dhtmlcore.dll

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

dhtmlcore.dll problems with anti virus and this dhtmlcore.dll

#1 jorie

Group: Member
Posts: 5
Joined: 21-January 08

Posted 21 January 2008 - 09:36 AM

My anti virus keeps saying found virus and it can't delete it, i tried to find the file and just delete it, but it won't let me. I ran this hijackthis and here it is.....Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\srvany.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: DHTML Support Dll - {DC242F50-B46A-4182-B377-64A795CFED9C} - C:\WINDOWS\system32\dhtmlcore.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows - Unknown owner - C:\WINNT\srvany.exe

--
End of file - 7590 bytes

Here's my uninstall list:

2006 National Home Estimator
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player ActiveX
Adobe Reader 7.0
AIM 6
AOL Instant Messenger
Ares 2.0.9
Brother MFL-Pro Suite
Caillou's Alphabet
Caillou's Thinking Skills
CardRd81
ccCommon
CCScore
CR2
Customer Appointment Manager
DivX
DivX Player
DivX Player Lite (with DivX & XviD Codecs) 1.0.9
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
InterActual Player
Internet Worm Protection
J2SE Runtime Environment 5.0 Update 1
kgcbase
Kodak EasyShare software
KSU
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Microsoft FrontPage 2002
Microsoft Interactive Training
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Musicmatch® Jukebox
My Search Bar
netbrdg
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
Notifier
OfotoXMI
Pencil-Pal Preschool
QuickTime
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB944653)
SFR
SHASTA
skin0001
SKINXSDK
SPBBC
staticcr
Symantec
Symantec Script Blocking Installer
SymNet
tooltips
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Viewpoint Media Player
VPRINTOL
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WIRELESS

Thanks for any help...Jessica

#2 kahdah

Group: GeekU Moderator
Posts: 15,822
Joined: 13-April 06

Posted 21 January 2008 - 11:39 AM

Hello jorie

Welcome to G2Go.

==================
Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

#3 jorie

Group: Member
Posts: 5
Joined: 21-January 08

Posted 21 January 2008 - 01:51 PM

thanks...here is the log from that program
Deckard's System Scanner v20071014.68
Run by Jessica6969 on 2008-01-21 13:45:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 2 Restore Point(s) --
2: 2008-01-21 19:45:09 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-01-21 19:30:59 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Jessica6969.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:46:03 PM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINNT\srvany.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\SYMNET~1\SNDMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Documents and Settings\Jessica6969\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JESSIC~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: DHTML Support Dll - {DC242F50-B46A-4182-B377-64A795CFED9C} - C:\WINDOWS\system32\dhtmlcore.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Windows - Unknown owner - C:\WINNT\srvany.exe

--
End of file - 5589 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R4 SYMTDI - c:\windows\system32\drivers\symtdi.sys (file missing)

S3 RimUsb (BlackBerry Device) - c:\windows\system32\drivers\rimusb.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Windows - c:\winnt\srvany.exe

S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
S3 KodakCCS (Kodak Camera Connection Software) - c:\windows\system32\drivers\kodakccs.exe (file missing)

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\40E33C51600
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\40E33C51600
Service: NIC1394

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&268D196D&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&268D196D&0
Service: i8042prt

-- Scheduled Tasks -------------------------------------------------------------

2008-01-07 14:07:16 448 --a------ C:\WINDOWS\Tasks\EasyShare Registration Task.job

-- Files created between 2007-12-21 and 2008-01-21 -----------------------------

2008-01-21 09:22:42 0 d-------- C:\Program Files\Trend Micro
2008-01-21 00:42:26 0 d-------- C:\Program Files\SymNetDrv
2008-01-21 00:18:34 0 d-------- C:\WINDOWS\pss
2008-01-21 00:05:06 0 d-------- C:\Documents and Settings\Jessica6969\Application Data\Symantec
2008-01-21 00:04:53 0 d-------- C:\Program Files\Symantec
2008-01-21 00:04:53 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-21 00:04:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-20 23:38:38 0 d-------- C:\Documents and Settings\All Users\Application Data\pcgdemo
2008-01-16 00:21:06 0 d-------- C:\Program Files\Ares
2008-01-15 23:34:23 737280 --a------ C:\WINDOWS\system32\spr32d30.dll <Not Verified; FarPoint Technologies, Inc.; Spread>
2008-01-15 23:34:23 77824 --a------ C:\WINDOWS\system32\msbind.dll <Not Verified; Microsoft Corporation; MSBind Object Library>
2008-01-15 23:34:22 41472 --a------ C:\WINDOWS\system32\msldbusr.dll <Not Verified; Microsoft; LDB User>
2008-01-15 23:34:21 40960 --a------ C:\WINDOWS\system32\SSubTmr6.dll <Not Verified; vbAccelerator; SSubTmr6>
2008-01-15 23:34:21 98304 --a------ C:\WINDOWS\system32\ccrpUCW6.dll <Not Verified; Jeremy Adams, CCRP; ccrpUCW>
2008-01-15 23:34:20 53248 --a------ C:\WINDOWS\system32\GbXMLParse.dll <Not Verified; Gravitybox; Gravitybox XMLParse>
2008-01-15 23:34:20 665088 --a------ C:\WINDOWS\system32\AB2DLL.DLL <Not Verified; Data Dynamics; Data Dynamics ActiveBar 2.0 Control>
2008-01-15 23:34:16 0 d-------- C:\Program Files\Customer Appointment Manager Demo
2008-01-08 15:27:12 0 d-------- C:\WINDOWS\system32\PreInstall
2008-01-07 15:31:58 0 d-------- C:\Documents and Settings\Jessica6969\Application Data\PC-FAX TX
2008-01-07 15:21:07 50 --a------ C:\WINDOWS\system32\bridf06a.dat
2008-01-07 15:20:46 52736 --a------ C:\WINDOWS\system32\brinsstr.dll <Not Verified; Brother Industries,Ltd.; Brother MFL-Pro>
2008-01-07 15:20:39 188416 -----n--- C:\WINDOWS\system32\PDRVINST.DLL <Not Verified; brother; installer>
2008-01-07 15:20:39 34816 -----n--- C:\WINDOWS\system32\BrWiaNCp.dll <Not Verified; Brother Industries,Ltd.; Brother MFC Network Scanner>
2008-01-07 15:20:39 69632 -----n--- C:\WINDOWS\system32\BRWEBUP.EXE <Not Verified; brother; brother brwebup>
2008-01-07 15:20:39 86016 -----n--- C:\WINDOWS\system32\BrWebIns.dll <Not Verified; brother; brother BrWebIns>
2008-01-07 15:20:39 37376 -----n--- C:\WINDOWS\system32\Brnsplg.dll <Not Verified; Brother Industries,Ltd; Brother Insustries,Ltd>
2008-01-07 15:20:39 54784 -----n--- C:\WINDOWS\system32\BrNetSti.dll <Not Verified; Brother Industries, Ltd.; Brother Industries, Ltd.>
2008-01-07 15:20:36 1492480 --a------ C:\WINDOWS\system32\BrWia06a.dll <Not Verified; Brother Industries, Ltd.; Brother Industries, Ltd.>
2008-01-07 15:20:35 0 d-------- C:\Brother
2008-01-07 15:20:33 163840 -----n--- C:\WINDOWS\system32\NSSearch.dll <Not Verified; brother; brother NSSearch>
2008-01-07 15:20:33 106496 -----n--- C:\WINDOWS\system32\BrMuSNMP.dll
2008-01-07 15:20:33 53248 -----n--- C:\WINDOWS\system32\BrMfNt.dll <Not Verified; Brother Industries,LTD.; Brother BrMfNt>
2008-01-07 15:20:33 126976 -----n--- C:\WINDOWS\system32\BrfxD05a.dll <Not Verified; Brother Industries,LTD; Brother PC-FAX DIAL Dynamic Link Library>
2008-01-07 15:20:33 0 --a------ C:\WINDOWS\brdfxspd.dat
2008-01-07 15:20:32 147456 -----n--- C:\WINDOWS\brunin03.dll <Not Verified; Brother Industries,Ltd.; Brother MFL-Pro>
2008-01-07 15:20:32 0 d-------- C:\Program Files\Brother
2008-01-07 15:17:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Brother
2008-01-07 14:26:04 0 d-------- C:\Kodak
2008-01-07 14:15:50 14981 --a------ C:\logfile
2008-01-07 14:11:20 0 d-------- C:\Program Files\Common Files\Kodak
2007-12-30 20:26:38 0 d-------- C:\WINDOWS\system32\LogFiles

-- Find3M Report ---------------------------------------------------------------

2008-01-21 13:44:57 0 d-------- C:\Program Files\Common Files
2008-01-21 11:11:31 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-21 01:41:51 0 d-------- C:\Program Files\AOD
2008-01-13 11:22:03 10 --a------ C:\WINDOWS\smdat32m.sys
2008-01-08 16:32:49 2107 --a------ C:\WINDOWS\smdat32a.sys
2008-01-08 16:31:05 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-07 15:20:39 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-07 14:34:24 0 d-------- C:\Program Files\Kodak

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]
C:\Program Files\RXToolBar\sfcont.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC242F50-B46A-4182-B377-64A795CFED9C}]
02/21/2003 09:00 AM 126976 --a------ C:\WINDOWS\system32\dhtmlcore.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [09/22/2004 06:20 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/28/2005 12:49 PM]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [06/28/2006 07:46 AM]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [06/29/2006 12:18 PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [01/21/2008 12:42 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [01/01/2000 01:20 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2563DA26-40A7-A641-3235-308CA13E866F}]
C:\WINDOWS\system32:dlihost.exe

-- End of Deckard's System Scanner: finished at 2008-01-21 13:46:53 ------------

and this is the extra.txt......

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1.80GHz
Percentage of Memory in Use: 39%
Physical Memory (total/avail): 511.53 MiB / 307.39 MiB
Pagefile Memory (total/avail): 1250.15 MiB / 1083.89 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.91 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.78 GiB total, 98.7 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 111.79 GiB total, 105.24 GiB free.

\\.\PHYSICALDRIVE0 - WDC WD1200BB-22CAA0 - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.78 GiB - C:

\\.\PHYSICALDRIVE1 - WDC WD1200BB-22CAA0 - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.79 GiB - F:

-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
AntivirusOverride is set.

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\WinMX\\WinMX.exe"="C:\\Program Files\\WinMX\\WinMX.exe:*:Enabled:WinMX Application"
"F:\\Program Files\\limewire\\LimeWire.exe"="F:\\Program Files\\limewire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal\\kavsvc.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal\\kavsvc.exe:*:Enabled:Kaspersky Anti-Virus Service"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jessica6969\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JESSICA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jessica6969
LOGONSERVER=\\JESSICA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JESSIC~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JESSIC~1\LOCALS~1\Temp
USERDOMAIN=JESSICA
USERNAME=Jessica6969
USERPROFILE=C:\Documents and Settings\Jessica6969
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Jessica6969 (admin)
Julio (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2006 National Home Estimator --> MsiExec.exe /I{00AB02A9-190E-4DEB-AF1B-C5A5C90DE781}
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}\Setup.exe" -l0x9 Brunin03.dll -removeonly
Caillou's Alphabet --> C:\Program Files\brighter child\caillou's alphabet\uninstall\uninstall.exe
Caillou's Thinking Skills --> C:\Program Files\brighter child\caillou's thinking skills\uninstall\uninstall.exe
CardRd81 --> MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Customer Appointment Manager --> C:\PROGRA~1\CUSTOM~1\UNWISE.EXE C:\PROGRA~1\CUSTOM~1\INSTALL.LOG
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Player Lite (with DivX & XviD Codecs) 1.0.9 --> C:\Program Files\DivX Player Lite\uninst.exe
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0002_dc03c1d\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Microsoft FrontPage 2002 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0050048383C9}
Microsoft Interactive Training --> C:\Program Files\MSPress\Training\lunins32_s.exe
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
My Search Bar --> rundll32 C:\PROGRA~1\MyWay\myBar\1.bin\mybar.dll,O
netbrdg --> MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
Pencil-Pal Preschool --> C:\WINDOWS\unvise32.exe C:\Program Files\sz8080\uninstal.log
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001 --> MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
tooltips --> MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}

-- Application Event Log -------------------------------------------------------

Event Record #/Type2544 / Warning
Event Submitted/Written: 01/21/2008 01:39:37 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x800401F0

Event Record #/Type2441 / Error
Event Submitted/Written: 01/14/2008 06:23:04 PM
Event ID/Source: 1000 / Microsoft Office 10
Event Description:
Faulting application frontpg.exe, version 10.0.2623.0, faulting module frontpg.exe, version 10.0.2623.0, fault address 0x0001ffb2.

Event Record #/Type2435 / Error
Event Submitted/Written: 01/13/2008 11:24:26 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application kazaa.exe, version 3.2.7.0, faulting module kazaa.exe, version 3.2.7.0, fault address 0x0004add4.
Processing media-specific event for [kazaa.exe!ws!]

Event Record #/Type2434 / Error
Event Submitted/Written: 01/13/2008 11:22:19 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type2431 / Error
Event Submitted/Written: 01/13/2008 10:47:26 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type9727 / Warning
Event Submitted/Written: 01/21/2008 01:25:10 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address . The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type9726 / Warning
Event Submitted/Written: 01/21/2008 01:25:05 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00E018569C0B. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type9723 / Error
Event Submitted/Written: 01/21/2008 01:25:03 PM
Event ID/Source: 4 / E100B
Event Description:
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Event Record #/Type9720 / Error
Event Submitted/Written: 01/21/2008 01:24:47 PM
Event ID/Source: 4 / E100B
Event Description:
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Event Record #/Type9708 / Error
Event Submitted/Written: 01/21/2008 03:33:31 AM
Event ID/Source: 4 / E100B
Event Description:
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

-- End of Deckard's System Scanner: finished at 2008-01-21 13:46:53 ------------

#4 kahdah

Group: GeekU Moderator
Posts: 15,822
Joined: 13-April 06

Posted 21 January 2008 - 02:46 PM

Please download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  -----------------------------------------------------------
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

#5 jorie

Group: Member
Posts: 5
Joined: 21-January 08

Posted 21 January 2008 - 03:01 PM

Here is my log from the last download I did and then my Hijackthis again.....

ComboFix 08-01-20.1 - Jessica6969 2008-01-21 14:52:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.301 [GMT -6:00]
Running from: C:\Documents and Settings\Jessica6969\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - system32: deleted 1070118 bytes in 2 streams.
ADS - svchost.exe: deleted 68 bytes in 1 streams.
ADS - explorer.exe: deleted 132 bytes in 1 streams.

((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 )))))))))))))))))))))))))))))))
.

2008-01-21 14:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-21 13:30 . 2008-01-21 13:30 <DIR> d-------- C:\Deckard
2008-01-21 09:22 . 2008-01-21 09:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-21 00:42 . 2008-01-21 00:42 <DIR> d-------- C:\Program Files\SymNetDrv
2008-01-21 00:05 . 2008-01-21 00:19 <DIR> d-------- C:\Documents and Settings\Jessica6969\Application Data\Symantec
2008-01-21 00:04 . 2008-01-21 13:46 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-21 00:04 . 2008-01-21 13:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-20 23:38 . 2008-01-20 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\pcgdemo
2008-01-16 00:21 . 2008-01-16 00:23 <DIR> d-------- C:\Program Files\Ares
2008-01-15 23:34 . 2008-01-15 23:35 <DIR> d-------- C:\Program Files\Customer Appointment Manager Demo
2008-01-07 15:31 . 2008-01-07 15:31 <DIR> d-------- C:\Documents and Settings\Jessica6969\Application Data\PC-FAX TX
2008-01-07 15:21 . 2008-01-07 15:21 419 --a------ C:\WINDOWS\BRWMARK.INI
2008-01-07 15:21 . 2008-01-07 15:31 299 --a------ C:\WINDOWS\Brpfx04a.ini
2008-01-07 15:21 . 2008-01-07 15:31 154 --a------ C:\WINDOWS\brpcfx.ini
2008-01-07 15:21 . 2008-01-07 15:21 50 --a------ C:\WINDOWS\system32\bridf06a.dat
2008-01-07 15:21 . 2008-01-07 15:21 27 --a------ C:\WINDOWS\BRPP2KA.INI
2008-01-07 15:20 . 2008-01-07 15:20 <DIR> d-------- C:\Program Files\Brother
2008-01-07 15:17 . 2008-01-07 15:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Brother
2008-01-07 14:26 . 2008-01-07 14:26 <DIR> d-------- C:\Kodak
2008-01-07 14:15 . 2008-01-21 00:18 14,981 --a------ C:\logfile
2008-01-07 14:12 . 2007-06-06 09:57 2,363,392 --a------ C:\WINDOWS\system32\xerces-c_2_7.dll
2008-01-07 14:12 . 2007-06-06 09:18 45,056 --a------ C:\WINDOWS\system32\KPDDynCC.DLL
2008-01-07 14:12 . 2007-06-06 09:25 40,960 --a------ C:\WINDOWS\system32\KPDLM.dll
2008-01-07 14:11 . 2008-01-07 14:11 <DIR> d-------- C:\Program Files\Common Files\Kodak
2008-01-07 14:11 . 2004-08-04 01:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-01-07 14:11 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-30 20:26 . 2007-12-30 20:26 <DIR> d-------- C:\WINDOWS\system32\LogFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 07:41 --------- d-----w C:\Program Files\AOD
2008-01-08 22:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-07 21:20 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-07 20:34 --------- d-----w C:\Program Files\Kodak
2008-01-07 20:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2005-02-02 01:20 7,056 -c--a-w C:\Documents and Settings\Jessica6969\queue.dat
2005-02-02 01:20 1,314,816 ----a-w C:\Documents and Settings\Jessica6969\FahCore_65.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]
C:\Program Files\RXToolBar\sfcont.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC242F50-B46A-4182-B377-64A795CFED9C}]
2003-02-21 09:00 126976 --a------ C:\WINDOWS\system32\dhtmlcore.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2000-01-01 01:20 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-09-22 18:20 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-28 12:49 77824]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 07:46 622592]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 12:18 77824]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2004-12-06 21:31 36975 C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2000-01-01 01:20 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

R2 Windows;Windows;C:\WINNT\srvany.exe [2001-12-10 18:06]
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2005-08-16 12:02]

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2563DA26-40A7-A641-3235-308CA13E866F}]
C:\WINDOWS\system32:dlihost.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 14:56:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-21 14:56:46
.
2008-01-16 06:17:13 --- E O F ---

and my hijack log.......Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINNT\srvany.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: DHTML Support Dll - {DC242F50-B46A-4182-B377-64A795CFED9C} - C:\WINDOWS\system32\dhtmlcore.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Windows - Unknown owner - C:\WINNT\srvany.exe

--
End of file - 4793 bytes

Thanks Again, Jessica

#6 kahdah

Group: GeekU Moderator
Posts: 15,822
Joined: 13-April 06

Posted 21 January 2008 - 07:59 PM

The first thing I will need you to do is to Download this anti-virus program and install it.
This is free.
AVG free
===================================================================
After that I see that you have a few p2p programs installed >Limewire Ares etc...
Having P2p programs such as these raise the possibility of getting infected again.
See here for information on P2P's.
I will leave it up to you if you want to remove them.
To remove them just simply uninstall them then delete these folders>C:\Program Files\Name of program you uninstalled
=========================
Next

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\dhtmlcore.dll
C:\WINNT\srvany.exe
C:\WINDOWS\system32\AB2DLL.DLL 
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\system32:dlihost.exe
C:\WINDOWS\system32\dlihost.exe

Folder::
C:\Program Files\RXToolBar
C:\Program Files\MyWay
C:\Program Files\Viewpoint

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC242F50-B46A-4182-B377-64A795CFED9C}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2563DA26-40A7-A641-3235-308CA13E866F}]

Driver::
Windows

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
A new HijackThis log.

#7 jorie

Group: Member
Posts: 5
Joined: 21-January 08

Posted 21 January 2008 - 08:35 PM

I installed the AVG here's the log for the combo fix after I added that file..............

ComboFix 08-01-20.1 - Jessica6969 2008-01-21 20:25:44.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.215 [GMT -6:00]
Running from: C:\Documents and Settings\Jessica6969\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jessica6969\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32:dlihost.exe
C:\WINDOWS\system32\AB2DLL.DLL
C:\WINDOWS\system32\dhtmlcore.dll
C:\WINDOWS\system32\dlihost.exe
C:\WINNT\srvany.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0305001C.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownLoadHist.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream_0302021C.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream_0302021C_.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentMgr_03000F11.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMgr.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\AB2DLL.DLL
C:\WINDOWS\system32\dhtmlcore.dll
C:\WINNT\srvany.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_WINDOWS
-------\Windows

((((((((((((((((((((((((( Files Created from 2007-12-22 to 2008-01-22 )))))))))))))))))))))))))))))))
.

2008-01-21 20:23 . 2008-01-21 20:23 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-21 20:23 . 2008-01-21 20:24 <DIR> d-------- C:\Documents and Settings\Jessica6969\Application Data\AVG7
2008-01-21 20:23 . 2008-01-21 20:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-21 20:23 . 2008-01-21 20:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-21 14:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-21 13:30 . 2008-01-21 13:30 <DIR> d-------- C:\Deckard
2008-01-21 09:22 . 2008-01-21 09:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-21 00:05 . 2008-01-21 00:19 <DIR> d-------- C:\Documents and Settings\Jessica6969\Application Data\Symantec
2008-01-21 00:04 . 2008-01-21 13:46 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-21 00:04 . 2008-01-21 13:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-20 23:38 . 2008-01-20 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\pcgdemo
2008-01-16 00:21 . 2008-01-16 00:23 <DIR> d-------- C:\Program Files\Ares
2008-01-15 23:34 . 2008-01-15 23:35 <DIR> d-------- C:\Program Files\Customer Appointment Manager Demo
2008-01-07 15:31 . 2008-01-07 15:31 <DIR> d-------- C:\Documents and Settings\Jessica6969\Application Data\PC-FAX TX
2008-01-07 15:21 . 2008-01-07 15:21 419 --a------ C:\WINDOWS\BRWMARK.INI
2008-01-07 15:21 . 2008-01-07 15:31 299 --a------ C:\WINDOWS\Brpfx04a.ini
2008-01-07 15:21 . 2008-01-07 15:31 154 --a------ C:\WINDOWS\brpcfx.ini
2008-01-07 15:21 . 2008-01-07 15:21 50 --a------ C:\WINDOWS\system32\bridf06a.dat
2008-01-07 15:21 . 2008-01-07 15:21 27 --a------ C:\WINDOWS\BRPP2KA.INI
2008-01-07 15:20 . 2008-01-07 15:20 <DIR> d-------- C:\Program Files\Brother
2008-01-07 15:17 . 2008-01-07 15:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Brother
2008-01-07 14:26 . 2008-01-07 14:26 <DIR> d-------- C:\Kodak
2008-01-07 14:15 . 2008-01-21 00:18 14,981 --a------ C:\logfile
2008-01-07 14:12 . 2007-06-06 09:57 2,363,392 --a------ C:\WINDOWS\system32\xerces-c_2_7.dll
2008-01-07 14:12 . 2007-06-06 09:18 45,056 --a------ C:\WINDOWS\system32\KPDDynCC.DLL
2008-01-07 14:12 . 2007-06-06 09:25 40,960 --a------ C:\WINDOWS\system32\KPDLM.dll
2008-01-07 14:11 . 2008-01-07 14:11 <DIR> d-------- C:\Program Files\Common Files\Kodak
2008-01-07 14:11 . 2004-08-04 01:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-01-07 14:11 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-30 20:26 . 2007-12-30 20:26 <DIR> d-------- C:\WINDOWS\system32\LogFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 07:41 --------- d-----w C:\Program Files\AOD
2008-01-08 22:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-07 21:20 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-07 20:34 --------- d-----w C:\Program Files\Kodak
2008-01-07 20:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2005-02-02 01:20 7,056 -c--a-w C:\Documents and Settings\Jessica6969\queue.dat
2005-02-02 01:20 1,314,816 ----a-w C:\Documents and Settings\Jessica6969\FahCore_65.exe
.

((((((((((((((((((((((((((((( snapshot@2008-01-21_14.56.19.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 20:52:03 237,568 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-22 02:25:26 237,568 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-21 20:52:03 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-22 02:25:27 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-21 20:52:03 237,568 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-22 02:25:27 237,568 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-21 20:52:03 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-22 02:25:27 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-21 20:52:03 3,047,424 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-22 02:25:27 3,047,424 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-21 20:52:03 12,288 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-22 02:25:27 16,384 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2000-08-31 14:00:00 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
+ 2008-01-22 02:23:27 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
+ 2008-01-22 02:23:31 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
+ 2008-01-22 02:23:32 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
+ 2008-01-22 02:23:33 3,968 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
+ 2008-01-22 02:23:33 19,904 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2000-01-01 01:20 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-09-22 18:20 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-28 12:49 77824]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 07:46 622592]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 12:18 77824]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-21 20:23 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-21 20:23 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2004-12-06 21:31 36975 C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2000-01-01 01:20 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2005-08-16 12:02]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 20:29:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-01-21 20:32:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-22 02:31:50
ComboFix2.txt 2008-01-21 20:56:47
.
2008-01-16 06:17:13 --- E O F ---

and here's my log after I ran the hijackthis.............

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:33, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)

--
End of file - 5357 bytes

Thanks again Jess

#8 kahdah

Group: GeekU Moderator
Posts: 15,822
Joined: 13-April 06

Posted 21 January 2008 - 08:40 PM

You are welcome

Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

#9 jorie

Group: Member
Posts: 5
Joined: 21-January 08

Posted 22 January 2008 - 12:31 AM

after scanning with panda here is the log that I saved.............

Incident Status Location

Adware:adware/gator Not disinfected c:\documents and settings\all users\start menu\programs\startup\GStartup.lnk
Adware:adware/cydoor Not disinfected c:\windows\cdmxtras
Potentially unwanted tool:application/need2find Not disinfected hkey_current_user\software\Need2Find
Potentially unwanted tool:application/myway Not disinfected hkey_classes_root\clsid\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}
Adware:adware/rxtoolbar Not disinfected Windows Registry
Potentially unwanted tool:application/altnet Not disinfected hkey_classes_root\clsid\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}
Adware:adware/instafinder Not disinfected Windows Registry
Spyware:spyware/media-motor Not disinfected Windows Registry
Adware:adware/favoriteman Not disinfected Windows Registry
Potentially unwanted tool:Application/Altnet Not disinfected C:\Deckard\System Scanner\20080121134502\backup\DOCUME~1\JESSIC~1\LOCALS~1\Temp\__unin__.exe
Potentially unwanted tool:Application/Altnet Not disinfected C:\Deckard\System Scanner\20080121134502\backup\WINDOWS\temp\Altnet\pmfiles.cab
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@adrevolver[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@ads.pointroll[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@atwola[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@bs.serving-sys[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@burstnet[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@casalemedia[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@com[1].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@counter.hitslink[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@did-it[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@ehg-dig.hitbox[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@fastclick[2].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@goclick[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@go[2].txt
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@hotlog[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@revenue[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@searchportal.information[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@server.iad.liveperson[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@serving-sys[2].txt
Spyware:Cookie/Smartadserver Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@smartadserver[2].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@stat.onestat[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@statcounter[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@statse.webtrendslive[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@target[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@tribalfusion[2].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@weborama[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@www.burstbeacon[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@www6.addfreestats[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jessica6969\Cookies\jessica6969@zedo[2].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Jessica6969\Desktop\ComboFix.exe[nircmd.com]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Jessica6969\Desktop\ComboFix.exe[nircmd.cfexe]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Julio\Cookies\julio@ad.yieldmanager[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Julio\Cookies\julio@adrevolver[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Julio\Cookies\julio@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Julio\Cookies\julio@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Julio\Cookies\julio@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Julio\Cookies\julio@atwola[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Julio\Cookies\julio@bluestreak[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Julio\Cookies\julio@bs.serving-sys[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Julio\Cookies\julio@burstnet[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Julio\Cookies\julio@casalemedia[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Julio\Cookies\julio@doubleclick[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Julio\Cookies\julio@errorsafe[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Julio\Cookies\julio@fastclick[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Julio\Cookies\julio@media.adrevolver[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Julio\Cookies\julio@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Julio\Cookies\julio@perf.overture[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Julio\Cookies\julio@phg.hitbox[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Julio\Cookies\julio@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Julio\Cookies\julio@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Julio\Cookies\julio@revenue[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Julio\Cookies\julio@server.iad.liveperson[3].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Julio\Cookies\julio@serving-sys[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Julio\Cookies\julio@statcounter[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Julio\Cookies\julio@statse.webtrendslive[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Julio\Cookies\julio@tribalfusion[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Julio\Cookies\julio@zedo[2].txt
Adware:Adware/MediaBack Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\dhtmlcore.dll.vir
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
Spyware:Cookie/Doubleclick Not disinfected F:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
Potentially unwanted tool:Application/KillApp.B Not disinfected F:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected F:\hp\bin\Terminator.exe
Thanks Again...Jessica

#10 kahdah

Group: GeekU Moderator
Posts: 15,822
Joined: 13-April 06

Posted 22 January 2008 - 10:55 AM

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\documents and settings\all users\start menu\programs\startup\GStartup.lnk 

Folder::
c:\windows\cdmxtras 
C:\Deckard
C:\Program Files\Common Files\GMT

Registry::
[-hkey_current_user\software\Need2Find]
[-hkey_classes_root\clsid\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{DC242F50-B46A-4182-B377-64A795CFED9C}]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
A new HijackThis log.

#11 kahdah

Group: GeekU Moderator
Posts: 15,822
Joined: 13-April 06

Posted 07 February 2009 - 09:36 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Back to Virus, Spyware, Malware Removal

Share this topic:

Page 1 of 1

Please log in to reply

dhtmlcore.dll - Geeks to Go Forums