C:\Documents and Settings\Rick\Application Data\Apple Computer
2007-11-12 14:23 <DIR> d
C:\Program Files\iTunes
2007-11-12 14:23 <DIR> d
C:\Program Files\iPod
2007-11-12 14:21 <DIR> d
C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-12 14:18 <DIR> d
C:\Program Files\Apple Software Update
2007-11-12 14:18 <DIR> d
C:\Documents and Settings\All Users\Application Data\Apple
2007-11-06 14:05 <DIR> d
C:\Program Files\Steam
2007-11-04 10:32 <DIR> d---s---- C:\Documents and Settings\Johnny Braz\UserData
2007-11-01 14:15 <DIR> d
C:\Documents and Settings\Rick\Application Data\AdobeUM
2007-11-01 14:12 <DIR> d
C:\Program Files\DellSupport
2007-11-01 13:57 <DIR> d
C:\Documents and Settings\Rick\WINDOWS
2007-11-01 13:57 <DIR> d--h
C:\Documents and Settings\Rick\Application Data\Gtek
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 18:46
d
w C:\Program Files\LimeWire
2007-11-26 18:48
d
w C:\Program Files\AIM6
2007-11-15 17:00
d
w C:\Documents and Settings\Ryan\Application Data\AdobeUM
2007-11-12 19:22
d
w C:\Program Files\QuickTime
2007-11-01 19:13
d--h--w C:\Documents and Settings\Ryan\Application Data\Gtek
2007-11-01 19:13
d--h--w C:\Documents and Settings\Johnny Braz\Application Data\Gtek
2007-11-01 19:13
d--h--w C:\Documents and Settings\Debbie\Application Data\Gtek
2007-11-01 19:13
d--h--w C:\Documents and Settings\Colleen\Application Data\GTek
2007-11-01 19:13
d
w C:\Documents and Settings\Administrator\Application Data\Gtek
2007-10-29 17:46
d
w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-29 17:46
d
w C:\Documents and Settings\All Users\Application Data\AOL
2007-10-24 18:53
d
w C:\Program Files\Coupons
2007-10-24 14:39
d--h--w C:\Program Files\InstallShield Installation Information
2007-10-06 15:02
d
w C:\Documents and Settings\Ryan\Application Data\acccore
2007-10-01 20:15 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-10-01 20:15 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-29 20:00 60,968 ----a-w C:\Documents and Settings\Colleen\GoToAssistDownloadHelper.exe
2007-08-26 14:30 108,330 ----a-w C:\Documents and Settings\All Users\Application Data\firstlsp.reg.dat
2003-09-03 01:27 16,251,072 -c--a-w C:\Program Files\AdbeRdr60_enu_full.exe
2003-08-10 15:50 42,616 -c--a-w C:\Documents and Settings\Colleen\Application Data\GDIPFONTCACHEV1.DAT
2003-05-20 23:06 207,759 -c--a-w C:\Program Files\INSTALL.LOG
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
C:\Documents and Settings\Rick\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-09-17 09:19:14]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
backup=C:\WINDOWS\pss\Verizon Online Support Center.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Colleen^Start Menu^Programs^Startup^360Share On Startup.lnk]
path=C:\Documents and Settings\Colleen\Start Menu\Programs\Startup\360Share On Startup.lnk
backup=C:\WINDOWS\pss\360Share On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
-
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
C:\Program Files\Common Files\CMEII\CMESys.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGStream]
C:\Program Files\DIGStream\digstream.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcxmon.exe]
2007-01-12 11:57 292336 --a
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
C:\Program Files\Dell PC Fax\fm3032.exe /s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSAK]
C:\WINDOWS\FSAK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-10-19 07:59 126976 --a
C:\WINDOWS\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-10-19 07:59 155648 --a
C:\WINDOWS\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Washer Pro]
C:\PROGRA~1\INTERN~2\iw.exe min
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightLAN 01]
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe -l
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01]
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 3100 Series]
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBRKsk]
C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
C:\Program Files\McAfee.com\Agent\mcagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
2006-11-03 17:04 304008 --a
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb]
C:\Program Files\nCase\msbb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 12:03 36975 --a
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZDJ]
C:\WINDOWS\ZDJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WANMiniportService"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"navapsvc"=2 (0x2)
"LiveUpdate"=3 (0x3)
"ISSVC"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
R2 dlcx_device;dlcx_device;C:\WINDOWS\System32\dlcxcoms.exe -service
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
azwtjqsr
.
Contents of the 'Scheduled Tasks' folder
"2007-11-26 19:24:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 15:22:45
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-28 15:24:52 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-27 16:55
.
--- E O F ---
Incident Status Location
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Ryan\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Ryan\Desktop\ComboFix.exe[nircmd.cfexe]
Adware:Adware/AVSystemCare Not disinfected C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\bmnabmn.dll.vir
Hacktool:Generic Application Not disinfected C:\RECYCLER\S-1-5-21-867288073-2236735993-1011620452-1014\Dc58.exe
Adware:adware/dealhelper Not disinfected C:\WINDOWS\dhdomp1.bin
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
Adware:Adware/AVSystemCare Not disinfected C:\WINDOWS\SYSTEM32\CREDU.10
Adware:Adware/AVSystemCare Not disinfected C:\WINDOWS\SYSTEM32\CREDU.9
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:12:15 PM, on 11/28/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\dlcxcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {5E92F538-B50B-46c5-9C5F-C6EECED3F6C6} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188748624953
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: dlcx_device - - C:\WINDOWS\System32\dlcxcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
--
End of file - 3539 bytes
I notice that you do not seem to be running Antivirus software and a Firewall.
Download one of these:
Avira AVG OR Active Virus shield (uncheck the Security Toolbar during install) are good FREE antivirus.
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decrease the reliability of it seriously!
Comodo OR Kerio are FREE firewalls.
Perform a full scan with your Antivirus and let it remove anything it is finding. Then reboot once again.
( 2 )
Open notepad and copy/paste the text in the quotebox below into it: ( Please make sure you copy everything in the code box )
Save this as CFScript.txt
Refering to the picture above, drag CFScript.txt into ComboFix.exe
( 3 )
Please open HiJackThis and scan. Check the boxes next to all the entries listed below
O3 - Toolbar: (no name) - {5E92F538-B50B-46c5-9C5F-C6EECED3F6C6} - (no file)
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis
Please post Combofix.txt & Hijackthislogfile
How are things running now?
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.358 [GMT -5:00]
Running from: C:\Documents and Settings\Ryan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ryan\My Documents\CFScript.txt
* Created a new restore point
FILE
C:\RECYCLER\S-1-5-21-867288073-2236735993-1011620452-1014\Dc58.exe
C:\WINDOWS\dhdomp1.bin
C:\WINDOWS\NirCmd.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\qoobox\Quarantine
C:\RECYCLER\S-1-5-21-867288073-2236735993-1011620452-1014\Dc58.exe
C:\WINDOWS\dhdomp1.bin
C:\WINDOWS\NirCmd.exe
C:\WINDOWS\SYSTEM32\CREDU.10\
C:\WINDOWS\SYSTEM32\CREDU.9\
.
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))
.
2007-11-29 03:00 <DIR> d
C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-28 16:16 214,528 --a
C:\WINDOWS\SYSTEM32\dplayx.dll
2007-11-28 16:16 50,176 --a
C:\WINDOWS\SYSTEM32\dpwsockx.dll
2007-11-28 16:15 172,544 --a
C:\WINDOWS\SYSTEM32\schedsvc.dll
2007-11-28 16:11 38,400 --a
C:\WINDOWS\SYSTEM32\grpconv.exe
2007-11-28 15:31 <DIR> d
C:\Documents and Settings\Ryan\.housecall6.6
2007-11-27 17:05 <DIR> d
C:\Program Files\Trend Micro
2007-11-27 13:46 <DIR> d
C:\Documents and Settings\Rick\Shared
2007-11-27 13:46 <DIR> d
C:\Documents and Settings\Rick\Incomplete
2007-11-27 13:46 <DIR> d
C:\Documents and Settings\Rick\Application Data\LimeWire
2007-11-26 16:12 <DIR> d
C:\Documents and Settings\Administrator\DoctorWeb
2007-11-26 13:04 30,590 --a
C:\WINDOWS\SYSTEM32\pavas.ico
2007-11-26 13:04 1,406 --a
C:\WINDOWS\SYSTEM32\Help.ico
2007-11-26 12:58 <DIR> d
C:\Program Files\SpywareBlaster
2007-11-12 14:24 <DIR> d
C:\Documents and Settings\Rick\Application Data\Apple Computer
2007-11-12 14:23 <DIR> d
C:\Program Files\iTunes
2007-11-12 14:23 <DIR> d
C:\Program Files\iPod
2007-11-12 14:21 <DIR> d
C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-12 14:18 <DIR> d
C:\Program Files\Apple Software Update
2007-11-12 14:18 <DIR> d
C:\Documents and Settings\All Users\Application Data\Apple
2007-11-06 14:05 <DIR> d
C:\Program Files\Steam
2007-11-04 10:32 <DIR> d---s---- C:\Documents and Settings\Johnny Braz\UserData
2007-11-01 14:15 <DIR> d
C:\Documents and Settings\Rick\Application Data\AdobeUM
2007-11-01 14:12 <DIR> d
C:\Program Files\DellSupport
2007-11-01 13:57 <DIR> d
C:\Documents and Settings\Rick\WINDOWS
2007-11-01 13:57 <DIR> d--h
C:\Documents and Settings\Rick\Application Data\Gtek
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-28 21:37
d
w C:\Program Files\AIM6
2007-11-27 18:46
d
w C:\Program Files\LimeWire
2007-11-15 17:00
d
w C:\Documents and Settings\Ryan\Application Data\AdobeUM
2007-11-12 19:22
d
w C:\Program Files\QuickTime
2007-11-01 19:13
d--h--w C:\Documents and Settings\Ryan\Application Data\Gtek
2007-11-01 19:13
d--h--w C:\Documents and Settings\Johnny Braz\Application Data\Gtek
2007-11-01 19:13
d--h--w C:\Documents and Settings\Debbie\Application Data\Gtek
2007-11-01 19:13
d--h--w C:\Documents and Settings\Colleen\Application Data\GTek
2007-11-01 19:13
d
w C:\Documents and Settings\Administrator\Application Data\Gtek
2007-10-29 17:46
d
w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-29 17:46
d
w C:\Documents and Settings\All Users\Application Data\AOL
2007-10-24 18:53
d
w C:\Program Files\Coupons
2007-10-24 14:39
d--h--w C:\Program Files\InstallShield Installation Information
2007-10-06 15:02
d
w C:\Documents and Settings\Ryan\Application Data\acccore
2007-10-01 20:15 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-10-01 20:15 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-29 20:00 60,968 ----a-w C:\Documents and Settings\Colleen\GoToAssistDownloadHelper.exe
2007-08-26 14:30 108,330 ----a-w C:\Documents and Settings\All Users\Application Data\firstlsp.reg.dat
2003-09-03 01:27 16,251,072 -c--a-w C:\Program Files\AdbeRdr60_enu_full.exe
2003-08-10 15:50 42,616 -c--a-w C:\Documents and Settings\Colleen\Application Data\GDIPFONTCACHEV1.DAT
2003-05-20 23:06 207,759 -c--a-w C:\Program Files\INSTALL.LOG
.
((((((((((((((((((((((((((((( [EMAIL="snapshot@2007-11-27_16.54.28.26"]snapshot@2007-11-27_16.54.28.26[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
.
- 2005-05-04 19:33:52 1,077,312 -c----w C:\WINDOWS\Help\SBSI\Training\orun32.exe
+ 2006-08-21 20:57:14 1,077,321
w C:\WINDOWS\Help\SBSI\Training\orun32.exe
- 2004-03-30 01:34:15 741,376 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe
+ 2004-04-14 22:50:06 740,864 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe
- 2002-08-29 10:00:00 8,704 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\hscupd.exe
+ 2004-04-11 00:53:14 16,384 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\hscupd.exe
- 2007-10-15 20:50:48 4,484 ----a-w C:\WINDOWS\PCHealth\HelpCtr\PackageStore\SkuStore.bin
+ 2007-11-28 21:17:50 17,654 ----a-w C:\WINDOWS\PCHealth\HelpCtr\PackageStore\SkuStore.bin
- 2002-08-29 10:00:00 44,032 ----a-w C:\WINDOWS\SYSTEM32\basesrv.dll
+ 2004-06-17 17:58:35 47,616 ----a-w C:\WINDOWS\SYSTEM32\basesrv.dll
- 2002-08-29 10:00:00 8,192 ----a-w C:\WINDOWS\SYSTEM32\Com\comrepl.exe
+ 2004-02-17 18:49:58 8,192 ----a-w C:\WINDOWS\SYSTEM32\Com\comrepl.exe
- 2007-11-26 19:24:03 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2007-11-29 08:00:54 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
- 2007-11-26 19:24:03 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2007-11-29 08:00:54 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
- 2007-11-26 19:24:03 49,152 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
+ 2007-11-29 08:00:54 49,152 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
- 2002-08-29 10:00:00 8,192 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\comrepl.exe
+ 2004-02-17 18:49:58 8,192 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\comrepl.exe
- 2002-08-29 10:00:00 92,160 ----a-w C:\WINDOWS\SYSTEM32\krnl386.exe
+ 2004-05-17 22:48:03 92,224 ----a-w C:\WINDOWS\SYSTEM32\krnl386.exe
- 2007-04-24 15:32:06 1,485,696
w C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
+ 2007-10-11 19:12:48 1,468,968 ----a-w C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
- 2002-08-29 10:00:00 250,368 ----a-w C:\WINDOWS\SYSTEM32\mstask.dll
+ 2004-06-08 22:02:21 260,096 ----a-w C:\WINDOWS\SYSTEM32\mstask.dll
- 2002-08-29 10:00:00 9,728 ----a-w C:\WINDOWS\SYSTEM32\mstinit.exe
+ 2004-06-08 19:59:23 10,752 ----a-w C:\WINDOWS\SYSTEM32\mstinit.exe
+ 2007-07-31 00:19:10 271,224 ----a-w C:\WINDOWS\SYSTEM32\mucltui.dll
- 2002-08-29 10:00:00 16,384 ----a-w C:\WINDOWS\SYSTEM32\nddenb32.dll
+ 2004-06-17 00:24:49 16,384 ----a-w C:\WINDOWS\SYSTEM32\nddenb32.dll
- 2002-08-29 10:00:00 105,984 ----a-w C:\WINDOWS\SYSTEM32\netdde.exe
+ 2004-06-16 18:32:52 107,008 ----a-w C:\WINDOWS\SYSTEM32\netdde.exe
- 2002-08-29 10:00:00 33,808 ----a-w C:\WINDOWS\SYSTEM32\ntio.sys
+ 2004-05-17 22:43:02 33,840 ----a-w C:\WINDOWS\SYSTEM32\ntio.sys
- 2002-08-29 10:00:00 34,528 ----a-w C:\WINDOWS\SYSTEM32\ntio404.sys
+ 2004-05-17 22:43:07 34,560 ----a-w C:\WINDOWS\SYSTEM32\ntio404.sys
- 2002-08-29 10:00:00 35,632 ----a-w C:\WINDOWS\SYSTEM32\ntio411.sys
+ 2004-05-17 22:43:04 35,648 ----a-w C:\WINDOWS\SYSTEM32\ntio411.sys
- 2002-08-29 10:00:00 35,392 ----a-w C:\WINDOWS\SYSTEM32\ntio412.sys
+ 2004-05-17 22:43:09 35,424 ----a-w C:\WINDOWS\SYSTEM32\ntio412.sys
- 2002-08-29 10:00:00 34,528 ----a-w C:\WINDOWS\SYSTEM32\ntio804.sys
+ 2004-05-17 22:43:06 34,560 ----a-w C:\WINDOWS\SYSTEM32\ntio804.sys
- 2002-08-29 10:00:00 395,776 ----a-w C:\WINDOWS\SYSTEM32\ntvdm.exe
+ 2004-06-12 01:14:34 396,288 ----a-w C:\WINDOWS\SYSTEM32\ntvdm.exe
- 2002-08-29 10:00:00 13,312 ----a-w C:\WINDOWS\SYSTEM32\NTVDMD.DLL
+ 2004-06-17 17:58:35 13,312 ----a-w C:\WINDOWS\SYSTEM32\ntvdmd.dll
- 2006-11-17 20:14:30 14,640
w C:\WINDOWS\SYSTEM32\spmsg.dll
+ 2007-10-08 19:46:18 14,640
w C:\WINDOWS\SYSTEM32\spmsg.dll
- 2005-06-28 14:21:34 22,752 ----a-w C:\WINDOWS\SYSTEM32\spupdsvc.exe
+ 2005-06-28 15:21:34 22,752 ----a-w C:\WINDOWS\SYSTEM32\spupdsvc.exe
- 2002-08-29 10:00:00 24,064 ----a-w C:\WINDOWS\SYSTEM32\vdmdbg.dll
+ 2004-06-17 17:58:35 23,040 ----a-w C:\WINDOWS\SYSTEM32\vdmdbg.dll
- 2002-08-29 10:00:00 516,608 ----a-w C:\WINDOWS\SYSTEM32\winlogon.exe
+ 2004-05-27 01:38:46 483,328 ----a-w C:\WINDOWS\SYSTEM32\winlogon.exe
- 2002-08-29 10:00:00 247,808 ----a-w C:\WINDOWS\SYSTEM32\wow32.dll
+ 2004-06-04 00:43:01 245,760 ----a-w C:\WINDOWS\SYSTEM32\wow32.dll
- 2003-10-14 06:50:15 26,112 ----a-w C:\WINDOWS\SYSTEM32\xpsp1hfm.exe
+ 2004-04-10 19:24:43 26,112 ----a-w C:\WINDOWS\SYSTEM32\xpsp1hfm.exe
- 2002-09-25 20:18:58 316,928 ----a-w C:\WINDOWS\SYSTEM32\zipfldr.dll
+ 2004-08-21 07:54:17 316,928 ----a-w C:\WINDOWS\SYSTEM32\zipfldr.dll
+ 2004-08-20 20:01:14 921,600 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1579_x-ww_7bbf8d08\comctl32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
C:\Documents and Settings\Rick\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-09-17 09:19:14]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
backup=C:\WINDOWS\pss\Verizon Online Support Center.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Colleen^Start Menu^Programs^Startup^360Share On Startup.lnk]
path=C:\Documents and Settings\Colleen\Start Menu\Programs\Startup\360Share On Startup.lnk
backup=C:\WINDOWS\pss\360Share On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
-
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
C:\Program Files\Common Files\CMEII\CMESys.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGStream]
C:\Program Files\DIGStream\digstream.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcxmon.exe]
2007-01-12 11:57 292336 --a
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
C:\Program Files\Dell PC Fax\fm3032.exe /s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSAK]
C:\WINDOWS\FSAK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-10-19 07:59 126976 --a
C:\WINDOWS\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-10-19 07:59 155648 --a
C:\WINDOWS\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Washer Pro]
C:\PROGRA~1\INTERN~2\iw.exe min
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightLAN 01]
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe -l
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01]
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 3100 Series]
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBRKsk]
C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
C:\Program Files\McAfee.com\Agent\mcagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
2006-11-03 17:04 304008 --a
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb]
C:\Program Files\nCase\msbb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 12:03 36975 --a
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZDJ]
C:\WINDOWS\ZDJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WANMiniportService"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"navapsvc"=2 (0x2)
"LiveUpdate"=3 (0x3)
"ISSVC"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
R2 dlcx_device;dlcx_device;C:\WINDOWS\System32\dlcxcoms.exe -service
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
azwtjqsr
.
Contents of the 'Scheduled Tasks' folder
"2007-11-26 19:24:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 16:26:25
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-29 16:28:56 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-28 15:24
C:\ComboFix3.txt ... 2007-11-27 16:55
.
--- E O F ---
Also, i do need a firewall. I tried downloading Comodo, but it said i need Service Pack 2, My computer won't let me download service pack 2, I get an error message saying "my computer is to unstable". But i havent tried lately. And Kerio said i had to download something else to get it for free, didnt know if i should do that or not. Any other suggestions?
Things seem to be running better, no BSOD lately.
Scan saved at 4:41:04 PM, on 11/29/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\System32\dlcxcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188748624953
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: dlcx_device - - C:\WINDOWS\System32\dlcxcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 3274 bytes
They are both Spyware Cleaners. You must have misunderstood that somewhere
You really nead to download a Antivirus Program and a good firewall.
Do as i say and your computer will stay healthy. I have posted which Antivirus programs are suggested to install and the same thing with firewalls so go ahead and install one of each!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:58 PM, on 11/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\System32\dlcxcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188748624953
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: dlcx_device - - C:\WINDOWS\System32\dlcxcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 4741 bytes
I would like to see a report from Panda now:
Perform an online scan with Internet Explorer with Panda online scanner
1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
2. Click Scan Now
3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
* If it finds any malware, it will offer you a report.
* Click on see report. Then click Save report
Post the contents of the report in your next reply
*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan.
Please attach the logfile in your next reply.
Thank you