Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

purityscan,outerinfo others, help! [RESOLVED]

Started by bubble00 , Jun 16 2008 06:10 PM

This topic is locked

#1
bubble00

Posted 16 June 2008 - 06:10 PM

Member

Member
45 posts

cant get rid of all these pop ups.

Here is my log. Thanks for any help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:24 PM, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\IMGrabber2.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1194136224\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Documents and Settings\All Users\Application

Data\Dell\TransferAgent\TransferAgent.exe
C:\Documents and Settings\sarah\Application Data\W?nSxS\??chost.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\sarah\MYDOCU~1\CURITY~1\wuaclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://securityrespo...r/fix_homepage/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows

Internet Explorer provided by Comcast
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} -

C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: {8f674b87-5c04-a258-3e34-2b528c005fb4} -

{4bf500c8-25b2-43e3-852a-40c578b476f8} - C:\WINDOWS\system32\fopamdag.dll

(file missing)
O2 - BHO: mymaxisearch browser optimizer -

{5d4ddd04-8cde-95d8-d5a2-aa9378e6d7b0} -

C:\WINDOWS\system32\{7D0FDCFD-7ED7-2080-1499-7863D3F5E52D}.dll
O2 - BHO: (no name) - {FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2} -

C:\WINDOWS\system32\tusspomj.dll (file missing)
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} -

C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program

Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media

Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program

Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup]

C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common

Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo

AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch

Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch

Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [TypeAgentL] C:\Program Files\TypeAgent\TypeAgent.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common

Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe

SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common

Files\AOL\1194136224\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink

Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All

Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [Kuckj] "C:\Program Files\Common Files\?ymbols\d?dplay.exe"
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe
O4 - HKCU\..\Run: [Beex] "C:\Documents and Settings\sarah\Application

Data\W?nSxS\??chost.exe"
O4 - HKCU\..\Run: [Tair] "C:\DOCUME~1\sarah\MYDOCU~1\CURITY~1\wuaclt.exe" -vt

ndrv
O4 - HKCU\..\Policies\Explorer\Run: [usrbth] C:\WINDOWS\system32\usrbth.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco

Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol

toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! -

res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} -

C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player -

{d81ca86b-ef63-42af-bee3-4502d9a03c2d} -

http://wwws.musicmat...enWebRadio.html (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -

http://www2.snapfish...fishActivia.cab
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External

Control) -

https://actsvr.comca.....tion Controls

.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4

Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader

Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object)

- http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4)

- http://upload.facebo...Uploader4_5.cab
O20 - Winlogon Notify: tusspomj - tusspomj.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program

Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common

Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation

- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown

owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file

missing)
O23 - Service: Command Service (cmdService) - Unknown owner -

C:\WINDOWS\c2FyYWg\command.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec

Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program

Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program

Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. -

C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: MGS - Unknown owner - C:\WINDOWS\system32\IMGrabber2.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network

Monitor\netmon.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program

Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program

Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation

- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec

AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec

Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program

Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program

Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11728 bytes

Edited by bubble00, 16 June 2008 - 06:12 PM.

#2
Stamper19

Posted 16 June 2008 - 06:42 PM

Expert

Expert
1,992 posts

Hi bubble00,

Welcome to Geeks to Go!

My name is Stamper19 and I will be helping you with your Malware problem. During the course of our interactions please be sure to follow all instructions carefully, and ask questions if you are unsure of how to proceed at any point.

Please be sure to turn off Wordwrap in Notepad. Having it on makes the logs difficult to read. To do so, in Notepad go to the Format menu and make sure that Wordwrap is not checked. If it is, then click on it to uncheck it.

----------------------------------------------------------------

Please download Deckard's System Scanner (DSS) to your Desktop.

Close all applications and windows.
Double-click on DSS.exe to run it, and follow the prompts.
The scan may take a minute. When the scan is complete, two text files will open - Main.txt and Extra.txt

Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Post the main.txt and extra.txt from the C:\Deckard\System Scanner folder into your next reply.

----------------------------------------------------------------

Information to include in your next post:

main.txt and extra.txt from DSS

#3
bubble00

Posted 16 June 2008 - 08:30 PM

Member

Topic Starter
Member
45 posts

main

Deckard's System Scanner v20071014.68
Run by sarah on 2008-06-16 22:23:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
115: 2008-06-17 02:23:22 UTC - RP975 - Deckard's System Scanner Restore Point
114: 2008-06-16 14:01:37 UTC - RP974 - System Checkpoint
113: 2008-06-06 12:07:07 UTC - RP973 - System Checkpoint
112: 2008-06-05 11:07:44 UTC - RP972 - System Checkpoint
111: 2008-06-04 11:02:33 UTC - RP971 - System Checkpoint

-- First Restore Point --
1: 2008-04-17 02:22:06 UTC - RP861 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 81% (more than 75%).

-- HijackThis (run as sarah.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:03 PM, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\IMGrabber2.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1194136224\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\sarah\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\sarah.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: {8f674b87-5c04-a258-3e34-2b528c005fb4} - {4bf500c8-25b2-43e3-852a-40c578b476f8} - C:\WINDOWS\system32\fopamdag.dll (file missing)
O2 - BHO: mymaxisearch browser optimizer - {5d4ddd04-8cde-95d8-d5a2-aa9378e6d7b0} - C:\WINDOWS\system32\{7D0FDCFD-7ED7-2080-1499-7863D3F5E52D}.dll
O2 - BHO: (no name) - {FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2} - C:\WINDOWS\system32\tusspomj.dll (file missing)
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [TypeAgentL] C:\Program Files\TypeAgent\TypeAgent.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1194136224\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [Kuckj] "C:\Program Files\Common Files\?ymbols\d?dplay.exe"
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe
O4 - HKCU\..\Policies\Explorer\Run: [usrbth] C:\WINDOWS\system32\usrbth.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - https://actsvr.comca..... Controls.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O20 - Winlogon Notify: tusspomj - tusspomj.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\c2FyYWg\command.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MGS - Unknown owner - C:\WINDOWS\system32\IMGrabber2.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11466 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 PSSdk23 - c:\windows\system32\drivers\pssdk23.drv (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 MGS - c:\windows\system32\imgrabber2.exe
R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S2 cmdService (Command Service) - c:\windows\c2fyywg\command.exe (file missing)
S2 Network Monitor - c:\program files\network monitor\netmon.exe service (file missing)

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-06-16 21:43:34 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-05-30 19:22:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2006-05-21 23:40:32 300 --a------ C:\WINDOWS\Tasks\XoftSpy.job

-- Files created between 2008-05-16 and 2008-06-16 -----------------------------

2008-06-16 20:01:06 0 d-------- C:\Program Files\Trend Micro
2008-06-05 17:57:36 41984 -ra------ C:\WINDOWS\mrofinu572.exe
2008-06-04 15:58:49 0 d-------- C:\Documents and Settings\sarah\Application Data\A?pPatch
2008-06-03 16:27:59 0 d-------- C:\Documents and Settings\sarah\Application Data\W?nSxS
2008-06-02 15:41:32 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2008-06-02 15:41:28 0 d-------- C:\Program Files\Network Monitor
2008-06-02 15:41:27 0 d--hs---- C:\WINDOWS\c2FyYWg
2008-06-02 15:26:09 0 d-------- C:\Program Files\Svconr
2008-06-02 15:26:04 0 d-------- C:\Program Files\Temporary
2008-06-02 15:21:03 0 d-------- C:\Program Files\JavaCore
2008-06-02 15:20:51 0 d-------- C:\Program Files\AntiSpywareMaster
2008-06-02 15:17:57 0 d-------- C:\Program Files\Common Files\?ymbols
2008-06-02 15:17:00 0 d-------- C:\WINDOWS\system32\vntiho01
2008-05-30 10:40:02 542208 --a------ C:\WINDOWS\b159.exe
2008-05-29 10:30:20 440832 --a------ C:\WINDOWS\system32\{7D0FDCFD-7ED7-2080-1499-7863D3F5E52D}.dll

-- Find3M Report ---------------------------------------------------------------

2008-06-16 22:25:07 0 d-------- C:\Documents and Settings\sarah\Application Data\StumbleUpon
2008-06-16 20:21:01 0 d-------- C:\Documents and Settings\sarah\Application Data\W?nSxS
2008-06-16 19:01:05 0 d-------- C:\Program Files\AIM95
2008-06-16 19:00:51 0 d-------- C:\Documents and Settings\sarah\Application Data\Aim
2008-06-16 18:52:27 0 d-------- C:\Program Files\ewido anti-spyware 4.0
2008-06-16 18:38:09 0 d-------- C:\Program Files\Symantec AntiVirus
2008-06-16 16:33:08 5096 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-16 16:31:41 0 d-------- C:\Program Files\Common Files
2008-06-04 22:10:09 0 d-------- C:\Program Files\AOD
2008-06-04 22:02:50 0 d-------- C:\Program Files\Common Files\?ymbols
2008-06-04 15:58:49 0 d-------- C:\Documents and Settings\sarah\Application Data\A?pPatch
2008-06-03 20:37:59 0 d-------- C:\Program Files\Dl_cats
2008-05-14 12:42:24 0 d-------- C:\Documents and Settings\sarah\Application Data\AdobeUM
2008-04-24 18:02:40 420626 --ahs---- C:\WINDOWS\system32\cdcddccf.ini2
2008-04-20 17:59:42 0 d-------- C:\Program Files\QuickTime
2008-04-20 17:40:11 0 d-------- C:\Program Files\Dell
2008-04-20 17:37:27 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-20 17:35:14 0 d-------- C:\Program Files\Common Files\supportsoft
2008-04-17 00:09:57 0 d-------- C:\Documents and Settings\sarah\Application Data\IMG
2008-04-15 23:57:15 952 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4bf500c8-25b2-43e3-852a-40c578b476f8}]
C:\WINDOWS\system32\fopamdag.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5d4ddd04-8cde-95d8-d5a2-aa9378e6d7b0}]
05/29/2008 10:30 AM 440832 --a------ C:\WINDOWS\system32\{7D0FDCFD-7ED7-2080-1499-7863D3F5E52D}.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}]
C:\WINDOWS\system32\tusspomj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 06:48 PM]
"Apoint"="" []
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/30/2004 03:59 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12/03/2004 10:00 PM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [04/11/2004 09:15 PM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [03/04/2005 12:26 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 05:19 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 02:05 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 05:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 11:44 AM]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [04/22/2005 08:45 AM]
"DLBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [11/09/2004 10:41 PM]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [03/15/2005 08:58 AM]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [03/15/2005 08:58 AM]
"CTHelper"="CTHELPER.EXE" [10/06/2004 04:49 AM C:\WINDOWS\CTHELPER.EXE]
"TypeAgentL"="C:\Program Files\TypeAgent\TypeAgent.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [06/02/2005 10:21 AM]
"vptray"="C:\PROGRA~1\SYMANT~2\VPTray.exe" [06/23/2005 08:27 PM]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [10/23/2006 08:50 AM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [02/05/2007 11:28 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [08/15/2007 08:15 PM]
"HostManager"="C:\Program Files\Common Files\AOL\1194136224\ee\AOLSoftware.exe" [05/25/2007 01:16 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"SetDefaultMIDI"="MIDIDef.exe" [10/06/2004 04:23 AM C:\WINDOWS\MIDIDEF.EXE]
"apoint"="" []
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [03/15/2007 07:16 PM]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [11/13/2007 05:46 PM]
"Kuckj"="C:\Program Files\Common Files\?ymbols\d?dplay.exe" []
"JavaCore"="C:\Program Files\\JavaCore\\JavaCore.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2/23/2007 6:27:12 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [7/25/2005 10:48:20 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"usrbth"=C:\WINDOWS\system32\usrbth.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}"= C:\WINDOWS\system32\tusspomj.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 09/07/2004 05:08 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tusspomj]
tusspomj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^sarah^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\sarah\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

-- End of Deckard's System Scanner: finished at 2008-06-16 22:25:51 ------------

extra
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.60GHz
Percentage of Memory in Use: 79%
Physical Memory (total/avail): 511.4 MiB / 106.33 MiB
Pagefile Memory (total/avail): 1247.15 MiB / 604.38 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.52 MiB

C: is Fixed (NTFS) - 51.72 GiB total, 29.43 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2060AH - 55.89 GiB - 3 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 (bootable) - Installable File System - 51.72 GiB - C:
\PARTITION2 - Unknown - 4.11 GiB

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Symantec AntiVirus Corporate Edition v10.0.1.1000 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Common Files\\AOL\\1131595683\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1131595683\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM95\\aim.exe"="C:\\Program Files\\AIM95\\aim.exe:*:Enabled:AOL Instant Messenger"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\Common Files\\AOL\\1131595683\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1131595683\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1131595683\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1131595683\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\\Program Files\\Common Files\\AOL\\1194136224\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1194136224\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\\Program Files\\AOL 9.1\\waol.exe"="C:\\Program Files\\AOL 9.1\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL System Information"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\AIM95\\aim.exe"="C:\\Program Files\\AIM95\\aim.exe:*:Enabled:AOL Instant Messenger"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\sarah\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LAPTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\sarah
LOGONSERVER=\\LAPTOP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\IM;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\sarah\LOCALS~1\Temp
TMP=C:\DOCUME~1\sarah\LOCALS~1\Temp
USERDOMAIN=LAPTOP
USERNAME=sarah
USERPROFILE=C:\Documents and Settings\sarah
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ---------------------------------------------------------------

sarah (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
AIM+ (remove only) --> "C:\Program Files\AIM+\uninst.exe"
ALPS Touch Pad Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
AOL Toolbar 2.0 --> "C:\Program Files\AOL\AOL Toolbar 2.0\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support --> MsiExec.exe /I{763E8D6C-0098-4FF4-801A-3F311D2D9D80}
Apple Software Update --> MsiExec.exe /I{492724FC-3B26-46B4-824F-3CE2722D9AA0}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Banctec Service Agreement --> MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}
Broadcom Management Programs 2 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64A77F14-0E08-4A97-A859-E93CFF428756} /l1033
Business Contact Manager for Outlook 2003 --> MsiExec.exe /I{66563AD8-637B-407F-BCA7-0233A16891AB}
Cisco Clean Access Agent --> MsiExec.exe /X{FF79096E-6AED-448D-B54D-163DF0B1EFF4}
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Command --> wscript "C:\WINDOWS\c2FyYWg\wZIVsq0.vbs"
Conexant D110 MDC V.9x Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
DC++ 0.674 --> "C:\Program Files\DC++\uninstall.exe"
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Photo AIO Printer 922 --> C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTUNST.EXE -NOLICENSE
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drivers Install For Linksys Easylink Advisor --> MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
ewido anti-spyware 4.0 --> C:\Program Files\ewido anti-spyware 4.0\Uninstall.exe
G15A922EN --> MsiExec.exe /X{FDF0F423-F81F-4EA7-ABD1-AACBB60F3644}
Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
HijackThis 2.0.2 --> "C:\Documents and Settings\sarah\Local Settings\Temporary Internet Files\Content.IE5\N9UVX6YD\HijackThis.exe" /uninstall
ImageJ 1.37v --> "C:\Program Files\ImageJ\unins000.exe"
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Internal Network Card Power Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iTunes --> MsiExec.exe /I{974C05A0-C76C-4724-A9A2-11D5D1355729}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.9.11 --> "C:\Program Files\LimeWire\uninstall.exe"
Linksys EasyLink Advisor 1.6 (0032) --> rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA --> MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\sarah\Application Data\Move Networks\ie_bin\Uninst.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
Mymaxisearch Search Assistant --> C:\WINDOWS\system32\{7D0FDCFD-7ED7-2080-1499-7863D3F5E52D}.dll-uninst.exe
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Network Monitor --> wscript "C:\WINDOWS\uninstall_nmon.vbs"
PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL APPDRVNT4 - ALL
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
StumbleUpon IE Toolbar --> C:\Program Files\StumbleUpon\uninstall.exe
Svconr --> "C:\Program Files\Svconr\Svconr.exe" -uninstall
Symantec AntiVirus --> MsiExec.exe /I{3248E093-5288-4CA9-B3AB-11A675FEA1F9}
Symantec Technical Support Web Controls --> MsiExec.exe /X{C4868E88-F5B5-4E45-9592-C7062BD97441}
TI Connect 1.6 --> MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
Uninstall AOL Emergency Connect Utility 1.0 --> C:\Program Files\Common Files\AOL\ECU\uninst.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"

-- Application Event Log -------------------------------------------------------

Event Record #/Type7098 / Error
Event Submitted/Written: 06/16/2008 07:59:39 PM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Threat: Adware.Purityscan in File: C:\Documents and Settings\sarah\My Documents\??curity\wuaclt.exe by: Auto-Protect scan. Action: Terminate Process Required. Action Description:

Event Record #/Type7097 / Error
Event Submitted/Written: 06/16/2008 07:59:38 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Threat Found!Threat: (null) in File: c:\documents and settings\sarah\local settings\temp\!update.exe by: Auto-Protect scan. Action: Leave Alone succeeded. Action Description: The file was left unchanged.

Event Record #/Type7096 / Error
Event Submitted/Written: 06/16/2008 07:59:38 PM
Event ID/Source: 46 / Symantec AntiVirus
Event Description:
Security Risk Found!Threat: Adware.Purityscan in File: C:\Documents and Settings\sarah\My Documents\??curity\wuaclt.exe by: Auto-Protect scan. Action: Leave Alone succeeded. Action Description: The file was left unchanged.

Event Record #/Type7095 / Error
Event Submitted/Written: 06/16/2008 07:51:57 PM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Threat: Adware.MaxSearch in File: C:\Program Files\JavaCore\UnInstall.exe by: Auto-Protect scan. Action: Reboot Required. Action Description: The file was quarantined successfully.

Event Record #/Type7094 / Error
Event Submitted/Written: 06/16/2008 07:51:48 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Threat Found!Threat: Adware.MaxSearch in File: c:\program files\JavaCore\uninstall.exe by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type38156 / Error
Event Submitted/Written: 06/16/2008 06:36:30 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Network Monitor service failed to start due to the following error:
%%2

Event Record #/Type38155 / Error
Event Submitted/Written: 06/16/2008 06:35:45 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.107 for the Network Card with network address 0013CE20B25E has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type38150 / Error
Event Submitted/Written: 06/16/2008 06:34:10 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type38149 / Error
Event Submitted/Written: 06/16/2008 06:32:55 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type38148 / Error
Event Submitted/Written: 06/16/2008 06:32:40 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

-- End of Deckard's System Scanner: finished at 2008-06-16 22:25:51 ------------

#4
Stamper19

Posted 16 June 2008 - 08:39 PM

Expert

Expert
1,992 posts

Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

#5
bubble00

Posted 16 June 2008 - 09:09 PM

Member

Topic Starter
Member
45 posts

ComboFix 08-06-16.2 - sarah 2008-06-16 22:57:15.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.82 [GMT -4:00]
Running from: C:\Documents and Settings\sarah\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\b159.exe
C:\WINDOWS\mrofinu572.exe
.
---- Previous Run -------
.
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\sarah\Application Data\APPATC~1
C:\Documents and Settings\sarah\Application Data\macromedia\Flash Player\#SharedObjects\6AWT2WZ4\www.broadcaster.com
C:\Documents and Settings\sarah\Application Data\macromedia\Flash Player\#SharedObjects\6AWT2WZ4\www.broadcaster.com\played_list.sol
C:\Documents and Settings\sarah\Application Data\macromedia\Flash Player\#SharedObjects\6AWT2WZ4\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\sarah\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\sarah\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\sarah\Application Data\WNSXS~1
C:\Program Files\AntiSpywareMaster
C:\Program Files\Common Files\ymbols~1
C:\Program Files\JavaCore
C:\Program Files\network monitor
C:\Program Files\Svconr
C:\Program Files\Temporary
C:\Program Files\wnsxs~1
C:\WINDOWS\BM339b9883.xml
C:\WINDOWS\c2FyYWg\
C:\WINDOWS\cookies.ini
C:\WINDOWS\curity~1
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cdcddccf.ini
C:\WINDOWS\system32\cdcddccf.ini2
C:\WINDOWS\system32\csyixbtt.ini
C:\WINDOWS\system32\ddyifgnh.ini
C:\WINDOWS\system32\jufhnklt.ini
C:\WINDOWS\system32\mbols~1
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qmxpkmbt.ini
C:\WINDOWS\system32\qnedaknl.ini
C:\WINDOWS\system32\wygteuuq.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Service_cmdService
-------\Service_Network Monitor

((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))
.

2008-06-16 22:22 . 2008-06-16 22:22 <DIR> d-------- C:\Deckard
2008-06-16 20:01 . 2008-06-16 20:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-03 17:10 . 2008-06-03 17:10 73,345 --a------ C:\WINDOWS\system32\{7D0FDCFD-7ED7-2080-1499-7863D3F5E52D}.dll-uninst.exe
2008-06-03 00:20 . 2008-06-03 00:20 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-06-03 00:10 . 2008-06-03 00:10 4,286 --a------ C:\WINDOWS\system32\Jamster.ico
2008-06-02 15:17 . 2008-06-02 15:20 <DIR> d-------- C:\WINDOWS\system32\vntiho01
2008-05-29 10:30 . 2008-05-29 10:30 440,832 --a------ C:\WINDOWS\system32\{7D0FDCFD-7ED7-2080-1499-7863D3F5E52D}.dll
2008-05-28 15:53 . 2008-06-16 22:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-28 15:53 . 2008-05-28 15:53 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 02:51 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-17 02:43 --------- d-----w C:\Documents and Settings\sarah\Application Data\StumbleUpon
2008-06-16 23:01 --------- d-----w C:\Program Files\AIM95
2008-06-16 23:00 --------- d-----w C:\Documents and Settings\sarah\Application Data\Aim
2008-06-16 22:52 --------- d-----w C:\Program Files\ewido anti-spyware 4.0
2008-06-16 20:33 5,096 ----a-w C:\WINDOWS\system32\tmp.reg
2008-06-05 02:10 --------- d-----w C:\Program Files\AOD
2008-06-04 00:37 --------- d-----w C:\Program Files\Dl_cats
2008-05-14 16:42 --------- d-----w C:\Documents and Settings\sarah\Application Data\AdobeUM
2008-04-24 16:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-20 21:59 --------- d-----w C:\Program Files\QuickTime
2008-04-20 21:40 --------- d-----w C:\Program Files\Dell
2008-04-20 21:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-20 21:35 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-04-20 18:28 --------- d-----w C:\Documents and Settings\LocalService\Application Data\StumbleUpon
2008-04-17 04:09 --------- d-----w C:\Documents and Settings\sarah\Application Data\IMG
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2006-07-04 05:43 0 ----a-w C:\Program Files\pspbrwse.jbf
2006-06-28 03:55 0 ----a-w C:\Documents and Settings\sarah\Application Data\internaldb41.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4bf500c8-25b2-43e3-852a-40c578b476f8}]
C:\WINDOWS\system32\fopamdag.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5d4ddd04-8cde-95d8-d5a2-aa9378e6d7b0}]
2008-05-29 10:30 440832 --a------ C:\WINDOWS\system32\{7D0FDCFD-7ED7-2080-1499-7863D3F5E52D}.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"SetDefaultMIDI"="MIDIDef.exe" [2004-10-06 04:23 20992 C:\WINDOWS\MIDIDEF.EXE]
"apoint"="" []
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 19:16 454784]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 17:46 135168]
"Kuckj"="C:\Program Files\Common Files\?ymbols\d?dplay.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48 32881]
"Apoint"="" []
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59 385024]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-03 22:00 344064]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15 290816]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 12:26 606208]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2005-04-22 08:45 290816]
"DLBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 22:41 69632]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-03-15 08:58 135168]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-03-15 08:58 53248]
"CTHelper"="CTHELPER.EXE" [2004-10-06 04:49 14848 C:\WINDOWS\CTHELPER.EXE]
"TypeAgentL"="C:\Program Files\TypeAgent\TypeAgent.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 10:21 48752]
"vptray"="C:\PROGRA~1\SYMANT~2\VPTray.exe" [2005-06-23 20:27 85696]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50 71216]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-02-05 11:28 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15 271672]
"HostManager"="C:\Program Files\Common Files\AOL\1194136224\ee\AOLSoftware.exe" [2007-05-25 13:16 42032]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-02-23 18:27:12 1581138]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-07-25 22:48:20 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"usrbth"= C:\WINDOWS\system32\usrbth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tusspomj]
tusspomj.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^sarah^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\sarah\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2002-06-10 03:15 309760 C:\Program Files\AIM+\AIM+.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2007-02-05 11:28 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1194136224\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AOL 9.1\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R2 MGS;MGS;C:\WINDOWS\system32\IMGrabber2.exe [2005-07-28 05:03]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-30 23:22:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-17 01:43:34 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2006-05-22 03:40:32 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 23:01:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PSSdk23]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv"
.
Completion time: 2008-06-16 23:06:16
ComboFix-quarantined-files.txt 2008-06-17 03:05:37

Pre-Run: 31,425,974,272 bytes free
Post-Run: 31,404,658,688 bytes free

199 --- E O F --- 2008-05-28 07:02:04

#6
Stamper19

Posted 17 June 2008 - 06:13 AM

Expert

Expert
1,992 posts

Hi bubble00,

I see that you are running, or have previously installed, LimeWire. Although this application is not malware itself, the files downloaded with it are often a major source of infection. Hence, I strongly advise that it be removed. If you choose to do so, go to the Add/Remove Programs option in the Control Panel, and Uninstall LimeWire.

----------------------------------------------------------------

We are going to use ComboFix to delete some things.

Copy the entire contents of the Code Box below to Notepad.
Name the file as CFScript.txt
Change the Save as Type to All Files
and Save it on the desktop

File::
C:\WINDOWS\system32\{7D0FDCFD-7ED7-2080-1499-7863D3F5E52D}.dll-uninst.exe
C:\WINDOWS\system32\{7D0FDCFD-7ED7-2080-1499-7863D3F5E52D}.dll
C:\Documents and Settings\sarah\Application Data\internaldb41.dat
C:\WINDOWS\system32\usrbth.exe

Folder::
C:\WINDOWS\system32\vntiho01

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4bf500c8-25b2-43e3-852a-40c578b476f8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5d4ddd04-8cde-95d8-d5a2-aa9378e6d7b0}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kuckj=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"usrbth"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tusspomj]

Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

----------------------------------------------------------------

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

----------------------------------------------------------------

Information to include in your next post:

ComboFix Log
Malwarebytes Log

#7
bubble00

Posted 17 June 2008 - 08:04 AM

Member

Topic Starter
Member
45 posts

ComboFix 08-06-16.2 - sarah 2008-06-17 9:39:24.3 - NTFSx86
Running from: C:\Documents and Settings\sarah\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\sarah\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\sarah\Application Data\internaldb41.dat
C:\WINDOWS\system32\{7D0FDCFD-7ED7-2080-1499-7863D3F5E52D}.dll
C:\WINDOWS\system32\{7D0FDCFD-7ED7-2080-1499-7863D3F5E52D}.dll-uninst.exe
C:\WINDOWS\system32\usrbth.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\sarah\Application Data\internaldb41.dat
C:\WINDOWS\system32\{7D0FDCFD-7ED7-2080-1499-7863D3F5E52D}.dll-uninst.exe
C:\WINDOWS\system32\{7D0FDCFD-7ED7-2080-1499-7863D3F5E52D}.dll
C:\WINDOWS\system32\vntiho01

.
((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))
.

2008-06-16 22:22 . 2008-06-16 22:22 <DIR> d-------- C:\Deckard
2008-06-16 20:01 . 2008-06-16 20:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-16 09:47 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-16 09:47 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-03 00:20 . 2008-06-03 00:20 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-06-03 00:10 . 2008-06-03 00:10 4,286 --a------ C:\WINDOWS\system32\Jamster.ico
2008-05-28 15:53 . 2008-06-17 09:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-28 15:53 . 2008-05-28 15:53 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 13:37 --------- d-----w C:\Documents and Settings\sarah\Application Data\StumbleUpon
2008-06-17 13:10 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-16 23:01 --------- d-----w C:\Program Files\AIM95
2008-06-16 23:00 --------- d-----w C:\Documents and Settings\sarah\Application Data\Aim
2008-06-16 22:52 --------- d-----w C:\Program Files\ewido anti-spyware 4.0
2008-06-16 20:33 5,096 ----a-w C:\WINDOWS\system32\tmp.reg
2008-06-05 02:10 --------- d-----w C:\Program Files\AOD
2008-06-04 00:37 --------- d-----w C:\Program Files\Dl_cats
2008-05-14 16:42 --------- d-----w C:\Documents and Settings\sarah\Application Data\AdobeUM
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-24 16:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 21:59 --------- d-----w C:\Program Files\QuickTime
2008-04-20 21:40 --------- d-----w C:\Program Files\Dell
2008-04-20 21:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-20 21:35 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-04-20 18:28 --------- d-----w C:\Documents and Settings\LocalService\Application Data\StumbleUpon
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-17 04:09 --------- d-----w C:\Documents and Settings\sarah\Application Data\IMG
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2006-07-04 05:43 0 ----a-w C:\Program Files\pspbrwse.jbf
.

((((((((((((((((((((((((((((( snapshot@2008-06-16_23.05.11.68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-07 04:55:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
- 2008-06-17 02:50:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-17 13:06:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-03-01 13:06:20 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2008-03-01 13:06:21 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2008-03-01 13:06:21 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2008-03-01 13:06:21 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2008-03-01 13:06:21 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2008-03-01 13:06:21 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2008-03-01 13:06:21 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2008-03-01 13:06:22 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2008-03-01 13:06:22 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2008-03-01 13:06:24 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2008-03-01 13:06:24 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2008-03-01 13:06:25 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2008-03-01 13:06:25 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2008-03-01 13:06:26 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2008-03-01 13:06:26 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2008-03-01 22:36:30 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2008-03-01 13:06:28 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2008-03-01 13:06:28 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2008-03-01 13:06:29 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2008-03-01 13:06:29 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2008-03-01 13:06:29 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2008-03-01 13:06:29 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2008-03-01 13:06:30 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2008-03-01 13:06:30 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2008-03-01 13:06:31 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
- 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-03-01 13:06:20 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:28 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-03-01 13:06:21 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-04-23 04:16:28 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-03-01 13:06:21 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-03-01 13:06:21 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-03-01 13:06:22 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-03-01 13:06:24 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-03-01 13:06:25 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-03-01 13:06:26 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-03-01 13:06:26 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-03-01 13:06:29 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:28 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2008-03-01 13:06:29 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:28 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
- 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-03-01 13:06:30 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-03-01 22:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-24 02:16:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-03-06 01:22:36 14,048 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-06-17 13:07:07 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_3a0.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"SetDefaultMIDI"="MIDIDef.exe" [2004-10-06 04:23 20992 C:\WINDOWS\MIDIDEF.EXE]
"apoint"="" []
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 19:16 454784]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 17:46 135168]
"Kuckj"="C:\Program Files\Common Files\?ymbols\d?dplay.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48 32881]
"Apoint"="" []
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59 385024]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-03 22:00 344064]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15 290816]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 12:26 606208]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2005-04-22 08:45 290816]
"DLBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 22:41 69632]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-03-15 08:58 135168]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-03-15 08:58 53248]
"CTHelper"="CTHELPER.EXE" [2004-10-06 04:49 14848 C:\WINDOWS\CTHELPER.EXE]
"TypeAgentL"="C:\Program Files\TypeAgent\TypeAgent.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 10:21 48752]
"vptray"="C:\PROGRA~1\SYMANT~2\VPTray.exe" [2005-06-23 20:27 85696]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50 71216]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-02-05 11:28 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15 271672]
"HostManager"="C:\Program Files\Common Files\AOL\1194136224\ee\AOLSoftware.exe" [2007-05-25 13:16 42032]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-02-23 18:27:12 1581138]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-07-25 22:48:20 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^sarah^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\sarah\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2002-06-10 03:15 309760 C:\Program Files\AIM+\AIM+.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2007-02-05 11:28 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1194136224\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AOL 9.1\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R2 MGS;MGS;C:\WINDOWS\system32\IMGrabber2.exe [2005-07-28 05:03]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-30 23:22:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-17 09:56:01 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2006-05-22 03:40:32 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 09:43:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PSSdk23]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv"
.
Completion time: 2008-06-17 9:46:22
ComboFix-quarantined-files.txt 2008-06-17 13:46:03
ComboFix2.txt 2008-06-17 03:06:18

Pre-Run: 31,243,620,352 bytes free
Post-Run: 31,251,222,528 bytes free

322 --- E O F --- 2008-06-17 07:05:11

Malwarebytes' Anti-Malware 1.17
Database version: 863

10:00:40 AM 6/17/2008
mbam-log-6-17-2008 (10-00-40).txt

Scan type: Quick Scan
Objects scanned: 38880
Time elapsed: 6 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\xcsDd01 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

#8
Stamper19

Posted 17 June 2008 - 08:14 AM

Expert

Expert
1,992 posts

Hi bubble00,

We are going to use ComboFix to delete some things.

Copy the entire contents of the Code Box below to Notepad.
Name the file as CFScript.txt
Change the Save as Type to All Files
and Save it on the desktop

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kuckj"=-

Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.

----------------------------------------------------------------

Please clean out your temp files.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

----------------------------------------------------------------

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

----------------------------------------------------------------

Information to include in your next post:

ComboFix Log
Kapersky Scan Log
Let me know how the computer is running

#9
bubble00

Posted 17 June 2008 - 11:55 AM

Member

Topic Starter
Member
45 posts

ComboFix 08-06-16.2 - sarah 2008-06-17 10:27:25.4 - NTFSx86
Running from: C:\Documents and Settings\sarah\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\sarah\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))
.

2008-06-17 09:52 . 2008-06-17 09:52 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 09:52 . 2008-06-17 09:52 <DIR> d-------- C:\Documents and Settings\sarah\Application Data\Malwarebytes
2008-06-17 09:52 . 2008-06-17 09:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-17 09:52 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-17 09:52 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-16 22:22 . 2008-06-16 22:22 <DIR> d-------- C:\Deckard
2008-06-16 20:01 . 2008-06-16 20:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-16 09:47 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-16 09:47 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-03 00:20 . 2008-06-03 00:20 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-06-03 00:10 . 2008-06-03 00:10 4,286 --a------ C:\WINDOWS\system32\Jamster.ico
2008-05-28 15:53 . 2008-06-17 09:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-28 15:53 . 2008-05-28 15:53 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 14:18 --------- d-----w C:\Documents and Settings\sarah\Application Data\StumbleUpon
2008-06-17 13:10 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-16 23:01 --------- d-----w C:\Program Files\AIM95
2008-06-16 23:00 --------- d-----w C:\Documents and Settings\sarah\Application Data\Aim
2008-06-16 22:52 --------- d-----w C:\Program Files\ewido anti-spyware 4.0
2008-06-16 20:33 5,096 ----a-w C:\WINDOWS\system32\tmp.reg
2008-06-05 02:10 --------- d-----w C:\Program Files\AOD
2008-06-04 00:37 --------- d-----w C:\Program Files\Dl_cats
2008-05-14 16:42 --------- d-----w C:\Documents and Settings\sarah\Application Data\AdobeUM
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-24 16:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 21:59 --------- d-----w C:\Program Files\QuickTime
2008-04-20 21:40 --------- d-----w C:\Program Files\Dell
2008-04-20 21:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-20 21:35 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-04-20 18:28 --------- d-----w C:\Documents and Settings\LocalService\Application Data\StumbleUpon
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-17 04:09 --------- d-----w C:\Documents and Settings\sarah\Application Data\IMG
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2006-07-04 05:43 0 ----a-w C:\Program Files\pspbrwse.jbf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"SetDefaultMIDI"="MIDIDef.exe" [2004-10-06 04:23 20992 C:\WINDOWS\MIDIDEF.EXE]
"apoint"="" []
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 19:16 454784]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 17:46 135168]
"Kuckj"="C:\Program Files\Common Files\?ymbols\d?dplay.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48 32881]
"Apoint"="" []
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59 385024]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-03 22:00 344064]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15 290816]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 12:26 606208]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2005-04-22 08:45 290816]
"DLBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 22:41 69632]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-03-15 08:58 135168]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-03-15 08:58 53248]
"CTHelper"="CTHELPER.EXE" [2004-10-06 04:49 14848 C:\WINDOWS\CTHELPER.EXE]
"TypeAgentL"="C:\Program Files\TypeAgent\TypeAgent.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 10:21 48752]
"vptray"="C:\PROGRA~1\SYMANT~2\VPTray.exe" [2005-06-23 20:27 85696]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50 71216]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-02-05 11:28 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15 271672]
"HostManager"="C:\Program Files\Common Files\AOL\1194136224\ee\AOLSoftware.exe" [2007-05-25 13:16 42032]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-02-23 18:27:12 1581138]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-07-25 22:48:20 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^sarah^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\sarah\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2002-06-10 03:15 309760 C:\Program Files\AIM+\AIM+.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2007-02-05 11:28 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1194136224\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AOL 9.1\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R2 MGS;MGS;C:\WINDOWS\system32\IMGrabber2.exe [2005-07-28 05:03]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-30 23:22:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-17 13:57:08 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2006-05-22 03:40:32 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 10:31:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PSSdk23]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv"
.
Completion time: 2008-06-17 10:35:48
ComboFix-quarantined-files.txt 2008-06-17 14:35:10
ComboFix2.txt 2008-06-17 13:46:23
ComboFix3.txt 2008-06-17 03:06:18

Pre-Run: 31,241,207,808 bytes free
Post-Run: 31,224,832,000 bytes free

160 --- E O F --- 2008-06-17 07:05:11

KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, June 17, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, June 17, 2008 15:23:40
Records in database: 876716

Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\

Scan statistics
Files scanned 59765
Threat name 5
Infected objects 23
Suspicious objects 0
Duration of the scan 01:32:11

File name Threat name Threats count
C:\WINDOWS\system32\IMGrabber2.exe/C:\WINDOWS\system32\IMGrabber2.exe Infected: not-a-virus:Monitor.Win32.IMGrabber.a 1

C:\WINDOWS\i2g_cap.dll/C:\WINDOWS\i2g_cap.dll Infected: not-a-virus:Monitor.Win32.IMGrabber.a 1

C:\WINDOWS\i2g_move.dll/C:\WINDOWS\i2g_move.dll Infected: not-a-virus:Monitor.Win32.IMGrabber.a 1

C:\Deckard\System Scanner\backup\DOCUME~1\sarah\LOCALS~1\Temp\!update.exe Infected: Trojan-Downloader.Win32.PurityScan.fk 1

C:\Deckard\System Scanner\backup\DOCUME~1\sarah\LOCALS~1\Temp\NDR1C.tmp Infected: Trojan-Downloader.Win32.PurityScan.fk 1

C:\Deckard\System Scanner\backup\DOCUME~1\sarah\LOCALS~1\Temp\sdexe.exe Infected: Trojan-Downloader.Win32.PurityScan.fk 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08BC0000\48BFC9E4.VBN Infected: Trojan.Win32.Agent.eek 1

C:\QooBox\Quarantine\C\WINDOWS\mrofinu572.exe.vir Infected: Trojan-Downloader.Win32.Homles.br 1

C:\QooBox\Quarantine\C\WINDOWS\system32\{7D0FDCFD-7ED7-2080-1499-7863D3F5E52D}.dll.vir Infected: Trojan.Win32.BHO.dfd 1

C:\WINDOWS\i2c_aim.dll Infected: not-a-virus:Monitor.Win32.IMGrabber.a 1

C:\WINDOWS\i2g_cap.dll Infected: not-a-virus:Monitor.Win32.IMGrabber.a 1

C:\WINDOWS\i2g_move.dll Infected: not-a-virus:Monitor.Win32.IMGrabber.a 1

C:\WINDOWS\i2u_aim.dll Infected: not-a-virus:Monitor.Win32.IMGrabber.a 1

C:\WINDOWS\i2u_close.dll Infected: not-a-virus:Monitor.Win32.IMGrabber.a 1

C:\WINDOWS\imgs.exe Infected: not-a-virus:Monitor.Win32.IMGrabber.a 8

C:\WINDOWS\system32\IMGrabber2.exe Infected: not-a-virus:Monitor.Win32.IMGrabber.a 1

The selected area was scanned.

it seems to be running better no pop ups yet just the symantic warning so i turned it off and deleted the quarentined items and nothing yet.

#10
bubble00

Posted 17 June 2008 - 11:57 AM

Member

Topic Starter
Member
45 posts

I also want to mention the home page was changed to symantec?? odd.

#11
Stamper19

Posted 17 June 2008 - 12:17 PM

Expert

Expert
1,992 posts

Hi bubble00,

Yes, strange that the homepage was changed. You can go ahead and change it back to whatever you like. If you are not sure how to do that then let me know and I will give you instructions.

We almost have this all cleaned up. Couple of more things to take care of.

----------------------------------------------------------------

Lets delete some ill mannered files.

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[b]C:\Program Files\Common Files\?ymbols
C:\WINDOWS\i2c_aim.dll
C:\WINDOWS\i2g_cap.dll
C:\WINDOWS\i2g_move.dll
C:\WINDOWS\i2u_aim.dll
C:\WINDOWS\i2u_close.dll
C:\WINDOWS\imgs.exe[/b]

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

----------------------------------------------------------------

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKCU\..\Run: [Kuckj] "C:\Program Files\Common Files\?ymbols\d?dplay.exe"

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

----------------------------------------------------------------

Information to include in your next post:

OTMoveIt2 Log
Fresh HijackThis Log

#12
bubble00

Posted 17 June 2008 - 01:08 PM

Member

Topic Starter
Member
45 posts

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:35 PM, on 6/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\IMGrabber2.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1194136224\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [TypeAgentL] C:\Program Files\TypeAgent\TypeAgent.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1194136224\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - https://actsvr.comca..... Controls.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MGS - Unknown owner - C:\WINDOWS\system32\IMGrabber2.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10119 bytes

< C:\Program Files\Common Files\?ymbols >
File/Folder [b]C:\Program Files\Common Files\?ymbols not found.
DllUnregisterServer procedure not found in C:\WINDOWS\i2c_aim.dll
C:\WINDOWS\i2c_aim.dll NOT unregistered.
C:\WINDOWS\i2c_aim.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\i2g_cap.dll
C:\WINDOWS\i2g_cap.dll NOT unregistered.
C:\WINDOWS\i2g_cap.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\i2g_move.dll
C:\WINDOWS\i2g_move.dll NOT unregistered.
C:\WINDOWS\i2g_move.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\i2u_aim.dll
C:\WINDOWS\i2u_aim.dll NOT unregistered.
C:\WINDOWS\i2u_aim.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\i2u_close.dll
C:\WINDOWS\i2u_close.dll NOT unregistered.
C:\WINDOWS\i2u_close.dll moved successfully.
< C:\WINDOWS\imgs.exe >

i got an error message when trying to move some things in otmoveit. it said some of the letters had to be numbers??

#13
Stamper19

Posted 17 June 2008 - 01:11 PM

Expert

Expert
1,992 posts

Hi bubble00,

No worries about the error you got with OTMoveIt 2. Everything looks as it should.

Congrats - your logs are all clean

There are still a couple of things you should do for the sake of cleaning up.

---------------------------------------------------------------

Lets delete all the tools we downloaded.

Make sure you have an Internet Connection.
Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
Click on the CleanUp! button
A list of tool components used in the Cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
Click Yes to beging the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

----------------------------------------------------------------

Please clear and reset your system restore points.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb;en-us;310405

----------------------------------------------------------------

Otherwise, unless you have any questions, you are all set. Included below are some tips for keeping your computer malware free in the future.

Cheers,
Stamper

----------------------------------------------------------------

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Make your Internet Explorer more secure - This can be done by following these simple instructions:
- From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
  - Change the Download signed ActiveX controls to Prompt
  - Change the Download unsigned ActiveX controls to Disable
  - Change the Initialize and script ActiveX controls not marked as safe to Disable
  - Change the Installation of desktop items to Prompt
  - Change the Launching programs and files in an IFRAME to Prompt
  - Change the Navigate sub-frames across different domains to Prompt
  - When all these settings have been made, click on the OK button.
  - If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Next press the Apply button and then the OK to exit the Internet Properties page.
Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

A tutorial on installing & using this product can be found here:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

A tutorial on installing & using this product can be found here:

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety

IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software

#14
bubble00

Posted 17 June 2008 - 02:34 PM

Member

Topic Starter
Member
45 posts

Thank you so much! Its so nice to deal with people that actually know what they are doing. Without this website I would have probably had to replace a few computers over the past years. I will be making another donation asap. Thanks again!!!

#15
Stamper19

Posted 17 June 2008 - 02:45 PM

Expert

Expert
1,992 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.