Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"Warning! Spyware detected on your computer!"


  • Please log in to reply

#1
murphy82

murphy82

    New Member

  • Member
  • Pip
  • 1 posts
Hello. I'm a bit ignorant with computer terminology, and I guess I'm learning all the time;t I thought I should check this all out with somebody.
On or around July 17th or 18th, I downloaded something from the BBC (a little program that I had download previously on our other much older computer),and then shut down the computer for the evening. The next morning, when I turned it on, this awful blue screen with the words "Warning! Spyware detected on your computer!" in a yellow rectangular box. It appeared to look to me more like a desktop image, than an actual 'warning' from my computer. When I tried to change the desktop, the option (tab) was completely gone. I had just added memory to the computer about a month ago, but everything had slowed down, or was not working properly or freezing up. My desktop icons images had changed,and some were actually gone. Then, within a half hour or so, if I wasn't using it, this other bloody blue screen popped up, with this longer warning on it, and then it would 'loop' around to a 'windows' loading screen (like a screensaver). It would keep this up until I hit 'enter'. Anyway, I installed "Webroot Spysweeper', and ran it several times over the next few days,along with Ad-Aware, and it did pull out quite a bit. Over the next week,(after reading through some other forums) I was able to track down,and delete a few things, but others were immovable, and my computer was still sluggish. I was able to get rid of the yellow warning box, but still unable to change the desktop, or get rid of that 'screensaver". The a couple of days ago, I was on "Bleepingcomputer", and they had a link to your site, and the "Combofix" program. To make a long story a bit shorter, I downloaded it (was a bit nervous..)and ran it, and since then,...everything 'seems' back to normal! My desktop options are back,....and everything seems to be fine. I had read that even if this is the case, I should post the log from combofix anyway,for someone to check as there still may be some problems I may be unaware of,...so here it is:

ComboFix 08-07-25.7 - Mo-Mo 2008-07-26 13:14:10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.654 [GMT -4:00]
Running from: C:\Documents and Settings\Mo-Mo\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Mo-Mo\Application Data\DOBE~1
C:\Documents and Settings\Mo-Mo\Application Data\macromedia\Flash Player\#SharedObjects\XBGAGAZT\interclick.com
C:\Documents and Settings\Mo-Mo\Application Data\macromedia\Flash Player\#SharedObjects\XBGAGAZT\interclick.com\ud.sol
C:\Documents and Settings\Mo-Mo\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Mo-Mo\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Mo-Mo\Application Data\ptads.bin
C:\Documents and Settings\Mo-Mo\Application Data\WNSXS~1
C:\Documents and Settings\Mo-Mo\Application Data\YSTEM3~1
C:\Documents and Settings\Mo-Mo\My Documents\ASKS~1
C:\Documents and Settings\Mo-Mo\My Documents\CURITY~1
C:\Documents and Settings\Mo-Mo\My Documents\DOBE~1
C:\Documents and Settings\Mo-Mo\My Documents\PPATCH~1
C:\Documents and Settings\Mo-Mo\My Documents\STEM32~1
C:\Program Files\appatc~1
C:\Program Files\asembl~1
C:\Program Files\asks~1
C:\Program Files\asks~2
C:\Program Files\Common Files\crosof~1.net
C:\Program Files\Common Files\curity~1
C:\Program Files\Common Files\dobe~1
C:\Program Files\Common Files\ecurit~1
C:\Program Files\Common Files\icroso~1.net
C:\Program Files\Common Files\mantec~1
C:\Program Files\Common Files\mbols~1
C:\Program Files\Common Files\scurit~1
C:\Program Files\Common Files\sembly~1
C:\Program Files\Common Files\smante~1
C:\Program Files\Common Files\sstem3~1
C:\Program Files\Common Files\ymante~1
C:\Program Files\Common Files\ymbols~1
C:\Program Files\Common Files\ystem3~1
C:\Program Files\crosof~1.net
C:\Program Files\dobe~1
C:\Program Files\fnts~1
C:\Program Files\mcroso~1
C:\Program Files\scurit~1
C:\Program Files\sembly~1
C:\Program Files\ssembl~1
C:\Program Files\sstem~1
C:\Program Files\tsks~1
C:\Program Files\ymbols~1
C:\WINDOWS\asembl~1
C:\WINDOWS\crosof~1.net
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\fnts~1
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\icroso~1
C:\WINDOWS\NDNuninstall5_64.exe
C:\WINDOWS\ppatch~1
C:\WINDOWS\pppatc~1
C:\WINDOWS\racle~1
C:\WINDOWS\smbols~1
C:\WINDOWS\system32\asks~1
C:\WINDOWS\system32\blphcrvoj0erdr.scr
C:\WINDOWS\system32\crosof~1.net
C:\WINDOWS\system32\curity~1
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\icroso~1
C:\WINDOWS\system32\mcroso~1
C:\WINDOWS\system32\ppatch~1
C:\WINDOWS\system32\sembly~1
C:\WINDOWS\system32\sks~1
C:\WINDOWS\system32\stem~1
C:\WINDOWS\system32\uninstall.exe
C:\WINDOWS\system32\wnsintsu.exe
C:\WINDOWS\system32\wnsintsv32.exe
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\system32\ymbols~1

.
((((((((((((((((((((((((( Files Created from 2008-06-26 to 2008-07-26 )))))))))))))))))))))))))))))))
.

2008-07-18 20:13 . 2008-07-18 20:13 <DIR> d-------- C:\ZBCDBackup
2008-07-18 11:11 . 2008-07-18 11:11 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-07-18 11:10 . 2003-06-09 12:53 <DIR> d-------- C:\Documents and Settings\Administrator.DF3ZRW21\WINDOWS
2008-07-18 11:10 . 2008-07-18 11:10 <DIR> d-------- C:\Documents and Settings\Administrator.DF3ZRW21
2008-07-17 21:19 . 2008-07-17 21:19 <DIR> d-------- C:\Program Files\Webroot
2008-07-17 21:19 . 2008-07-17 21:19 <DIR> d-------- C:\Documents and Settings\Mo-Mo\Application Data\Webroot
2008-07-17 21:19 . 2008-07-17 21:19 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-17 21:19 . 2008-07-17 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-17 21:19 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-07-17 21:19 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssidrv.sys
2008-07-17 21:19 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys
2008-07-17 21:19 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sshrmd.sys
2008-07-17 21:19 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SSFS0BB9.sys
2008-07-16 21:33 . 2008-07-17 20:34 <DIR> d-------- C:\Program Files\Mini Oddie
2008-07-10 11:08 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-26 15:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-21 16:02 --------- d-----w C:\Program Files\DVDStyler
2008-07-20 15:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-07-18 23:57 --------- d-----w C:\Documents and Settings\Mo-Mo\Application Data\ZoomBrowser EX
2008-07-18 19:07 --------- d-----w C:\Program Files\Lavasoft
2008-07-18 19:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-18 17:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-10 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-05 18:06 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-05 16:53 --------- d-----w C:\Documents and Settings\Mo-Mo\Application Data\AdobeUM
2008-06-25 12:44 --------- d-----w C:\Program Files\Juno6
2008-06-21 22:08 --------- d-----w C:\Program Files\CONEXANT
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-28 14:54 --------- d-----w C:\Program Files\Simple Family Tree
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\SYSTEM32\lsdelete.exe
2008-05-08 12:28 202,752 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2005-02-26 20:34 4,816,320 -c--a-w C:\Program Files\Firefox Setup 1.0.1.exe
2005-01-28 06:34 6,531,728 -c--a-w C:\Program Files\MicrosoftAntiSpywareInstall.exe
2004-07-19 12:35 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
2003-06-09 16:56 207,759 -c--a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"Juno_uoltray"="C:\Program Files\Juno6\exec.exe" [2008-05-06 21:17 1701376]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-31 15:28 68856]
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2003-08-01 11:31 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-06-09 13:00 151597]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2004-12-06 22:31 36975]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 12:28 684032]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"QAGENT"="C:\Program Files\QUICKENW\QAGENT.EXE" [2001-08-01 13:30 94208]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\kdx\\khost.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\AIM\\aim.exe"=

R2 AvSynMgr;AVSync Manager;C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe [2003-06-03 07:03]
R2 mrtRate;mrtRate;C:\WINDOWS\system32\drivers\mrtRate.sys [2001-02-28 11:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a28ac340-88ea-11dc-a48a-000bdb2bc473}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-07-26 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D3CAD570-D6AB-4D40-82E7-F5CDCEB3F3C8}.job - C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 19:36]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe
HKLM-Run-PicasaNet - C:\Program Files\Hello\Hello.exe
HKLM-Run-NI.UWFX5 - C:\Documents and Settings\Mo-Mo\Local Settings\Temporary Internet Files\Content.IE5\G1MZOXUN\WinFixer2005ScannerInstall[1].exe
HKLM-Run-lphcrvoj0erdr - C:\WINDOWS\system32\lphcrvoj0erdr.exe
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://+/
R0 -: HKCU-Main,Search Bar = hxxp://my.juno.com/s/search?r=minisearch
R0 -: HKCU-Main,SEARCH PAGE = hxxp://my.juno.com/s/search?r=minisearch
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKLM-Main,Default_Search_URL = hxxp://my.juno.com/s/search?r=minisearch
R0 -: HKLM-Main,Search Page = hxxp://my.juno.com/s/search?r=minisearch
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://my.juno.com/s/search?r=minisearch
R0 -: HKLM-Search,SearchAssistant = hxxp://my.juno.com/s/search?r=minisearch
O8 -: C:\PROGRA~1\COMMON~1\BTLINK\btlink.dll//iemenu
O8 -: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 -: Display All Images with Full Quality - "C:\Program Files\Juno6\qsacc\appres.dll/228"
O8 -: Display Image with Full Quality - "C:\Program Files\Juno6\qsacc\appres.dll/227"
O9 -: {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\default-mujer\local.htm

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {21F16767-8DA7-4113-BEB0-F161B313407F} - hxxp://www.mediaforge.com/downloads/xmirage.exe

O16 -: {B5234F42-BD65-4567-BC32-5A6AEA0DB1C3} - hxxp://webpdp.gator.com/v3/download/pdpplugin5093_hd3ptdmgainads.cab
C:\WINDOWS\Downloaded Program Files\PdpPlugin5093.inf
C:\WINDOWS\Downloaded Program Files\AxeSubstituteContentRevEric.axe
C:\WINDOWS\Downloaded Program Files\AxeDialog_5090.dll
C:\WINDOWS\Downloaded Program Files\PdpPlugin5093.dll

O16 -: {CA034DCC-A580-4333-B52F-15F98C42E04C} - hxxp://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
C:\WINDOWS\Downloaded Program Files\dwnldr.inf
C:\WINDOWS\Downloaded Program Files\dwnldr.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-26 13:19:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-26 13:22:20
ComboFix-quarantined-files.txt 2008-07-26 17:21:37

Pre-Run: 28,645,859,328 bytes free
Post-Run: 28,830,642,176 bytes free

224 --- E O F --- 2008-07-20 20:05:02





I hope thats right ;-)
Thank you!


P.S.
Just did "hijack this. Here's the log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:56 PM, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Juno6\exec.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\system32\msfeedssync.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Juno6\exec.exe
C:\Program Files\Juno6\qsacc\x1exec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s...ch?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://+/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s...ch?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s...ch?r=minisearch
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\Juno6\SearchEnh1.dll
O1 - Hosts: 64.12.152.18 search.netscape.com
O1 - Hosts: indows.
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\Juno6\qsacc\X1IEBHO.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno6\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QAGENT] "C:\Program Files\QUICKENW\QAGENT.EXE"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Juno_uoltray] "C:\Program Files\Juno6\exec.exe" regrun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AIM] "C:\PROGRA~1\AIM\aim.exe" -cnetwait.odl
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONQNOTE.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\Juno6\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\Juno6\qsacc\appres.dll/227"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Mujer Activa - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\default-mujer\local.htm (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) - http://mirror.worldw...mines/mines.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {21F16767-8DA7-4113-BEB0-F161B313407F} (XMirage Control) - http://www.mediaforg...ads/xmirage.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://mirror.worldw...ut/brickout.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Puzzle Control) - http://mirror.worldw...gsaw/jigsaw.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://mirror.worldw...ck/bjattack.cab
O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://mirror.worldw...shape/shape.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldw...x/blockwerx.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/...t/atomaders.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yim...ctl_0_0_0_1.ocx
O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) - http://mirror.worldw...se/collapse.cab
O16 - DPF: {7BC394DE-07B8-412B-9F98-52E7E7A4ABD4} (Pencil Wars Control) - http://mirror.worldw...y/territory.cab
O16 - DPF: {90B7E2B3-2E56-4571-9E54-823E33C4B4B4} (TracMan Control) - http://mirror.worldw...man/tracman.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://mirror.worldw...cubis/cubis.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldw...apit/swapit.cab
O16 - DPF: {B5234F42-BD65-4567-BC32-5A6AEA0DB1C3} - http://webpdp.gator....ptdmgainads.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab27513.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldw...ty/tilecity.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup141.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by13fd.bay13....ex/HMAtchmt.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://moviefone.kon...ry/main/kdx.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldw...ool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{276B5227-7BCA-48E5-8786-BB5D58F486C4}: NameServer = 64.136.44.74 64.136.52.74
O17 - HKLM\System\CS1\Services\Tcpip\..\{276B5227-7BCA-48E5-8786-BB5D58F486C4}: NameServer = 64.136.44.74 64.136.52.74
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 1: Intelligent Explorer[ieplugin.com] OnScreen Portal - http://active.ieplug...ctive/?14661566

--
End of file - 12717 bytes


If anybody has the time,....it's appreciated.

Edited by murphy82, 31 July 2008 - 10:14 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP