Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Internet Blocked, "Firewalled" all connections [CLOSED]


  • This topic is locked This topic is locked

#1
ucanfindmc

ucanfindmc

    Member

  • Member
  • PipPip
  • 10 posts
i thought i might have the alcon bug, so i followed the steps outlined..with the BTU and the combofix..

but the BTU stalls at 98% everytime..and even though i ran combofix the virus is still present..

symantic (updated 7/4/08) finds nothing during a scan..tried system restore to a month ago..didnt fix it either..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40, on 2008-07-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\AOL\1148517774\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Zango /fleok=1D8A83A5C5EC147C99AA6A2A1FBB39BFE4976E26CAEDA120180A196D6093 - {E1BACF55-35E1-4E47-9247-2D48660E5545} - C:\Program Files\Zango\bin\10.1.181.0\HostIE.dll (file missing)
O3 - Toolbar: Zango - {E1BACF55-35E1-4E47-9247-2D48660E5545} - C:\Program Files\Zango\bin\10.1.181.0\HostIE.dll (file missing)
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148517774\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-21-4115993161-2586952658-1732007561-1008\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe (User 'mike')
O4 - HKUS\S-1-5-21-4115993161-2586952658-1732007561-1008\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'mike')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10322 bytes
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay. I would like a fresh look at your system

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
ucanfindmc

ucanfindmc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
i dont know if it matters or not, but i had to run the scan on a differnt User name than i normally use...for some reason..it switched my primary name to a "limited account" instead of an admisestrator...so i had to use another one to scan..

i can't acess the internet ..so im using another computer and VIA USB stick transferring things back and forth..

here's the scan..thanks again for your help


Deckard's System Scanner v20071014.68
Run by mike on 2008-07-12 14:14:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
42: 2008-07-12 18:14:19 UTC - RP658 - Deckard's System Scanner Restore Point
41: 2008-07-12 01:04:11 UTC - RP657 - System Checkpoint
40: 2008-07-11 00:04:11 UTC - RP656 - System Checkpoint
39: 2008-07-09 23:04:12 UTC - RP655 - System Checkpoint
38: 2008-07-08 23:53:40 UTC - RP654 - Restore Operation


-- First Restore Point --
1: 2008-06-05 22:20:13 UTC - RP617 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 1.08 GiB (less than 15%) free.


-- HijackThis (run as mike.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:15:02 PM, on 7/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\AOL\1148517774\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\mike\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\mike.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...page/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Zango /fleok=1D8A83A5C5EC147C99AA6A2A1FBB39BFE4976E26CAEDA120180A196D6093 - {E1BACF55-35E1-4E47-9247-2D48660E5545} - C:\Program Files\Zango\bin\10.1.181.0\HostIE.dll (file missing)
O3 - Toolbar: Zango - {E1BACF55-35E1-4E47-9247-2D48660E5545} - C:\Program Files\Zango\bin\10.1.181.0\HostIE.dll (file missing)
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148517774\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-21-4115993161-2586952658-1732007561-1005\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe (User 'NateMC21')
O4 - HKUS\S-1-5-21-4115993161-2586952658-1732007561-1005\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User 'NateMC21')
O4 - HKUS\S-1-5-21-4115993161-2586952658-1732007561-1005\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'NateMC21')
O4 - HKUS\S-1-5-21-4115993161-2586952658-1732007561-1005\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (User 'NateMC21')
O4 - HKUS\S-1-5-21-4115993161-2586952658-1732007561-1005\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User 'NateMC21')
O4 - HKUS\S-1-5-21-4115993161-2586952658-1732007561-1005\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'NateMC21')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10912 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 Appdrv - c:\program files\dell\nicconfigsvc\appdrv.sys <Not Verified; Dell Inc; Application Driver>

S3 catchme - c:\combofix\catchme.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 RMSvc (Media Center Extender Resource Monitor) - c:\windows\ehome\rmsvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R2 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01B51028&REV_02\4&2FA23535&0&00F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01B51028&REV_02\4&2FA23535&0&00F0
Service: bcm4sbxp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\1BBEDD214A4FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\1BBEDD214A4FC000
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-07-10 09:39:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-12 and 2008-07-12 -----------------------------

2008-07-08 21:40:13 0 d-------- C:\Program Files\Trend Micro
2008-07-08 00:28:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-07-07 23:35:13 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-07-07 23:31:52 68096 --a------ C:\WINDOWS\zip.exe
2008-07-07 23:31:52 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-07 23:31:52 80412 --a------ C:\WINDOWS\grep.exe
2008-07-07 23:31:51 98816 --a------ C:\WINDOWS\sed.exe
2008-07-07 23:31:51 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-07 23:31:50 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-07 23:31:48 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-07 23:31:46 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-07 22:47:40 0 d-------- C:\bintheredunthat
2008-07-07 22:36:37 0 d-------- C:\bfu
2008-07-07 21:53:33 0 dr-h----- C:\Documents and Settings\NateMC21\Recent
2008-06-23 22:06:04 0 d-------- C:\Program Files\Picasa2


-- Find3M Report ---------------------------------------------------------------

2008-07-12 07:21:58 0 d-------- C:\Program Files\AIM6
2008-07-02 22:59:08 8040 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-07-02 22:58:51 152 -r-hs---- C:\WINDOWS\system32\FB2800BDED.sys
2008-06-23 22:06:16 0 d-------- C:\Program Files\Google
2008-06-11 22:09:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-14 03:08:25 0 d-------- C:\Program Files\Symantec AntiVirus
2008-05-12 22:37:55 0 d-------- C:\Program Files\Windows Media Connect 2


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1BACF55-35E1-4E47-9247-2D48660E5545}]
C:\Program Files\Zango\bin\10.1.181.0\HostIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 03:01 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 09:49 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 09:46 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 09:50 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/29/2005 05:56 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/30/2004 03:59 PM]
"SigmatelSysTrayApp"="stsystra.exe" [09/10/2005 12:19 AM C:\WINDOWS\stsystra.exe]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [10/05/2005 04:12 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/01/2006 03:57 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 11:44 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 11:44 AM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 06:20 AM]
"HostManager"="C:\Program Files\Common Files\AOL\1148517774\ee\AOLSoftware.exe" [05/09/2006 08:24 PM]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [02/17/2006 12:59 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/24/2006 03:10 AM]
"1A:Stardock TrayMonitor"="" []
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [08/31/2005 12:06 PM]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [11/07/2006 03:49 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/21/2006 05:38 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [03/14/2007 07:49 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [09/10/2003 03:24 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 02:39 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"1A:Stardock TrayMonitor"=

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [4/6/2006 5:19:18 PM]
dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [8/24/2006 12:50:38 PM]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [10/20/2005 6:55:40 PM]
VPN Client.lnk - C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [9/20/2007 6:07:57 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 09/07/2004 05:08 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe




-- End of Deckard's System Scanner: finished at 2008-07-12 14:15:36 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.73GHz
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 1015.37 MiB / 531.45 MiB
Pagefile Memory (total/avail): 2441.94 MiB / 1915.77 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1944.56 MiB

C: is Fixed (NTFS) - 49.78 GiB total, 1.08 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (CDFS)
H: is Removable (FAT)

\\.\PHYSICALDRIVE0 - ST960822A - 54.49 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 49.78 GiB - C:
\PARTITION2 - Unknown - 4.64 GiB

\\.\PHYSICALDRIVE1 - SanDisk U3 Cruzer Micro USB Device - 972.69 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 973.43 MiB - H:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Symantec AntiVirus Corporate Edition v10.1.6.6000 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\mike\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DJFWYR91
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\mike
LOGONSERVER=\\DJFWYR91
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\mike\LOCALS~1\Temp
TMP=C:\DOCUME~1\mike\LOCALS~1\Temp
USERDOMAIN=DJFWYR91
USERNAME=mike
USERPROFILE=C:\Documents and Settings\mike
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

NateMC21
L2MFIX (new local, admin)
L2MFIX (new local, admin)
mike (admin)
Administrator (admin)
Guest (new local, guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Alarm 2.0.1 --> "C:\Program Files\Alarm\unins000.exe"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Software Update --> MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}
BitComet 0.97 --> C:\Program Files\BitComet\uninst.exe
BitTorrent 4.20.0 --> "C:\Program Files\BitTorrent\uninstall.exe"
Broadcom Management Programs --> MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Cisco Systems VPN Client 5.0.00.0340 --> MsiExec.exe /X{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Photo Printer 720 --> C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBCUN5C.EXE -dDell Photo Printer 720
Dell Photo Printer 720 Logger --> C:\Program Files\Dell Photo Printer 720\dlbcunst.exe
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ELIcon --> MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
ewido anti-spyware 4.0 --> C:\Program Files\ewido anti-spyware 4.0\Uninstall.exe
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Internal Network Card Power Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Flash Player 8 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
Media Center Extender --> c:\WINDOWS\eHome\DvcConn.exe /uninstall
Media Center Extender --> MsiExec.exe /I{23FE964A-853B-4176-86D7-9E18B5CA1FC0}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA --> MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (1.5.0.12) --> C:\PROGRA~1\MOZILL~1\uninstall\uninstall.exe /ua "1.5.0.12 (en-US)"
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
OpenOffice.org 2.3 --> MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Socialnetworking Helper Adssite --> C:\WINDOWS\system32\AdssiteSocial-uninstall.exe
Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec AntiVirus --> MsiExec.exe /I{50E125D1-88E5-48CE-80AE-98EC9698E639}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TBS WMP Plug-in --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{DB5F474C-B584-417F-810B-DEBBC1893C2A}
The Sims 2 University --> C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims2 University --> C:\WINDOWS\iun6002.exe "C:\Documents and Settings\NateMC21\My Documents\My Music\irunin.ini"
The Sims™ 2 Bon Voyage --> C:\Program Files\EA GAMES\The Sims 2 Bon Voyage\EAUninstall.exe
The Sims™ 2 Deluxe --> C:\Program Files\EA GAMES\The Sims 2 Deluxe\EAUninstall.exe
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URL Assistant --> regsvr32 /u /s "c:\Program Files\BAE\BAE.dll"
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB905589 --> "C:\WINDOWS\$NtUninstallKB905589$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}


-- Application Event Log -------------------------------------------------------

Event Record #/Type3862 / Error
Event Submitted/Written: 07/07/2008 07:22:22 PM
Event ID/Source: 45 / Symantec AntiVirus
Event Description:
Risk: C:\Program Files\ewido anti-spyware 4.0\ewido.exe in File: C:\Program Files\Symantec AntiVirus\DefWatch.exe by: Tamper Protection scan. Action: Blocked. Action Description:

Event Record #/Type3861 / Error
Event Submitted/Written: 07/07/2008 07:22:22 PM
Event ID/Source: 45 / Symantec AntiVirus
Event Description:
Risk: C:\Program Files\ewido anti-spyware 4.0\ewido.exe in File: C:\Program Files\Symantec AntiVirus\DefWatch.exe by: Tamper Protection scan. Action: Blocked. Action Description:

Event Record #/Type3860 / Error
Event Submitted/Written: 07/07/2008 07:22:22 PM
Event ID/Source: 45 / Symantec AntiVirus
Event Description:
Risk: C:\Program Files\ewido anti-spyware 4.0\ewido.exe in File: C:\Program Files\Symantec AntiVirus\DefWatch.exe by: Tamper Protection scan. Action: Blocked. Action Description:

Event Record #/Type3859 / Error
Event Submitted/Written: 07/07/2008 07:22:22 PM
Event ID/Source: 45 / Symantec AntiVirus
Event Description:
Risk: C:\Program Files\ewido anti-spyware 4.0\ewido.exe in File: C:\Program Files\Symantec AntiVirus\DefWatch.exe by: Tamper Protection scan. Action: Blocked. Action Description:

Event Record #/Type3858 / Error
Event Submitted/Written: 07/07/2008 07:22:21 PM
Event ID/Source: 45 / Symantec AntiVirus
Event Description:
Risk: C:\Program Files\ewido anti-spyware 4.0\ewido.exe in File: C:\Program Files\Symantec AntiVirus\DefWatch.exe by: Tamper Protection scan. Action: Blocked. Action Description:



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type55062 / Error
Event Submitted/Written: 07/12/2008 02:13:39 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80U.DLL.
Reference error message: The operation completed successfully.
.

Event Record #/Type55061 / Error
Event Submitted/Written: 07/12/2008 02:13:39 PM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.

Event Record #/Type55060 / Error
Event Submitted/Written: 07/12/2008 02:13:39 PM
Event ID/Source: 32 / SideBySide
Event Description:
Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.

Event Record #/Type55059 / Error
Event Submitted/Written: 07/12/2008 02:13:39 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80U.DLL.
Reference error message: The operation completed successfully.
.

Event Record #/Type55058 / Error
Event Submitted/Written: 07/12/2008 02:13:39 PM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.



-- End of Deckard's System Scanner: finished at 2008-07-12 14:15:36 ------------
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi nothing really jumps out and bites me. However, I see you have netwaiting there may be an error on that when you try to connect. So I will for the moment remove them from the startup list and see if that helps. If any programmes I ask you to download are to big for your USB let me know. Can you access your router from the bad computer ?

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: Zango /fleok=1D8A83A5C5EC147C99AA6A2A1FBB39BFE4976E26CAEDA120180A196D6093 - {E1BACF55-35E1-4E47-9247-2D48660E5545} - C:\Program Files\Zango\bin\10.1.181.0\HostIE.dll (file missing)
O3 - Toolbar: Zango - {E1BACF55-35E1-4E47-9247-2D48660E5545} - C:\Program Files\Zango\bin\10.1.181.0\HostIE.dll (file missing)
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKUS\S-1-5-21-4115993161-2586952658-1732007561-1005\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe (User 'NateMC21')

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

THEN

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet. It is imperative that you install this as it will enable a system recovery in the event of problems

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

For the time being ignore the reference to Recovery console
  • 0

#5
ucanfindmc

ucanfindmc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
sorry for the delay...was away for the weekend..

i couldnt download the recovery console, too big for the usb stick..

here are the combo fix logs and new hijack this log


ComboFix 08-07-05.1 - mike 2008-07-12 22:04:06.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.533 [GMT -4:00]
Running from: H:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\mike\Application Data\urlredir.cfg
C:\Documents and Settings\NateMC21\Application Data\urlredir.cfg
C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll
C:\Program Files\system files
C:\Program Files\system files\kwdata.cdb
C:\Program Files\system files\Uninstall.exe
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\nsb1310.dll
C:\WINDOWS\system32\rightonadz-uninst.exe
C:\WINDOWS\uninst2.htm
C:\WINDOWS\unist1.htm

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWS_OVERLAY_COMPONENTS


((((((((((((((((((((((((( Files Created from 2008-06-13 to 2008-07-13 )))))))))))))))))))))))))))))))
.

2008-07-12 14:14 . 2008-07-12 14:14 <DIR> d-------- C:\Deckard
2008-07-08 21:40 . 2008-07-08 21:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-08 00:13 . 2008-07-08 00:13 1,891 --a------ C:\WINDOWS\imsins.BAK
2008-07-07 22:47 . 2008-07-07 22:47 <DIR> d-------- C:\bintheredunthat
2008-07-07 22:36 . 2008-07-07 22:36 <DIR> d-------- C:\bfu
2008-07-03 08:04 . 2008-07-03 08:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-03 08:04 . 2008-07-03 08:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-23 22:06 . 2008-06-23 22:06 <DIR> d-------- C:\Program Files\Picasa2
2008-06-23 22:06 . 2006-10-04 22:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-06-23 22:06 . 2006-10-04 22:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 11:21 --------- d-----w C:\Program Files\AIM6
2008-07-12 11:21 --------- d-----w C:\Documents and Settings\NateMC21\Application Data\OpenOffice.org2
2008-07-12 11:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-07-07 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-03 02:59 8,040 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-24 02:06 --------- d-----w C:\Program Files\Google
2008-06-21 00:17 --------- d-----w C:\Documents and Settings\NateMC21\Application Data\LimeWire
2008-06-18 02:00 --------- d-----w C:\Documents and Settings\NateMC21\Application Data\U3
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-12 02:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 07:08 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-05-13 02:37 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-17 10:46 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2006-07-26 04:54 517 ----a-w C:\Program Files\Common Files\hore
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 03:24 20480]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:39 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 21:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 21:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 21:50 114688]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 05:56 761947]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59 385024]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"HostManager"="C:\Program Files\Common Files\AOL\1148517774\ee\AOLSoftware.exe" [2006-05-09 20:24 50760]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 12:59 124520]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-24 03:10 185896]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 12:06 106496]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 15:49 1121280]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 17:38 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 19:49 125632]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 00:19 393216 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-04-06 17:19:18 24576]
dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [2006-08-24 12:50:38 315392]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 18:55:40 18432]
VPN Client.lnk - C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2007-09-20 18:07:57 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=

R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 18:55]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 06:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-07-10 13:39:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{E1BACF55-35E1-4E47-9247-2D48660E5545} - (no file)
Toolbar-{E1BACF55-35E1-4E47-9247-2D48660E5545} - (no file)
HKLM-Run-1A:Stardock TrayMonitor - (no file)
HKLM-RunServices-1A:Stardock TrayMonitor - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 22:06:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-12 22:07:42
ComboFix-quarantined-files.txt 2008-07-13 02:07:34
ComboFix2.txt 2006-08-10 02:51:45

Pre-Run: 1,172,164,608 bytes free
Post-Run: 1,160,245,248 bytes free

140 --- E O F --- 2008-06-20 07:01:09


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:41 PM, on 7/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\AOL\1148517774\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...page/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148517774\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-21-4115993161-2586952658-1732007561-1005\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User 'NateMC21')
O4 - HKUS\S-1-5-21-4115993161-2586952658-1732007561-1005\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'NateMC21')
O4 - HKUS\S-1-5-21-4115993161-2586952658-1732007561-1005\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (User 'NateMC21')
O4 - HKUS\S-1-5-21-4115993161-2586952658-1732007561-1005\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'NateMC21')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10418 bytes
  • 0

#6
ucanfindmc

ucanfindmc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
access the router?...

i have plugged in an ethernet cable from the laptop to the router..

it wont connect...says "aquiring system address" ...but never does...

its not only not allowing me to connect wirelessly..but it wont even find a signal....even though i know its broadcasting..because im using it on this computer..

thanks again
mc
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
We are now starting to get beyond my knowledge as this does not appear malware related. SO before I do anything else lets flush your dns

In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically

Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be avaiable one some systems
Next Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)

If you could let me know the result
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP