Options
Problems with Desktop PC
Hi there,
I need some help with my other computer too. This computer is older and I would like to check it thoroughly for malware/spyware and viruses but I am having a couple of problems too.
Thank you in advance.
I need some help with my other computer too. This computer is older and I would like to check it thoroughly for malware/spyware and viruses but I am having a couple of problems too.
- I can put a picture on my background and not long after that, the screen is white and the "Active Desktop Recovery" message is showing. This began some time ago and eventually turned into the infamous Blue Screen and I couldn't boot up except in safe mode. So I took it to a computer repair place and they said that a new NVidia card should fix the problem. They installed it and when I got home and turned my computer on, I had an error box saying "c:\windows\system32\bridge.dll The specified module could not be found." And ever since then when I reboot or start up, I get that message and have to x out of it before I can do anything.
- The other issue with this pc is that it is just really slow to come up and loading my msn mail takes forever.
Thank you in advance.
0
Comments
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:32 PM, on 8/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\system32\lxdfcoms.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\RegCure\RegCure.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchFilter.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50019
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1;<local>
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [lxdfmon.exe] "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"
O4 - HKLM\..\Run: [lxdfamon] "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"
O4 - HKLM\..\Run: [Lexmark 6500 Series Fax Server] "C:\Program Files\Lexmark 6500 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1864354185-1134862362-1203745406-500\..\Run: [Sonic RecordNow!] (User 'Administrator')
O4 - HKUS\S-1-5-21-1864354185-1134862362-1203745406-500\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Administrator')
O4 - HKUS\S-1-5-21-1864354185-1134862362-1203745406-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - S-1-5-21-1864354185-1134862362-1203745406-500 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Administrator')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: View All Originals On Page - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O8 - Extra context menu item: View Original Image - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteAccess/ie/Bridge-c139.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/registration/3_0_0_786/sdcregie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://directv.direcway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe
O23 - Service: lxdf_device - - C:\WINDOWS\system32\lxdfcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 13576 bytes
ABBYY FineReader 5.0 Sprint Plus
ABBYY FineReader 6.0 Sprint
Ad-aware 6 Personal
Adobe Acrobat 4.0
AnswerWorks 5.0 English Runtime
AppCore
ArcSoft Software Suite
Backup
BBC Walking with Dinosaurs
BCM V.92 56K Modem
Big Action Garage
Caillou(R) Magic Playhouse(TM)
ccCommon
CCScore
DAO
DealHelper
Dell Digital Jukebox Driver
Dell Media Experience
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support Center
DellSupport
Dora Lost City
DS21Patch
DVD Decrypter (Remove Only)
DVD Shrink 3.1.7
DVDSentry
EarthLink Setup Files
EPSON Printer Software
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
ESSvpaht
ESSvpot
Favorite Places
Finding Nemo: Nemo's Underwater World of Fun Special Edition
GearDrvs
HijackThis 2.0.2
HLPIndex
HLPSFO
Hotfix for Windows Internet Explorer 7 (KB947864)
ImageMixer for Sony
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
Java 2 Runtime Environment, SE v1.4.2
JumpStart Animal Adventures
JumpStart Art for Fun
KSU
Learn2 Player (Uninstall Only)
Lexmark 6500 Series
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Macromedia Shockwave Player
MagicDisc 2.5.79
MathPlayer
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft ActiveSync 3.7
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Office Outlook Connector for MSN
Microsoft Outlook 2002
Microsoft Picture It! Express 9
Microsoft Picture It! Library 9
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
MicroStaff WINASPI
Minigolf Space
Modem Helper
Mozilla Firefox (2.0.0.14)
MSN
MSN Encarta Plus Support Files
MSN Search Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Musicmatch® Jukebox
My Wal-Mart Digital Photo Center
Noah's Ark Activity Center
Norton 360
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
Notifier
NVIDIA Drivers
OfotoXMI
OTtBP
OTtBPSDK
Paint Shop Pro 7
PANTECH PC USB Modem Software
Pocket Solitaire
Pocket Wordquake
PowerDVD
Quicken 2008
QuickTime
RealOne Player
RegCure 1.5.0.1
Rescue Heroes(TM) Tremor Trouble
ScanToWeb
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
SFR
SFR2
SHASTA
Shockwave
SKIN0001
SKINXSDK
Smart Link 56K V.90 Voice Modem
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sony USB Driver
SPBBC 32bit
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
The Land Before Time Kindergarten Adventure
The Print Shop 20
Thomas & Friends - Trouble on the Tracks
Tonka Search and Rescue
Uninstall TONKA Monster Trucks
Update for Windows XP (KB951978)
Viewpoint Media Player
Vital Snake
VPRINTOL
VZAccess Manager
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR archiver
WIRELESS
WordPerfect Office 11
Yahoo! Toolbar
Please do the following...
1. Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50019
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
- Close ALL open windows (especially Internet Explorer!)
- Click Fix Checked
Close HiajckThis
2. Run HijackThis and click on Open the Misc Tools section.
Click on Delete a file on reboot...
Copy and paste the following into the "File name:" text box and then click Open:
C:\WINDOWS\System32\bridge.dll
When you are asked "Do you want to restart your computer now?", click OK.
Your PC MUST reboot to delete the file!
3. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
4. Download the latest version of Adobe Reader
5. Please post a new HijackThis log.
Scan saved at 11:24:13 PM, on 8/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\system32\lxdfcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1;<local>
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [lxdfmon.exe] "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"
O4 - HKLM\..\Run: [lxdfamon] "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"
O4 - HKLM\..\Run: [Lexmark 6500 Series Fax Server] "C:\Program Files\Lexmark 6500 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: View All Originals On Page - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O8 - Extra context menu item: View Original Image - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteAccess/ie/Bridge-c139.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/registration/3_0_0_786/sdcregie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://directv.direcway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe
O23 - Service: lxdf_device - - C:\WINDOWS\system32\lxdfcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 12383 bytes
The problem regarding bridge.dll should be gone. Let me know.
The issue about slow boot-up can be resolved by disabling unnecessary programs that load during boot-up.
- Click Start > Run > type: msconfig > press OK
- Select the Startup tab
- From here, you can uncheck everything (or what you want) but do not uncheck Norton.
- Then, click Apply > Close and Restart.
Let me know if you need further help with this or if this helped with the boot-up process.Do you think that my computer is fairly clean from adware/malware/spyware? Can we run the scans that we ran on my laptop to make sure there are no infections?
Also, I'm still having a problem with my Active Desktop background picture(s) staying on there. It seems to still be going to the Active Desktop Recovery and when I click on Restore Active Desktop, I get a message saying that there is a script error on this page and do I want to continue loading it. Whether I click yes or no, it does not restore my Desktop pic.
Thank you!
We'll run some extra scans and see what comes up...
1. Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
This program is for XP and Windows 2000 only!
- Double-click ATF Cleaner.exe to open it.
- Under Main select the following:
- Windows Temp
- Current User Temp
- All Users Temp
- Temporary Internet Files
- Java Cache
*The other boxes are optional*Then click the Empty Selected button.
Click Exit on the Main menu to close the program.
2. Please download Malwarebytes' Anti-Malware to your desktop.
3. Please do an online scan with Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
Extended (if available otherwise Standard)
Scan Archives
Scan Mail Bases
[*]Click OK
[*]Now under select a target to scan:
Select
My Computer[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.
- Now click on the Save Report As button:
- Change Save as type: to Text file
- Save this as Kaspersky scan to your Desktop
[*]Post the Kaspersky report in your next reply.4. Please post the following...
MalwareBytes log
Kaspersky report
New HijackThis log
Malwarebytes' Anti-Malware 1.24
Database version: 1054
Windows 5.1.2600 Service Pack 3
2:57:54 PM 8/15/2008
mbam-log-8-15-2008 (14-57-54).txt
Scan type: Full Scan (C:\|)
Objects scanned: 161160
Time elapsed: 2 hour(s), 17 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Shannon Hobbs\Application Data\tvmknwrd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, August 15, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, August 15, 2008 16:37:47
Records in database: 1095732
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
H:\
I:\
Scan statistics:
Files scanned: 136197
Threat name: 7
Infected objects: 11
Suspicious objects: 18
Duration of the scan: 03:56:50
File name / Threat name / Threats count
C:\Documents and Settings\Administrator.OFFICE.002\Desktop\Norton 360 + keygen\nis2007v102030.iso Infected: Trojan.Win32.Pakes.ry 1
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\IM\Identities\{4AE78B5C-8998-4E6B-B241-104E11B8B54E}\Message Store\Ebay - Paypal.imm Suspicious: Trojan-Spy.HTML.Fraud.gen 6
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\IM\Identities\{4AE78B5C-8998-4E6B-B241-104E11B8B54E}\Message Store\Inbox.imm Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x3000521.000 Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x300052d.000 Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x300072f.001 Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x3000765.000 Infected: Trojan-Spy.HTML.Bayfraud.ib 1
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x3000766.000 Infected: Trojan-Spy.HTML.Bayfraud.ib 1
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x300076e.001 Infected: Trojan-Spy.HTML.Bayfraud.ib 1
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x30007c7.000 Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x3000821.000 Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x30009d3.000 Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x30009ed.000 Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x3000a10.001 Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x3000a24.000 Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\shannon_e-msn-com.1567 Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\shannon_e-msn-com.157b Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\shannon_e-msn-com.1586 Infected: Trojan-Spy.HTML.Bayfraud.jk 1
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\shannon_e-msn-com.800 Infected: Trojan-Spy.HTML.Bayfraud.ib 1
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\shannon_e-msn-com.801 Infected: Trojan-Spy.HTML.Bayfraud.ib 1
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\shannon_e-msn-com.807 Infected: Trojan-Spy.HTML.Bayfraud.ib 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1707\A0203094.dll Infected: not-a-virus:AdWare.Win32.ClientMan 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1707\A0203095.exe Infected: Trojan.Win32.Small.i 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1707\A0203096.dll Infected: not-a-virus:AdWare.Win32.WebSearch.c 1
The selected area was scanned.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:02:21 PM, on 8/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\system32\lxdfcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Shannon Hobbs\Local Settings\Temp\jkos-Shannon Hobbs\binaries\ScanningProcess.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1;<local>
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [lxdfmon.exe] "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"
O4 - HKLM\..\Run: [lxdfamon] "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"
O4 - HKLM\..\Run: [Lexmark 6500 Series Fax Server] "C:\Program Files\Lexmark 6500 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1864354185-1134862362-1203745406-500\..\Run: [Sonic RecordNow!] (User 'Administrator')
O4 - HKUS\S-1-5-21-1864354185-1134862362-1203745406-500\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Administrator')
O4 - HKUS\S-1-5-21-1864354185-1134862362-1203745406-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - S-1-5-21-1864354185-1134862362-1203745406-500 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Administrator')
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: View All Originals On Page - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O8 - Extra context menu item: View Original Image - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteAccess/ie/Bridge-c139.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/registration/3_0_0_786/sdcregie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://directv.direcway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe
O23 - Service: lxdf_device - - C:\WINDOWS\system32\lxdfcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 13162 bytes
You have a keygen on the computer that is used to crack Norton. We do not help people who have cracks or keygens of any sort on their computer because these files are always infected. However, if you want my help to continue, you will need delete the Keygen...
- Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
- Return to OTMoveIt2, right click in the "Paste Custom List Of Files/Patterns To Move" window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.As with the other thread, you have the same infected email files. If you want to remove them, then add them to OTMoveIt2 following the same procedure above... Post the OTMoveIt2 log back here.
C:\Documents and Settings\Administrator.OFFICE.002\Desktop\Norton 360 + keygen\nis2007v102030.iso moved successfully.
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\IM\Identities\{4AE78B5C-8998-4E6B-B241-104E11B8B54E}\Message Store\Ebay - Paypal.imm moved successfully.
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\IM\Identities\{4AE78B5C-8998-4E6B-B241-104E11B8B54E}\Message Store\Inbox.imm moved successfully.
< C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x3000521.000 >
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x3000521.000 moved successfully.
< C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x300052d.000 >
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x300052d.000 moved successfully.
< C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x300072f.001 >
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x300072f.001 moved successfully.
< C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x3000765.000 >
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x3000765.000 moved successfully.
< C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x3000766.000 >
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x3000766.000 moved successfully.
< C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x300076e.001 >
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x300076e.001 moved successfully.
< C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x30007c7.000 >
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x30007c7.000 moved successfully.
< C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x3000821.000 >
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x3000821.000 moved successfully.
< C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x30009d3.000 >
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x30009d3.000 moved successfully.
< C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x30009ed.000 >
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x30009ed.000 moved successfully.
< C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x3000a10.001 >
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x3000a10.001 moved successfully.
< C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x3000a24.000 >
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\Mail (shannon_e@msn.com)\stm0x3000a24.000 moved successfully.
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\shannon_e-msn-com.1567 moved successfully.
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\shannon_e-msn-com.157b moved successfully.
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\shannon_e-msn-com.1586 moved successfully.
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\shannon_e-msn-com.800 moved successfully.
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\shannon_e-msn-com.801 moved successfully.
C:\Documents and Settings\Shannon Hobbs\Local Settings\Application Data\Microsoft\MSN\db\shannon_e-msn-com.807 moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08162008_122511
Please visit this webpage for download links, and instructions for running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New HijackThis log.
Please visit this webpage for download links, and instructions for running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New HijackThis log.
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.147 [GMT -5:00]
Running from: C:\Documents and Settings\Shannon Hobbs\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Shannon Hobbs\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\REGOBJ.DLL
.
((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 )))))))))))))))))))))))))))))))
.
2008-08-16 12:25 . 2008-08-16 12:25 <DIR> d
C:\_OTMoveIt
2008-08-15 11:58 . 2008-08-15 11:58 <DIR> d
C:\Program Files\Malwarebytes' Anti-Malware
2008-08-15 11:58 . 2008-08-15 11:58 <DIR> d
C:\Documents and Settings\Shannon Hobbs\Application Data\Malwarebytes
2008-08-15 11:58 . 2008-08-15 11:58 <DIR> d
C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-15 11:58 . 2008-07-30 20:07 38,472 --a
C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-08-15 11:58 . 2008-07-30 20:07 17,144 --a
C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-08-14 23:14 . 2008-06-10 02:32 73,728 --a
C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-08-14 23:12 . 2008-08-14 23:14 <DIR> d
C:\Program Files\Java
2008-08-14 23:12 . 2008-08-14 23:12 <DIR> d
C:\Program Files\Common Files\Java
2008-08-14 16:06 . 2008-08-14 16:06 <DIR> d
C:\Program Files\Common Files\Adobe AIR
2008-08-14 15:55 . 2008-08-14 23:00 <DIR> d
C:\Program Files\NOS
2008-08-14 15:55 . 2008-08-14 23:00 <DIR> d
C:\Documents and Settings\All Users\Application Data\NOS
2008-08-13 18:44 . 2008-05-01 09:33 331,776
C:\WINDOWS\SYSTEM32\DLLCACHE\msadce.dll
2008-08-13 18:39 . 2008-04-11 14:04 691,712
C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
2008-08-13 12:18 . 2008-08-13 12:18 <DIR> d
C:\Program Files\Trend Micro
2008-08-07 17:33 . 2008-08-07 17:33 <DIR> d
C:\WINDOWS\SYSTEM32\N360_BACKUP
2008-08-07 13:40 . 2008-08-07 14:46 <DIR> d
C:\Program Files\RegCure
2008-08-04 17:51 . 2008-08-04 17:51 <DIR> d
C:\Program Files\Windows Sidebar
2008-08-04 17:50 . 2008-08-07 12:31 <DIR> d
C:\Program Files\Norton 360
2008-08-04 16:46 . 2008-08-04 16:46 <DIR> d
C:\WINDOWS\SYSTEM32\scripting
2008-08-04 16:46 . 2008-08-04 16:46 <DIR> d
C:\WINDOWS\SYSTEM32\en
2008-08-04 16:46 . 2008-08-04 16:46 <DIR> d
C:\WINDOWS\l2schemas
2008-08-04 16:25 . 2008-04-13 19:12 1,306,624
C:\WINDOWS\SYSTEM32\msxml6.dll
2008-08-04 16:24 . 2008-04-13 19:11 233,472
C:\WINDOWS\SYSTEM32\azroles.dll
2008-08-04 16:24 . 2008-04-13 19:11 136,192
C:\WINDOWS\SYSTEM32\aaclient.dll
2008-08-04 16:24 . 2008-04-13 19:11 48,640
C:\WINDOWS\SYSTEM32\dhcpqec.dll
2008-08-04 16:24 . 2008-04-13 19:11 39,936
C:\WINDOWS\SYSTEM32\dimsroam.dll
2008-08-04 16:24 . 2008-04-13 19:11 19,456
C:\WINDOWS\SYSTEM32\dimsntfy.dll
2008-08-04 16:24 . 2008-04-13 19:11 12,800
C:\WINDOWS\SYSTEM32\credssp.dll
2008-08-04 16:24 . 2008-04-13 19:11 7,168
C:\WINDOWS\SYSTEM32\bitsprx4.dll
2008-07-31 18:23 . 2008-07-31 18:23 54,156 --ah
C:\WINDOWS\QTFont.qfn
2008-07-31 18:23 . 2008-07-31 18:23 1,409 --a
C:\WINDOWS\SYSTEM32\tmp5DF9B.FOT
2008-07-31 18:23 . 2008-07-31 18:23 1,409 --a
C:\WINDOWS\QTFont.for
2008-07-31 16:12 . 2008-06-13 06:05 272,128
C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-07-31 16:02 . 2008-05-08 09:02 203,136
C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 19:00
d
w C:\Program Files\Common Files\Symantec Shared
2008-08-14 21:03
d
w C:\Program Files\Common Files\Adobe
2008-08-07 19:28
d
w C:\Documents and Settings\Shannon Hobbs\Application Data\MSN6
2008-08-04 23:53
d
w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-04 23:38 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-08-04 23:38 60,800 ----a-w C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2008-08-04 23:38 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-08-04 23:38 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-08-04 23:38
d
w C:\Program Files\Symantec
2008-08-04 22:36
d
w C:\Documents and Settings\Shannon Hobbs\Application Data\Symantec
2008-08-04 22:03
d
w C:\Program Files\MSN Messenger
2008-07-30 22:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 22:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 22:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:26 253,952
w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-24 16:43 74,240
w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
2008-06-24 15:57 3,592,192
w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-06-23 09:20 70,656
w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-06-23 09:20 625,664
w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-06-23 09:20 13,824
w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-06-21 05:23 161,792
w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:46 245,248
w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:46 147,968
w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:51 361,600
w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:40 138,496
w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 11:08 225,856
w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-13 19:45 579,464 ----a-w C:\WINDOWS\SYSTEM32\SymNeti.dll
2008-06-13 19:45 207,240 ----a-w C:\WINDOWS\SYSTEM32\SymRedir.dll
2006-03-21 23:07 3,584 -csha-w C:\Program Files\Common Files\Thumbs.db
2005-01-30 23:31 269 -c--a-w C:\Documents and Settings\Shannon Hobbs\TCleanup.bat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 03:34 576352 --a
C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 03:34 576352 --a
C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 03:34 576352 --a
C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe" [2005-07-07 15:43 192512]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 12:09 460784]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 11:27 28672]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 02:04 114741]
"lxdfmon.exe"="C:\Program Files\Lexmark 6500 Series\lxdfmon.exe" [2007-06-11 08:53 455600]
"lxdfamon"="C:\Program Files\Lexmark 6500 Series\lxdfamon.exe" [2007-06-01 03:06 20480]
"Lexmark 6500 Series Fax Server"="C:\Program Files\Lexmark 6500 Series\fm3032.exe" [2007-06-11 08:56 308144]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 14:37 51048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-11-20 11:09 151597]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 09:50 988512]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\SYSTEM32\nwiz.exe]
"BCMSMMSG"="BCMSMMSG.exe" [2003-06-02 06:00 122880 C:\WINDOWS\BCMSMMSG.exe]
C:\Documents and Settings\Administrator.OFFICE.002\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-12-05 14:56:53 557568]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe [2005-09-20 18:10:04 238080]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
backup=C:\WINDOWS\pss\Billminder.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eBay Toolbar.LNK]
backup=C:\WINDOWS\pss\eBay Toolbar.LNKCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Stormer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webrebates
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebSavingsfromEbates]
javaw -cp C:\Program Files\WebSavingsfromEbates\System\Code Main lp: [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a
2007-11-15 10:23 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a
2007-11-15 10:24 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX6400]
--a
2003-06-02 22:00 99840 C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_S4I2L1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a
2003-09-13 22:36 50688 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a
2005-03-15 08:58 53248 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a
2005-03-15 08:58 135168 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
--a--c--- 2003-06-18 13:00 200704 C:\Program Files\Microsoft Money\System\mnyexpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a
2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
c--- 2003-08-26 20:47 204800 C:\Program Files\Dell\Media Experience\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a
2003-11-20 11:07 77824 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
--a--c--- 2003-02-13 02:01 155648 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a
2003-11-20 11:09 151597 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\SAGENT4.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\SYSTEM32\\lxdfcoms.exe"=
"C:\\Program Files\\Lexmark 6500 Series\\lxdfamon.exe"=
"C:\\Program Files\\Lexmark 6500 Series\\frun.exe"=
"C:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"C:\\Program Files\\Lexmark 6500 Series\\lxdfmon.exe"=
"C:\\WINDOWS\\SYSTEM32\\lxdfcfg.exe"=
"C:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdfpswx.exe"=
"C:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdftime.exe"=
"C:\\Program Files\\Lexmark 6500 Series\\LXDFFax.exe"=
"C:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdfjswx.exe"=
"C:\\Program Files\\Lexmark 6500 Series\\Wireless\\lxdfwpss.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 14:37]
R2 lxdf_device;lxdf_device;C:\WINDOWS\system32\lxdfcoms.exe [2007-05-29 01:06]
S2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe [2007-05-29 01:06]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 17:42]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;C:\WINDOWS\system32\DRIVERS\PTDMBus.sys [2007-08-17 20:56]
S3 PTDMMdm;PANTECH USB Modem Drivers ;C:\WINDOWS\system32\DRIVERS\PTDMMdm.sys [2007-08-17 20:56]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;C:\WINDOWS\system32\DRIVERS\PTDMVsp.sys [2007-08-17 20:56]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;C:\WINDOWS\system32\DRIVERS\PTDMWWAN.sys [2007-08-17 20:56]
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2003-11-26 C:\WINDOWS\Tasks\ISP signup reminder 1.job
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE [2008-04-13 19:12]
2008-08-16 C:\WINDOWS\Tasks\RegCure Program Check.job
- C:\Program Files\RegCure\RegCure.exe [2008-04-21 16:21]
2008-08-14 C:\WINDOWS\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2008-04-21 16:21]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Sonic RecordNow! - (no file)
.
Supplementary Scan
.
FireFox -: Profile - C:\Documents and Settings\Shannon Hobbs\Application Data\Mozilla\Firefox\Profiles\0zl1p3qi.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.msn.com/
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 14:08:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2008-08-16 14:19:08
ComboFix-quarantined-files.txt 2008-08-16 19:18:05
Pre-Run: 33,297,403,904 bytes free
Post-Run: 33,418,006,528 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
249 --- E O F --- 2008-08-14 01:45:36
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:32:18 PM, on 8/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\lxdfcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1;<local>
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [lxdfmon.exe] "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"
O4 - HKLM\..\Run: [lxdfamon] "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"
O4 - HKLM\..\Run: [Lexmark 6500 Series Fax Server] "C:\Program Files\Lexmark 6500 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: View All Originals On Page - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O8 - Extra context menu item: View Original Image - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/registration/3_0_0_786/sdcregie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://directv.direcway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe
O23 - Service: lxdf_device - - C:\WINDOWS\system32\lxdfcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 11502 bytes
Please do the following...
1. OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
2. Let me know how the computer is running
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\\webrebates not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\\WebSavingsfromEbates >
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\\WebSavingsfromEbates not found.
C:\Program Files\WebSavingsfromEbates moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08172008_130655
Hi there,
My computer seems to be running pretty good now. My desktop background has been up for two days now and hasn't gone into recovery mode.
Let me know if I need to do anything else and a millions thanks...
Just one more thing to do...
1. Open Notepad!
Copy and Paste everything from the Quote box into Notepad:
Go to File > Save As
Save File name as Fix.reg
Change Save as Type to All Files and save the file to your desktop.
Close Notepad, and double-click Fix.reg on your Desktop. When it asks if you want to merge the info to the registry, hit YES/OK
2. Find and delete the following Folder in RED, if found.
C:\Program Files\WebSavingsfromEbates
Let me know when that is done please.
If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.
If you are not the user who started this thread, you must start your own Thread instead