On or around July 17th or 18th, I downloaded something from the BBC (a little program that I had download previously on our other much older computer),and then shut down the computer for the evening. The next morning, when I turned it on, this awful blue screen with the words "Warning! Spyware detected on your computer!" in a yellow rectangular box. It appeared to look to me more like a desktop image, than an actual 'warning' from my computer. When I tried to change the desktop, the option (tab) was completely gone. I had just added memory to the computer about a month ago, but everything had slowed down, or was not working properly or freezing up. My desktop icons images had changed,and some were actually gone. Then, within a half hour or so, if I wasn't using it, this other bloody blue screen popped up, with this longer warning on it, and then it would 'loop' around to a 'windows' loading screen (like a screensaver). It would keep this up until I hit 'enter'. Anyway, I installed "Webroot Spysweeper', and ran it several times over the next few days,along with Ad-Aware, and it did pull out quite a bit. Over the next week,(after reading through some other forums) I was able to track down,and delete a few things, but others were immovable, and my computer was still sluggish. I was able to get rid of the yellow warning box, but still unable to change the desktop, or get rid of that 'screensaver". The a couple of days ago, I was on "Bleepingcomputer", and they had a link to your site, and the "Combofix" program. To make a long story a bit shorter, I downloaded it (was a bit nervous..)and ran it, and since then,...everything 'seems' back to normal! My desktop options are back,....and everything seems to be fine. I had read that even if this is the case, I should post the log from combofix anyway,for someone to check as there still may be some problems I may be unaware of,...so here it is:
ComboFix 08-07-25.7 - Mo-Mo 2008-07-26 13:14:10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.654 [GMT -4:00]
Running from: C:\Documents and Settings\Mo-Mo\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Mo-Mo\Application Data\DOBE~1
C:\Documents and Settings\Mo-Mo\Application Data\macromedia\Flash Player\#SharedObjects\XBGAGAZT\interclick.com
C:\Documents and Settings\Mo-Mo\Application Data\macromedia\Flash Player\#SharedObjects\XBGAGAZT\interclick.com\ud.sol
C:\Documents and Settings\Mo-Mo\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Mo-Mo\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Mo-Mo\Application Data\ptads.bin
C:\Documents and Settings\Mo-Mo\Application Data\WNSXS~1
C:\Documents and Settings\Mo-Mo\Application Data\YSTEM3~1
C:\Documents and Settings\Mo-Mo\My Documents\ASKS~1
C:\Documents and Settings\Mo-Mo\My Documents\CURITY~1
C:\Documents and Settings\Mo-Mo\My Documents\DOBE~1
C:\Documents and Settings\Mo-Mo\My Documents\PPATCH~1
C:\Documents and Settings\Mo-Mo\My Documents\STEM32~1
C:\Program Files\appatc~1
C:\Program Files\asembl~1
C:\Program Files\asks~1
C:\Program Files\asks~2
C:\Program Files\Common Files\crosof~1.net
C:\Program Files\Common Files\curity~1
C:\Program Files\Common Files\dobe~1
C:\Program Files\Common Files\ecurit~1
C:\Program Files\Common Files\icroso~1.net
C:\Program Files\Common Files\mantec~1
C:\Program Files\Common Files\mbols~1
C:\Program Files\Common Files\scurit~1
C:\Program Files\Common Files\sembly~1
C:\Program Files\Common Files\smante~1
C:\Program Files\Common Files\sstem3~1
C:\Program Files\Common Files\ymante~1
C:\Program Files\Common Files\ymbols~1
C:\Program Files\Common Files\ystem3~1
C:\Program Files\crosof~1.net
C:\Program Files\dobe~1
C:\Program Files\fnts~1
C:\Program Files\mcroso~1
C:\Program Files\scurit~1
C:\Program Files\sembly~1
C:\Program Files\ssembl~1
C:\Program Files\sstem~1
C:\Program Files\tsks~1
C:\Program Files\ymbols~1
C:\WINDOWS\asembl~1
C:\WINDOWS\crosof~1.net
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\fnts~1
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\icroso~1
C:\WINDOWS\NDNuninstall5_64.exe
C:\WINDOWS\ppatch~1
C:\WINDOWS\pppatc~1
C:\WINDOWS\racle~1
C:\WINDOWS\smbols~1
C:\WINDOWS\system32\asks~1
C:\WINDOWS\system32\blphcrvoj0erdr.scr
C:\WINDOWS\system32\crosof~1.net
C:\WINDOWS\system32\curity~1
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\icroso~1
C:\WINDOWS\system32\mcroso~1
C:\WINDOWS\system32\ppatch~1
C:\WINDOWS\system32\sembly~1
C:\WINDOWS\system32\sks~1
C:\WINDOWS\system32\stem~1
C:\WINDOWS\system32\uninstall.exe
C:\WINDOWS\system32\wnsintsu.exe
C:\WINDOWS\system32\wnsintsv32.exe
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\system32\ymbols~1
.
((((((((((((((((((((((((( Files Created from 2008-06-26 to 2008-07-26 )))))))))))))))))))))))))))))))
.
2008-07-18 20:13 . 2008-07-18 20:13 <DIR> d-------- C:\ZBCDBackup
2008-07-18 11:11 . 2008-07-18 11:11 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-07-18 11:10 . 2003-06-09 12:53 <DIR> d-------- C:\Documents and Settings\Administrator.DF3ZRW21\WINDOWS
2008-07-18 11:10 . 2008-07-18 11:10 <DIR> d-------- C:\Documents and Settings\Administrator.DF3ZRW21
2008-07-17 21:19 . 2008-07-17 21:19 <DIR> d-------- C:\Program Files\Webroot
2008-07-17 21:19 . 2008-07-17 21:19 <DIR> d-------- C:\Documents and Settings\Mo-Mo\Application Data\Webroot
2008-07-17 21:19 . 2008-07-17 21:19 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-17 21:19 . 2008-07-17 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-17 21:19 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-07-17 21:19 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssidrv.sys
2008-07-17 21:19 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys
2008-07-17 21:19 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sshrmd.sys
2008-07-17 21:19 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SSFS0BB9.sys
2008-07-16 21:33 . 2008-07-17 20:34 <DIR> d-------- C:\Program Files\Mini Oddie
2008-07-10 11:08 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-26 15:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-21 16:02 --------- d-----w C:\Program Files\DVDStyler
2008-07-20 15:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-07-18 23:57 --------- d-----w C:\Documents and Settings\Mo-Mo\Application Data\ZoomBrowser EX
2008-07-18 19:07 --------- d-----w C:\Program Files\Lavasoft
2008-07-18 19:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-18 17:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-10 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-05 18:06 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-05 16:53 --------- d-----w C:\Documents and Settings\Mo-Mo\Application Data\AdobeUM
2008-06-25 12:44 --------- d-----w C:\Program Files\Juno6
2008-06-21 22:08 --------- d-----w C:\Program Files\CONEXANT
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-28 14:54 --------- d-----w C:\Program Files\Simple Family Tree
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\SYSTEM32\lsdelete.exe
2008-05-08 12:28 202,752 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2005-02-26 20:34 4,816,320 -c--a-w C:\Program Files\Firefox Setup 1.0.1.exe
2005-01-28 06:34 6,531,728 -c--a-w C:\Program Files\MicrosoftAntiSpywareInstall.exe
2004-07-19 12:35 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
2003-06-09 16:56 207,759 -c--a-w C:\Program Files\INSTALL.LOG
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"Juno_uoltray"="C:\Program Files\Juno6\exec.exe" [2008-05-06 21:17 1701376]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-31 15:28 68856]
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2003-08-01 11:31 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-06-09 13:00 151597]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2004-12-06 22:31 36975]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 12:28 684032]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"QAGENT"="C:\Program Files\QUICKENW\QAGENT.EXE" [2001-08-01 13:30 94208]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\kdx\\khost.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
R2 AvSynMgr;AVSync Manager;C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe [2003-06-03 07:03]
R2 mrtRate;mrtRate;C:\WINDOWS\system32\drivers\mrtRate.sys [2001-02-28 11:42]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a28ac340-88ea-11dc-a48a-000bdb2bc473}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-07-26 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D3CAD570-D6AB-4D40-82E7-F5CDCEB3F3C8}.job - C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 19:36]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe
HKLM-Run-PicasaNet - C:\Program Files\Hello\Hello.exe
HKLM-Run-NI.UWFX5 - C:\Documents and Settings\Mo-Mo\Local Settings\Temporary Internet Files\Content.IE5\G1MZOXUN\WinFixer2005ScannerInstall[1].exe
HKLM-Run-lphcrvoj0erdr - C:\WINDOWS\system32\lphcrvoj0erdr.exe
Notify-WgaLogon - (no file)
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://+/
R0 -: HKCU-Main,Search Bar = hxxp://my.juno.com/s/search?r=minisearch
R0 -: HKCU-Main,SEARCH PAGE = hxxp://my.juno.com/s/search?r=minisearch
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKLM-Main,Default_Search_URL = hxxp://my.juno.com/s/search?r=minisearch
R0 -: HKLM-Main,Search Page = hxxp://my.juno.com/s/search?r=minisearch
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://my.juno.com/s/search?r=minisearch
R0 -: HKLM-Search,SearchAssistant = hxxp://my.juno.com/s/search?r=minisearch
O8 -: C:\PROGRA~1\COMMON~1\BTLINK\btlink.dll//iemenu
O8 -: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 -: Display All Images with Full Quality - "C:\Program Files\Juno6\qsacc\appres.dll/228"
O8 -: Display Image with Full Quality - "C:\Program Files\Juno6\qsacc\appres.dll/227"
O9 -: {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\default-mujer\local.htm
O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {21F16767-8DA7-4113-BEB0-F161B313407F} - hxxp://www.mediaforge.com/downloads/xmirage.exe
O16 -: {B5234F42-BD65-4567-BC32-5A6AEA0DB1C3} - hxxp://webpdp.gator.com/v3/download/pdpplugin5093_hd3ptdmgainads.cab
C:\WINDOWS\Downloaded Program Files\PdpPlugin5093.inf
C:\WINDOWS\Downloaded Program Files\AxeSubstituteContentRevEric.axe
C:\WINDOWS\Downloaded Program Files\AxeDialog_5090.dll
C:\WINDOWS\Downloaded Program Files\PdpPlugin5093.dll
O16 -: {CA034DCC-A580-4333-B52F-15F98C42E04C} - hxxp://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
C:\WINDOWS\Downloaded Program Files\dwnldr.inf
C:\WINDOWS\Downloaded Program Files\dwnldr.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-26 13:19:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-26 13:22:20
ComboFix-quarantined-files.txt 2008-07-26 17:21:37
Pre-Run: 28,645,859,328 bytes free
Post-Run: 28,830,642,176 bytes free
224 --- E O F --- 2008-07-20 20:05:02
I hope thats right ;-)
Thank you!
P.S.
Just did "hijack this. Here's the log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:56 PM, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Juno6\exec.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\system32\msfeedssync.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Juno6\exec.exe
C:\Program Files\Juno6\qsacc\x1exec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s...ch?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://+/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s...ch?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s...ch?r=minisearch
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\Juno6\SearchEnh1.dll
O1 - Hosts: 64.12.152.18 search.netscape.com
O1 - Hosts: indows.
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\Juno6\qsacc\X1IEBHO.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno6\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QAGENT] "C:\Program Files\QUICKENW\QAGENT.EXE"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Juno_uoltray] "C:\Program Files\Juno6\exec.exe" regrun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AIM] "C:\PROGRA~1\AIM\aim.exe" -cnetwait.odl
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONQNOTE.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\Juno6\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\Juno6\qsacc\appres.dll/227"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Mujer Activa - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\default-mujer\local.htm (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) - http://mirror.worldw...mines/mines.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {21F16767-8DA7-4113-BEB0-F161B313407F} (XMirage Control) - http://www.mediaforg...ads/xmirage.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://mirror.worldw...ut/brickout.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Puzzle Control) - http://mirror.worldw...gsaw/jigsaw.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://mirror.worldw...ck/bjattack.cab
O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://mirror.worldw...shape/shape.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldw...x/blockwerx.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/...t/atomaders.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yim...ctl_0_0_0_1.ocx
O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) - http://mirror.worldw...se/collapse.cab
O16 - DPF: {7BC394DE-07B8-412B-9F98-52E7E7A4ABD4} (Pencil Wars Control) - http://mirror.worldw...y/territory.cab
O16 - DPF: {90B7E2B3-2E56-4571-9E54-823E33C4B4B4} (TracMan Control) - http://mirror.worldw...man/tracman.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://mirror.worldw...cubis/cubis.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldw...apit/swapit.cab
O16 - DPF: {B5234F42-BD65-4567-BC32-5A6AEA0DB1C3} - http://webpdp.gator....ptdmgainads.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab27513.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldw...ty/tilecity.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup141.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by13fd.bay13....ex/HMAtchmt.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://moviefone.kon...ry/main/kdx.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldw...ool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{276B5227-7BCA-48E5-8786-BB5D58F486C4}: NameServer = 64.136.44.74 64.136.52.74
O17 - HKLM\System\CS1\Services\Tcpip\..\{276B5227-7BCA-48E5-8786-BB5D58F486C4}: NameServer = 64.136.44.74 64.136.52.74
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 1: Intelligent Explorer[ieplugin.com] OnScreen Portal - http://active.ieplug...ctive/?14661566
--
End of file - 12717 bytes
If anybody has the time,....it's appreciated.
Edited by murphy82, 31 July 2008 - 10:14 AM.