|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
03-18-2007, 05:27 PM
|
#1 (permalink) |
|
Registered User
Join Date: Mar 2007
Location: SF Bay Area
Posts: 23
OS: xp
|
keep getting random webpages
While I was surfing the net ( I have a Dell and run Windows XP home) my Norton said I had multiple viruses. I ran a full system scan using my Norton as well as AVG and Spybot. At first it didn't fix anything and my computer was acting really weird. When I tried to connect to the internet it would not do so right away and I had to wait for like 20 seconds which is not normal. Once online I was getting random webpages that were popping up every couple of minutes even though I have a popup blocker that has always worked great in the past. My computer also kept making the clicking noise that happens when you open a new webpage, even though there werent any new pages coming up at that exact time.
I shut my computer down for the night and when I got back on it this morning my AVG ran a scan and detected about 16 different viruses that were mainly Trojan horses. AVG somewhat fixed the problem because I am now able to get online without having to wait like 20 seconds. Im still getting random webpages popping up about every 10-20 minutes. The clicking sounds seems to come and go. I downloaded hijackthis and I am wanting someone to tell me which stuff to delete. I have read that I should not delete or fix anything without getting help first. The following is the scan that I just did. I would be very thankful if someone can help me through this. Thanks. Logfile of HijackThis v1.99.1 Scan saved at 3:52:55 PM, on 3/18/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {b6788d55-afae-41be-a648-5de331485574} - C:\WINDOWS\system32\h32ime.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [bikini] bikini.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\ljgdcd.dll",setvm O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O20 - Winlogon Notify: h32ime - C:\WINDOWS\SYSTEM32\h32ime.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe |
|
     |
|
03-21-2007, 09:53 AM
|
#2 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,432
OS: 2000 Pro; XP Pro; XP Home
|
Re: keep getting random webpages
Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.
Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- Part of your problem stems from the fact that you have an unpatched version of Windows. Why is this? Performing Windows Updates is a very critical part of any computer user's maintenance. We'll address this during the course of this fix. Additionally, you have more than one AntiVirus program installed, AVG and Norton. While this may seem like greater protection, it can cause problems including slowdowns and system hangs. Choose one to keep and uninstall the other. Any antivirus program must be removed via add/remove program. For any program that doesn't have an add/remove entry, you will have to do this: re-install the program -> reboot -> uninstall---------------------------------------------------------------------------------------------
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. --------------------------------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked O4 - HKLM\..\Run: [bikini] bikini.exe O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\ljgdcd.dll",setvm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm Close HijackThis now. --------------------------------------------------------------------------------------------- Go to My Computer->Tools->Folder Options->View tab: * Under the Hidden files and folders heading, select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Also make sure there is no checkmark beside Hide file extensions for known file types * Click Yes to confirm and then click OK. Delete the following if they exist: C:\Windows\System32\bikini.exe If it resists deletion, boot to safe mode and delete from there. To boot into safe mode should you need to, follow these steps: Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. --------------------------------------------------------------------------------------------- Right click on this link http://www.mvps.org/winhelp2002/DelDomains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again. --------------------------------------------------------------------------------------------- IMPORTANT!: Before we can proceed any further, please use the direct link below and install Service Pack 1a (SP1a ) for both XP and IE6. Without these updates your system is wide open to re-infection and we are both wasting our efforts to clean your system. After we have completed your clean-up, we will have you return to the Windows Update page and install SP2. We will also then advise you on how to better protect yourself online. Please apply those updates BEFORE posting your next log. It is this forum's policy to stop the disinfection process until these basic updates are done. If during the updating process you get a message that your product key is invalid ....then you may not have a legitimate copy of Windows XP. Unfortunately it’s also this forums policy that we only address users with a legal copy of Windows XP.... therefore if you can not update Windows XP to SP1 we must stop the cleansing process here. **Note** If you're having trouble locating the service pack SP1a here is a direct link to download it from.. http://download.microsoft.com/downlo...p1a_en_x86.exe Thank you for your cooperation. --------------------------------------------------------------------------------------------- Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
What DSS will do:
--------------------------------------------------------------------------------------------- Please return with results from: ComboFix (C:\ComboFix.txt) DSS (main.txt and extra.txt)
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Please do not ask for help via Private Message. |
|
|
|
|
03-21-2007, 10:07 PM
|
#3 (permalink) |
|
Registered User
Join Date: Mar 2007
Location: SF Bay Area
Posts: 23
OS: xp
|
Re: keep getting random webpages
I do not know how to save the instructions to notepad. When I used HijackThis is came up automatically. I would appreciate it if you could instruct me on how to save the instructions to Notepad. Thanks. Steve.
|
|
|
|
|
03-21-2007, 10:58 PM
|
#4 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,432
OS: 2000 Pro; XP Pro; XP Home
|
Re: keep getting random webpages
Well, this is basic copy/pasting/saving instructions. Please forgive me if I make it too basic, or don't provide enough detail.
Saving the instructions to a notepad file allows you to view the instructions at a time when you're offline, or in safe mode. Save it to your desktop. Using your mouse, left click on the fix I posted, and drag your mouse through the entire body of the text. When it's all highlighted blue, Press these two keys, one after the other...Ctrl + C. ("Ctrl" is located on the lower left or right of your keyboard, and then the Letter "C") Then, go to Start>Run, and type notepad, then press Enter on your keyboard. A blank text file will open. Left Click once in that empty file, and then press these two keys, one after the other Ctrl + V. You should then have all the text from my fix post in the file. Look at the top of the notepad file, you'll see a Menu Bar. You want to go to File>Save As, and then name it something you'll recall, like FixInstructions, and then save it to your desktop. Let me know if that helps.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. |
|
|
|
|
03-22-2007, 01:31 AM
|
#5 (permalink) |
|
Registered User
Join Date: Mar 2007
Location: SF Bay Area
Posts: 23
OS: xp
|
Re: keep getting random webpages
I have followed all the instructions. A question I have is if I should go back and fix the section where I unchecked the hidden files. Here are the logs.
ComboFix 07-03-22.2 - Running from: "C:\Documents and Settings\Steve\Desktop" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\x.exe C:\WINDOWS\y.exe C:\DOCUME~1\Steve\APPLIC~1.\install.dat ((((((((((((((((((((((((((((((( Files Created from 2007-02-21 to 2007-03-21 )))))))))))))))))))))))))))))))))) 2007-03-17 13:20 27,122 --a------ C:\WINDOWS\system32\mllmj.exe 2007-03-17 13:20 19,483 --a------ C:\WINDOWS\system32\h32ime.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-03-18 13:47 -------- d-------- C:\Program Files\google 2007-03-16 16:51 -------- d-------- C:\Program Files\pokerstars (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "bikini"="bikini.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "2chkdsk"="rundll32.exe \"C:\\WINDOWS\\ljgdcd.dll\",setvm" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP" "MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mimboot.exe" "MMTray"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\h32ime [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Steve.job ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-03-21 20:19:42 eckard's System Scanner v20070318.32 Run by Steve on 2007-03-21 at 23:20:39 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 6: 2007-03-22 07:20:42 UTC - RP6 - Deckard's System Scanner Restore Point 5: 2007-03-22 05:00:42 UTC - RP5 - Installed Windows XP Service Pack 1. 4: 2007-03-21 23:58:44 UTC - RP4 - System Checkpoint 3: 2007-03-20 23:32:26 UTC - RP3 - System Checkpoint 2: 2007-03-19 22:53:15 UTC - RP2 - System Checkpoint -- First Restore Point -- 1: 2007-03-18 12:17:29 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Steve.exe) ----------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 11:21:01 PM, on 3/21/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Documents and Settings\Steve\My Documents\dss.exe C:\PROGRA~1\HIJACK~1\Steve.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {b6788d55-afae-41be-a648-5de331485574} - C:\WINDOWS\system32\h32ime.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O20 - Winlogon Notify: h32ime - C:\WINDOWS\SYSTEM32\h32ime.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) -------------------- backup-20070321-203518-315 O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\ljgdcd.dll",setvm backup-20070321-203518-398 O4 - HKLM\..\Run: [bikini] bikini.exe -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 OMCI - c:\windows\system32\drivers\omci.sys R3 aeaudio - c:\windows\system32\drivers\aeaudio.sys R3 BCMModem (BCM V.90 56K Modem) - c:\windows\system32\drivers\bcmdm.sys R3 MODEMCSA (Unimodem Streaming Filter Device) - c:\windows\system32\drivers\modemcsa.sys R3 smwdm - c:\windows\system32\drivers\smwdm.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 uploadmgr (Upload Manager) - c:\windows\system32\svchost.exe -k netsvcs R3 NSCService (Norton Protection Center Service) - "c:\program files\common files\symantec shared\security console\nscsrvce.exe" -- Scheduled Tasks ------------------------------------------------------------- 2007-03-16 21:31:44 530 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Steve.job<NORTON~1.JOB> -- Files created between 2007-02-21 and 2007-03-21 ----------------------------- 2007-03-21 21:13:09 0 d-------- C:\WINDOWS\Prefetch 2007-03-21 21  54 115200 --a------ C:\WINDOWS\System32\dpcdll.dll2007-03-21 21:04:55 0 d-------- C:\WINDOWS\ServicePackFiles<SERVIC~1> 2007-03-21 21:04:55 0 d-------- C:\WINDOWS\ehome 2007-03-21 21:04:54 10752 -----n--- C:\WINDOWS\System32\spiisupd.exe 2007-03-21 21:04:54 17792 -----n--- C:\WINDOWS\System32\drivers\irbus.sys 2007-03-21 21:04:54 29696 -----n--- C:\WINDOWS\System32\asr_pfu.exe 2007-03-21 21:04:48 34735 -----n--- C:\WINDOWS\System32\drivers\atinxsxx.sys 2007-03-21 21:04:48 29455 -----n--- C:\WINDOWS\System32\drivers\atinxbxx.sys 2007-03-21 21:04:48 36463 -----n--- C:\WINDOWS\System32\drivers\atintuxx.sys 2007-03-21 21:04:48 21343 -----n--- C:\WINDOWS\System32\drivers\atinttxx.sys 2007-03-21 21:04:48 26367 -----n--- C:\WINDOWS\System32\drivers\atinsnxx.sys 2007-03-21 21:04:48 63663 -----n--- C:\WINDOWS\System32\drivers\atinrvxx.sys 2007-03-21 21:04:48 30671 -----n--- C:\WINDOWS\System32\drivers\atinraxx.sys 2007-03-21 21:04:48 12047 -----n--- C:\WINDOWS\System32\drivers\atinpdxx.sys 2007-03-21 21:04:48 11615 -----n--- C:\WINDOWS\System32\drivers\atinmdxx.sys 2007-03-21 21:04:48 56591 -----n--- C:\WINDOWS\System32\drivers\atinbtxx.sys 2007-03-21 21:04:48 450176 -----n--- C:\WINDOWS\System32\drivers\ati2mtag.sys 2007-03-21 21:04:48 327040 -----n--- C:\WINDOWS\System32\drivers\ati2mtaa.sys 2007-03-21 21:04:47 13056 -----n--- C:\WINDOWS\System32\drivers\wacompen.sys 2007-03-21 21:04:47 19328 -----n--- C:\WINDOWS\System32\drivers\usbehci.sys 2007-03-21 21:04:47 11904 -----n--- C:\WINDOWS\System32\drivers\mutohpen.sys 2007-03-21 21:04:47 6912 -----n--- C:\WINDOWS\System32\drivers\hidir.sys 2007-03-21 21:04:47 844675 -----n--- C:\WINDOWS\System32\ati3d1ag.dll 2007-03-21 21:04:47 202496 -----n--- C:\WINDOWS\System32\ati2dvag.dll 2007-03-21 21:04:47 377984 -----n--- C:\WINDOWS\System32\ati2dvaa.dll 2007-03-21 21:04:46 110080 -----n--- C:\WINDOWS\System32\sbeio.dll 2007-03-21 21:04:46 218112 -----n--- C:\WINDOWS\System32\sbe.dll 2007-03-21 21:04:46 172032 -----n--- C:\WINDOWS\System32\mssap.dll 2007-03-21 21:04:46 5120 -----n--- C:\WINDOWS\System32\hccoin.dll 2007-03-21 21:04:46 18944 -----n--- C:\WINDOWS\System32\faxpatch.exe 2007-03-21 21:04:46 155648 -----n--- C:\WINDOWS\System32\encdec.dll 2007-03-21 21:04:46 12288 -----n--- C:\WINDOWS\System32\encapi.dll 2007-03-21 21:04:46 3584 -----n--- C:\WINDOWS\System32\dsprpres.dll 2007-03-21 21:04:46 921475 -----n--- C:\WINDOWS\System32\ati3d2ag.dll 2007-03-21 21:04:45 187904 -----n--- C:\WINDOWS\System32\xpsp1res.dll 2007-03-21 21:04:45 1677312 -----n--- C:\WINDOWS\System32\wmvcore2.dll 2007-03-21 21:04:45 310272 --a------ C:\WINDOWS\System32\winhttp.dll 2007-03-21 21:04:45 403456 -----n--- C:\WINDOWS\System32\winbrand.dll 2007-03-21 21:04:44 156544 --a------ C:\WINDOWS\System32\drivers\nwrdr.sys 2007-03-21 21:04:44 67200 --a------ C:\WINDOWS\System32\drivers\mqac.sys 2007-03-21 21:04:44 156672 --a------ C:\WINDOWS\System32\appmgmts.dll 2007-03-21 21:04:43 14848 --a------ C:\WINDOWS\System32\mqise.dll 2007-03-21 21:04:43 130048 --a------ C:\WINDOWS\System32\mqad.dll 2007-03-21 21:04:43 183296 --a------ C:\WINDOWS\System32\gptext.dll 2007-03-21 21:04:43 113152 --a------ C:\WINDOWS\System32\gpresult.exe 2007-03-21 21:04:43 67584 --a------ C:\WINDOWS\System32\fdeploy.dll 2007-03-21 21:04:43 277504 --a------ C:\WINDOWS\System32\appmgr.dll 2007-03-21 21:04:42 164352 --a------ C:\WINDOWS\System32\mqtrig.dll 2007-03-21 21:04:42 478720 --a------ C:\WINDOWS\System32\mqsnap.dll 2007-03-21 21:04:42 89088 --a------ C:\WINDOWS\System32\mqsec.dll 2007-03-21 21:04:42 164864 --a------ C:\WINDOWS\System32\mqrt.dll 2007-03-21 21:04:42 613888 --a------ C:\WINDOWS\System32\mqqm.dll 2007-03-21 21:04:41 67584 --a------ C:\WINDOWS\System32\tlntsvr.exe 2007-03-21 21:04:41 73728 --a------ C:\WINDOWS\System32\tlntsess.exe 2007-03-21 21:04:41 57856 --a------ C:\WINDOWS\System32\tlntadmn.exe 2007-03-21 21:04:41 113664 --a------ C:\WINDOWS\System32\schtasks.exe 2007-03-21 21:04:41 103936 --a------ C:\WINDOWS\System32\rsnotify.exe 2007-03-21 21:04:41 57344 --a------ C:\WINDOWS\System32\nwwks.dll 2007-03-21 21:04:41 469504 --a------ C:\WINDOWS\System32\mqutil.dll 2007-03-21 21:04:40 231936 --a------ C:\WINDOWS\System32\tracerpt.exe 2007-03-21 21:04:40 7168 --a------ C:\WINDOWS\System32\tlntsvrp.dll 2007-03-21 21:04:39 545792 --a------ C:\WINDOWS\System32\wsecedit.dll 2007-03-21 21:03:58 266752 --a------ C:\WINDOWS\winhlp32.exe 2007-03-21 21:03:58 10752 --a------ C:\WINDOWS\hh.exe 2007-03-21 21:03:58 1004032 --a------ C:\WINDOWS\explorer.exe 2007-03-21 21:03:52 139776 --a------ C:\WINDOWS\System32\adsldpc.dll 2007-03-21 21:03:52 162816 --a------ C:\WINDOWS\System32\adsldp.dll 2007-03-21 21:03:52 59392 --a------ C:\WINDOWS\System32\6to4svc.dll 2007-03-21 21:03:51 41984 --a------ C:\WINDOWS\System32\alg.exe 2007-03-21 21:03:51 91648 --a------ C:\WINDOWS\System32\ahui.exe 2007-03-21 21:03:51 239616 --a------ C:\WINDOWS\System32\adsnt.dll 2007-03-21 21:03:51 62464 --a------ C:\WINDOWS\System32\adsmsext.dll 2007-03-21 21:03:50 38912 --a------ C:\WINDOWS\System32\audiosrv.dll 2007-03-21 21:03:50 74810 --a------ C:\WINDOWS\System32\atl.dll 2007-03-21 21:03:50 22528 --a------ C:\WINDOWS\System32\at.exe 2007-03-21 21:03:50 14366 --a------ C:\WINDOWS\System32\asfsipc.dll 2007-03-21 21:03:50 115712 --a------ C:\WINDOWS\System32\apphelp.dll 2007-03-21 21:03:49 49152 --a------ C:\WINDOWS\System32\browser.dll 2007-03-21 21:03:49 62976 --a------ C:\WINDOWS\System32\browselc.dll 2007-03-21 21:03:49 6656 --a------ C:\WINDOWS\System32\batt.dll 2007-03-21 21:03:49 76288 --a------ C:\WINDOWS\System32\avifil32.dll 2007-03-21 21:03:49 8192 --a------ C:\WINDOWS\System32\autolfn.exe 2007-03-21 21:03:48 582656 --a------ C:\WINDOWS\System32\catsrvut.dll 2007-03-21 21:03:48 71680 --a------ C:\WINDOWS\System32\browsewm.dll 2007-03-21 21:03:47 54272 --a------ C:\WINDOWS\System32\clusapi.dll 2007-03-21 21:03:47 98816 --a------ C:\WINDOWS\System32\clipbrd.exe 2007-03-21 21:03:47 64512 --a------ C:\WINDOWS\System32\ciodm.dll 2007-03-21 21:03:47 32768 --a------ C:\WINDOWS\System32\cfgbkend.dll 2007-03-21 21:03:47 186880 --a------ C:\WINDOWS\System32\certcli.dll 2007-03-21 21:03:46 1172992 --a------ C:\WINDOWS\System32\comsvcs.dll 2007-03-21 21:03:46 238592 --a------ C:\WINDOWS\System32\compatui.dll 2007-03-21 21:03:46 41472 --a------ C:\WINDOWS\System32\cmdl32.exe 2007-03-21 21:03:46 324608 --a------ C:\WINDOWS\System32\cmdial32.dll 2007-03-21 21:03:45 70144 --a------ C:\WINDOWS\System32\cryptdlg.dll 2007-03-21 21:03:45 557568 --a------ C:\WINDOWS\System32\crypt32.dll 2007-03-21 21:03:45 158720 --a------ C:\WINDOWS\System32\credui.dll 2007-03-21 21:03:45 24576 --a------ C:\WINDOWS\System32\conime.exe 2007-03-21 21:03:44 13312 --a------ C:\WINDOWS\System32\ctfmon.exe 2007-03-21 21:03:44 307712 --a------ C:\WINDOWS\System32\cscui.dll 2007-03-21 21:03:44 471040 --a------ C:\WINDOWS\System32\cryptui.dll 2007-03-21 21:03:44 53248 --a------ C:\WINDOWS\System32\cryptsvc.dll 2007-03-21 21:03:43 1180672 --a------ C:\WINDOWS\System32\d3d8.dll 2007-03-21 21:03:42 263168 --a------ C:\WINDOWS\System32\devmgr.dll 2007-03-21 21:03:42 70656 --a------ C:\WINDOWS\System32\defrag.exe 2007-03-21 21:03:42 253440 --a------ C:\WINDOWS\System32\ddraw.dll 2007-03-21 21:03:42 1740 --a------ C:\WINDOWS\System32\dcache.bin 2007-03-21 21:03:42 28672 --a------ C:\WINDOWS\System32\dbnmpntw.dll 2007-03-21 21:03:42 61440 --a------ C:\WINDOWS\System32\dbnetlib.dll 2007-03-21 21:03:42 24576 --a------ C:\WINDOWS\System32\dbmsvinn.dll 2007-03-21 21:03:42 24576 --a------ C:\WINDOWS\System32\dbmsrpcn.dll 2007-03-21 21:03:42 20480 --a------ C:\WINDOWS\System32\dbmsadsn.dll 2007-03-21 21:03:41 55296 --a------ C:\WINDOWS\System32\digest.dll 2007-03-21 21:03:41 103424 --a------ C:\WINDOWS\System32\dgnet.dll 2007-03-21 21:03:41 25600 --a------ C:\WINDOWS\System32\dfsshlex.dll 2007-03-21 21:03:41 113152 --a------ C:\WINDOWS\System32\dfrgui.dll 2007-03-21 21:03:41 35328 --a------ C:\WINDOWS\System32\dfrgsnap.dll 2007-03-21 21:03:41 76288 --a------ C:\WINDOWS\System32\dfrgfat.exe 2007-03-21 21:03:40 77312 --a------ C:\WINDOWS\System32\dmscript.dll 2007-03-21 21:03:40 31744 --a------ C:\WINDOWS\System32\dmloader.dll 2007-03-21 21:03:40 172544 --a------ C:\WINDOWS\System32\dmime.dll 2007-03-21 21:03:40 57344 --a------ C:\WINDOWS\System32\dmcompos.dll 2007-03-21 21:03:40 26112 --a------ C:\WINDOWS\System32\dmband.dll 2007-03-21 21:03:40 168960 --a------ C:\WINDOWS\System32\dinput8.dll 2007-03-21 21:03:40 151552 --a------ C:\WINDOWS\System32\dinput.dll 2007-03-21 21:03:39 56320 --a------ C:\WINDOWS\System32\dpnhupnp.dll 2007-03-21 21:03:39 29696 --a------ C:\WINDOWS\System32\dpnhpast.dll 2007-03-21 21:03:39 156672 --a------ C:\WINDOWS\System32\dpnet.dll 2007-03-21 21:03:39 45568 --a------ C:\WINDOWS\System32\docprop2.dll 2007-03-21 21:03:39 94720 --a------ C:\WINDOWS\System32\dmusic.dll 2007-03-21 21:03:39 110080 --a------ C:\WINDOWS\System32\dmstyle.dll 2007-03-21 21:03:38 227840 --a------ C:\WINDOWS\System32\dsquery.dll 2007-03-21 21:03:38 135680 --a------ C:\WINDOWS\System32\dsprop.dll 2007-03-21 21:03:38 16384 --a------ C:\WINDOWS\System32\ds32gt.dll 2007-03-21 21:03:38 49664 --a------ C:\WINDOWS\System32\dpwsockx.dll 2007-03-21 21:03:38 58368 --a------ C:\WINDOWS\System32\dpvsetup.exe 2007-03-21 21:03:38 206336 --a------ C:\WINDOWS\System32\dpvoice.dll 2007-03-21 21:03:37 180224 --a------ C:\WINDOWS\System32\dwwin.exe 2007-03-21 21:03:37 263680 --a------ C:\WINDOWS\System32\duser.dll 2007-03-21 21:03:37 9216 --a------ C:\WINDOWS\System32\dumprep.exe 2007-03-21 21:03:37 124928 --a------ C:\WINDOWS\System32\dssenh.dll 2007-03-21 21:03:36 802304 --a------ C:\WINDOWS\System32\dxmrtp.dll 2007-03-21 21:03:36 498205 --a------ C:\WINDOWS\System32\dxmasf.dll 2007-03-21 21:03:36 786432 --a------ C:\WINDOWS\System32\dxdiag.exe 2007-03-21 21:03:35 178688 --a------ C:\WINDOWS\System32\eudcedit.exe 2007-03-21 21:03:35 225280 --a------ C:\WINDOWS\System32\es.dll 2007-03-21 21:03:35 19456 --a------ C:\WINDOWS\System32\ersvc.dll 2007-03-21 21:03:35 165376 --a------ C:\WINDOWS\System32\els.dll 2007-03-21 21:03:34 8832 --a------ C:\WINDOWS\System32\framebuf.dll 2007-03-21 21:03:34 19456 --a------ C:\WINDOWS\System32\fontview.exe 2007-03-21 21:03:34 82432 --a------ C:\WINDOWS\System32\fldrclnr.dll 2007-03-21 21:03:34 66560 --a------ C:\WINDOWS\System32\faultrep.dll 2007-03-21 21:03:34 380445 --a------ C:\WINDOWS\System32\expsrv.dll 2007-03-21 21:03:34 49152 --a------ C:\WINDOWS\System32\eventlog.dll 2007-03-21 21:03:33 236032 --a------ C:\WINDOWS\System32\icm32.dll 2007-03-21 21:03:33 9216 --a------ C:\WINDOWS\System32\icaapi.dll 2007-03-21 21:03:33 240640 --a------ C:\WINDOWS\System32\hnetcfg.dll 2007-03-21 21:03:33 37888 --a------ C:\WINDOWS\System32\hhsetup.dll 2007-03-21 21:03:32 113152 --a------ C:\WINDOWS\System32\idq.dll 2007-03-21 21:03:31 30208 --a------ C:\WINDOWS\System32\imgutil.dll 2007-03-21 21:03:31 36922 --a------ C:\WINDOWS\System32\imeshare.dll 2007-03-21 21:03:31 123904 --a------ C:\WINDOWS\System32\imapi.exe 2007-03-21 21:03:31 73728 --a------ C:\WINDOWS\System32\ils.dll 2007-03-21 21:03:31 59392 --a------ C:\WINDOWS\System32\iesetup.dll 2007-03-21 21:03:30 114176 --a------ C:\WINDOWS\System32\input.dll 2007-03-21 21:03:30 587776 --a------ C:\WINDOWS\System32\inetcomm.dll 2007-03-21 21:03:30 103936 --a------ C:\WINDOWS\System32\imm32.dll 2007-03-21 21:03:29 51712 --a------ C:\WINDOWS\System32\ipconfig.exe 2007-03-21 21:03:28 143872 --a------ C:\WINDOWS\System32\itircl.dll 2007-03-21 21:03:28 134144 --a------ C:\WINDOWS\System32\ipv6mon.dll 2007-03-21 21:03:28 60928 --a------ C:\WINDOWS\System32\ipv6.exe 2007-03-21 21:03:28 155648 --a------ C:\WINDOWS\System32\ipsecsvc.dll 2007-03-21 21:03:28 318464 --a------ C:\WINDOWS\System32\ippromon.dll 2007-03-21 21:03:28 435200 --a------ C:\WINDOWS\System32\ipnathlp.dll 2007-03-21 21:03:27 272896 --a------ C:\WINDOWS\System32\kerberos.dll 2007-03-21 21:03:27 7040 --a------ C:\WINDOWS\System32\kd1394.dll 2007-03-21 21:03:27 49664 --a------ C:\WINDOWS\System32\ixsso.dll 2007-03-21 21:03:27 91648 --a------ C:\WINDOWS\System32\iuctl.dll 2007-03-21 21:03:27 122368 --a------ C:\WINDOWS\System32\itss.dll 2007-03-21 21:03:26 381440 --a------ C:\WINDOWS\System32\lmrt.dll 2007-03-21 21:03:26 57856 --a------ C:\WINDOWS\System32\licwmi.dll 2007-03-21 21:03:26 19456 --a------ C:\WINDOWS\System32\licmgr10.dll 2007-03-21 21:03:26 42537 --a------ C:\WINDOWS\System32\keyboard.sys 2007-03-21 21:03:25 163840 --a------ C:\WINDOWS\System32\mindex.dll 2007-03-21 21:03:25 504320 --a------ C:\WINDOWS\System32\logonui.exe 2007-03-21 21:03:25 219648 --a------ C:\WINDOWS\System32\logon.scr 2007-03-21 21:03:25 10240 --a------ C:\WINDOWS\System32\localui.dll 2007-03-21 21:03:24 233472 --a------ C:\WINDOWS\System32\mpg4dmod.dll 2007-03-21 21:03:24 210944 --a------ C:\WINDOWS\System32\moricons.dll 2007-03-21 21:03:24 196096 --a------ C:\WINDOWS\System32\mobsync.dll 2007-03-21 21:03:24 32256 --a------ C:\WINDOWS\System32\mnmdd.dll 2007-03-21 21:03:24 1128960 --a------ C:\WINDOWS\System32\mmcndmgr.dll 2007-03-21 21:03:23 12288 --a------ C:\WINDOWS\System32\mscpx32r.dll 2007-03-21 21:03:23 65536 --a------ C:\WINDOWS\System32\msconf.dll 2007-03-21 21:03:23 68096 --a------ C:\WINDOWS\System32\mscms.dll 2007-03-21 21:03:23 116736 --a------ C:\WINDOWS\System32\mplay32.exe 2007-03-21 21:03:22 359936 --a------ C:\WINDOWS\System32\msdtcprx.dll 2007-03-21 21:03:22 126976 --a------ C:\WINDOWS\System32\msdart.dll 2007-03-21 21:03:22 67584 --a------ C:\WINDOWS\System32\msctfp.dll 2007-03-21 21:03:22 266752 --a------ C:\WINDOWS\System32\msctf.dll 2007-03-21 21:03:21 319519 --a------ C:\WINDOWS\System32\msexcl40.dll 2007-03-21 21:03:21 512031 --a------ C:\WINDOWS\System32\msexch40.dll 2007-03-21 21:03:21 4126 --a------ C:\WINDOWS\System32\msdxmlc.dll 2007-03-21 21:03:19 229888 --a------ C:\WINDOWS\System32\msieftp.dll 2007-03-21 21:03:19 56320 --a------ C:\WINDOWS\System32\mshtmler.dll 2007-03-21 21:03:18 368710 --a------ C:\WINDOWS\System32\msisam11.dll 2007-03-21 21:03:18 143872 --a------ C:\WINDOWS\System32\msimtf.dll 2007-03-21 21:03:18 4608 --a------ C:\WINDOWS\System32\msimg32.dll 2007-03-21 21:03:17 213023 --a------ C:\WINDOWS\System32\msltus40.dll 2007-03-21 21:03:17 22528 --a------ C:\WINDOWS\System32\mslbui.dll 2007-03-21 21:03:17 241695 --a------ C:\WINDOWS\System32\msjtes40.dll 2007-03-21 21:03:17 348195 --a------ C:\WINDOWS\System32\msjetoledb40.dll<MSJETO~1.DLL> 2007-03-21 21:03:17 1503262 --a------ C:\WINDOWS\System32\msjet40.dll 2007-03-21 21:03:16 339968 --a------ C:\WINDOWS\System32\mspaint.exe 2007-03-21 21:03:16 131072 --a------ C:\WINDOWS\System32\msorcl32.dll 2007-03-21 21:03:16 81408 --a------ C:\WINDOWS\System32\msoert2.dll 2007-03-21 21:03:16 228864 --a------ C:\WINDOWS\System32\msoeacct.dll 2007-03-21 21:03:16 319760 --a------ C:\WINDOWS\System32\msnsspc.dll 2007-03-21 21:03:15 10240 --a------ C:\WINDOWS\System32\msrle32.dll 2007-03-21 21:03:15 552991 --a------ C:\WINDOWS\System32\msrepl40.dll 2007-03-21 21:03:15 421919 --a------ C:\WINDOWS\System32\msrd2x40.dll 2007-03-21 21:03:15 348191 --a------ C:\WINDOWS\System32\mspbde40.dll 2007-03-21 21:03:14 388608 --a------ C:\WINDOWS\System32\mstsc.exe 2007-03-21 21:03:14 9728 --a------ C:\WINDOWS\System32\mstinit.exe 2007-03-21 21:03:14 253983 --a------ C:\WINDOWS\System32\mstext40.dll 2007-03-21 21:03:14 250368 --a------ C:\WINDOWS\System32\mstask.dll 2007-03-21 21:03:13 401462 --a------ C:\WINDOWS\System32\msvcp60.dll 2007-03-21 21:03:13 182784 --a------ C:\WINDOWS\System32\msutb.dll 2007-03-21 21:03:13 241725 --a------ C:\WINDOWS\System32\msuni11.dll 2007-03-21 21:03:13 598016 --a------ C:\WINDOWS\System32\mstscax.dll 2007-03-21 21:03:12 1220608 --a------ C:\WINDOWS\System32\msvidctl.dll 2007-03-21 21:03:12 113664 --a------ C:\WINDOWS\System32\msvfw32.dll 2007-03-21 21:03:12 323072 --a------ C:\WINDOWS\System32\msvcrt.dll 2007-03-21 21:03:11 1122304 --a------ C:\WINDOWS\System32\msxml3.dll 2007-03-21 21:03:11 699392 --a------ C:\WINDOWS\System32\msxml2.dll 2007-03-21 21:03:11 344095 --a------ C:\WINDOWS\System32\msxbde40.dll 2007-03-21 21:03:11 192512 --a------ C:\WINDOWS\System32\mswebdvd.dll 2007-03-21 21:03:10 115200 --a------ C:\WINDOWS\System32\net1.exe 2007-03-21 21:03:10 39424 --a------ C:\WINDOWS\System32\net.exe 2007-03-21 21:03:10 16384 --a------ C:\WINDOWS\System32\nddenb32.dll 2007-03-21 21:03:10 42496 --a------ C:\WINDOWS\System32\ncobjapi.dll 2007-03-21 21:03:09 154112 --a------ C:\WINDOWS\System32\netman.dll 2007-03-21 21:03:09 399360 --a------ C:\WINDOWS\System32\netlogon.dll 2007-03-21 21:03:09 105984 --a------ C:\WINDOWS\System32\netdde.exe 2007-03-21 21:03:09 584192 --a------ C:\WINDOWS\System32\netcfgx.dll 2007-03-21 21:03:08 1622528 --a------ C:\WINDOWS\System32\netshell.dll 2007-03-21 21:03:08 857600 --a------ C:\WINDOWS\System32\netplwiz.dll 2007-03-21 21:03:07 38400 --a------ C:\WINDOWS\System32\ntlanman.dll 2007-03-21 21:03:07 33808 --a------ C:\WINDOWS\System32\ntio.sys 2007-03-21 21:03:07 49152 --a------ C:\WINDOWS\System32\npptools.dll 2007-03-21 21:03:07 24576 --a------ C:\WINDOWS\System32\nmmkcert.dll 2007-03-21 21:03:07 95744 --a------ C:\WINDOWS\System32\nlhtml.dll 2007-03-21 21:03:07 238080 --a------ C:\WINDOWS\System32\newdev.dll 2007-03-21 21:03:06 328704 --a------ C:\WINDOWS\System32\oakley.dll 2007-03-21 21:03:06 137216 --a------ C:\WINDOWS\System32\ntshrui.dll 2007-03-21 21:03:06 392704 --a------ C:\WINDOWS\System32\ntmssvc.dll 2007-03-21 21:03:06 165888 --a------ C:\WINDOWS\System32\ntmsdba.dll 2007-03-21 21:03:06 38400 --a------ C:\WINDOWS\System32\ntmsapi.dll 2007-03-21 21:03:06 112128 --a------ C:\WINDOWS\System32\ntmarta.dll 2007-03-21 21:03:05 53248 --a------ C:\WINDOWS\System32\odbcconf.exe 2007-03-21 21:03:05 122880 --a------ C:\WINDOWS\System32\odbcconf.dll 2007-03-21 21:03:05 24576 --a------ C:\WINDOWS\System32\odbcbcp.dll 2007-03-21 21:03:05 32768 --a------ C:\WINDOWS\System32\odbcad32.exe 2007-03-21 21:03:05 16384 --a------ C:\WINDOWS\System32\odbc32gt.dll 2007-03-21 21:03:05 200704 --a------ C:\WINDOWS\System32\odbc32.dll 2007-03-21 21:03:04 109568 --a------ C:\WINDOWS\System32\offfilt.dll 2007-03-21 21:03:04 147456 --a------ C:\WINDOWS\System32\odbctrac.dll 2007-03-21 21:03:04 12288 --a------ C:\WINDOWS\System32\odbcp32r.dll 2007-03-21 21:03:04 61440 --a------ C:\WINDOWS\System32\odbccu32.dll 2007-03-21 21:03:04 61440 --a------ C:\WINDOWS\System32\odbccr32.dll 2007-03-21 21:03:04 94208 --a------ C:\WINDOWS\System32\odbccp32.dll 2007-03-21 21:03:03 53248 --a------ C:\WINDOWS\System32\packager.exe 2007-03-21 21:03:03 212480 --a------ C:\WINDOWS\System32\osk.exe 2007-03-21 21:03:03 686080 --a------ C:\WINDOWS\System32\opengl32.dll 2007-03-21 21:03:03 98304 --a------ C:\WINDOWS\System32\oleprn.dll 2007-03-21 21:03:03 1169920 --a------ C:\WINDOWS\System32\ole32.dll 2007-03-21 21:03:02 16384 --a------ C:\WINDOWS\System32\ping.exe 2007-03-21 21:03:02 254976 --a------ C:\WINDOWS\System32\pdh.dll 2007-03-21 21:03:02 58880 --a------ C:\WINDOWS\System32\pautoenr.dll 2007-03-21 21:03:01 357376 --a------ C:\WINDOWS\System32\qdvd.dll 2007-03-21 21:03:01 184832 --a------ C:\WINDOWS\System32\qcap.dll 2007-03-21 21:03:01 82944 --a------ C:\WINDOWS\System32\psbase.dll 2007-03-21 21:03:01 17408 --a------ C:\WINDOWS\System32\psapi.dll 2007-03-21 21:03:00 1142784 --a------ C:\WINDOWS\System32\quartz.dll 2007-03-21 21:03:00 17408 --a------ C:\WINDOWS\System32\qmgrprxy.dll 2007-03-21 21:03:00 221696 --a------ C:\WINDOWS\System32\qmgr.dll 2007-03-21 21:03:00 511488 --a------ C:\WINDOWS\System32\qedit.dll 2007-03-21 21:02:59 13824 --a------ C:\WINDOWS\System32\rassapi.dll 2007-03-21 21:02:59 193536 --a------ C:\WINDOWS\System32\rasppp.dll 2007-03-21 21:02:59 57856 --a------ C:\WINDOWS\System32\raschap.dll 2007-03-21 21:02:59 1349120 --a------ C:\WINDOWS\System32\query.dll 2007-03-21 21:02:58 14848 --a------ C:\WINDOWS\System32\rdpsnd.dll 2007-03-21 21:02:58 87304 --a------ C:\WINDOWS\System32\rdpdd.dll 2007-03-21 21:02:58 44032 --a------ C:\WINDOWS\System32\rdpclip.exe 2007-03-21 21:02:58 135680 --a------ C:\WINDOWS\System32\rdchost.dll 2007-03-21 21:02:58 34304 --a------ C:\WINDOWS\System32\rcimlby.exe 2007-03-21 21:02:58 91136 --a------ C:\WINDOWS\System32\rastls.dll 2007-03-21 21:02:57 48128 --a------ C:\WINDOWS\System32\reg.exe 2007-03-21 21:02:57 3338 --a------ C:\WINDOWS\System32\redir.exe 2007-03-21 21:02:57 12288 --a------ C:\WINDOWS\System32\rdsaddin.exe 2007-03-21 21:02:57 75912 --a------ C:\WINDOWS\System32\rdpwsx.dll 2007-03-21 21:02:56 530432 --a------ C:\WINDOWS\System32\rpcrt4.dll 2007-03-21 21:02:56 56320 --a------ C:\WINDOWS\System32\remotepg.dll 2007-03-21 21:02:56 44032 --a------ C:\WINDOWS\System32\regapi.dll 2007-03-21 21:02:55 74240 --a------ C:\WINDOWS\System32\rtcshare.exe 2007-03-21 21:02:55 548864 --a------ C:\WINDOWS\System32\rtcdll.dll 2007-03-21 21:02:55 133632 --a------ C:\WINDOWS\System32\rsaenh.dll 2007-03-21 21:02:55 260608 --a------ C:\WINDOWS\System32\rpcss.dll 2007-03-21 21:02:54 297984 --a------ C:\WINDOWS\System32\scesrv.dll 2007-03-21 21:02:54 174592 --a------ C:\WINDOWS\System32\scecli.dll 2007-03-21 21:02:54 171008 --a------ C:\WINDOWS\System32\sccsccp.dll 2007-03-21 21:02:54 169984 --a------ C:\WINDOWS\System32\sccbase.dll 2007-03-21 21:02:54 12800 --a------ C:\WINDOWS\System32\runonce.exe 2007-03-21 21:02:53 52224 --a------ C:\WINDOWS\System32\secur32.dll 2007-03-21 21:02:53 71168 --a------ C:\WINDOWS\System32\sdbinst.exe 2007-03-21 21:02:53 8192 --a------ C:\WINDOWS\System32\scrnsave.scr 2007-03-21 21:02:53 159232 --a------ C:\WINDOWS\System32\schedsvc.dll 2007-03-21 21:02:52 1157632 --a------ C:\WINDOWS\System32\sfcfiles.dll 2007-03-21 21:02:52 133120 --a------ C:\WINDOWS\System32\sfc_os.dll 2007-03-21 21:02:52 20992 --a------ C:\WINDOWS\System32\setup.exe 2007-03-21 21:02:52 6144 --a------ C:\WINDOWS\System32\sensapi.dll 2007-03-21 21:02:52 36352 --a------ C:\WINDOWS\System32\sens.dll 2007-03-21 21:02:49 62976 --a------ C:\WINDOWS\System32\shgina.dll 2007-03-21 21:02:49 22528 --a------ C:\WINDOWS\System32\shfolder.dll 2007-03-21 21:02:48 33280 --a------ C:\WINDOWS\System32\shmgrate.exe 2007-03-21 21:02:48 420864 --a------ C:\WINDOWS\System32\shimgvw.dll 2007-03-21 21:02:48 60416 --a------ C:\WINDOWS\System32\shimeng.dll 2007-03-21 21:02:47 82944 --a------ C:\WINDOWS\System32\smlogsvc.exe 2007-03-21 21:02:47 334848 --a------ C:\WINDOWS\System32\smlogcfg.dll 2007-03-21 21:02:47 22528 --a------ C:\WINDOWS\System32\slayerxp.dll 2007-03-21 21:02:47 24064 --a------ C:\WINDOWS\System32\skeys.exe 2007-03-21 21:02:47 66048 --a------ C:\WINDOWS\System32\sigverif.exe 2007-03-21 21:02:47 11776 --a------ C:\WINDOWS\System32\sigtab.dll 2007-03-21 21:02:46 63488 --a------ C:\WINDOWS\System32\srclient.dll 2007-03-21 21:02:46 385024 --a------ C:\WINDOWS\System32\sqlsrv32.dll 2007-03-21 21:02:46 66560 --a------ C:\WINDOWS\System32\spoolss.dll 2007-03-21 21:02:46 534016 --a------ C:\WINDOWS\System32\spider.exe 2007-03-21 21:02:46 16896 --a------ C:\WINDOWS\System32\snmpapi.dll 2007-03-21 21:02:45 27136 --a------ C:\WINDOWS\System32\ssdpapi.dll 2007-03-21 21:02:45 18944 --a------ C:\WINDOWS\System32\ssbezier.scr 2007-03-21 21:02:45 667648 --a------ C:\WINDOWS\System32\ss3dfo.scr 2007-03-21 21:02:45 158720 --a------ C:\WINDOWS\System32\srsvc.dll 2007-03-21 21:02:45 226304 --a------ C:\WINDOWS\System32\srrstr.dll 2007-03-21 21:02:44 19456 --a------ C:\WINDOWS\System32\ssmarque.scr 2007-03-21 21:02:44 364544 --a------ C:\WINDOWS\System32\ssflwbox.scr 2007-03-21 21:02:44 43008 --a------ C:\WINDOWS\System32\ssdpsrv.dll 2007-03-21 21:02:43 61952 --a------ C:\WINDOWS\System32\sti.dll 2007-03-21 21:02:43 638976 --a------ C:\WINDOWS\System32\sstext3d.scr 2007-03-21 21:02:43 13312 --a------ C:\WINDOWS\System32\ssstars.scr 2007-03-21 21:02:43 569344 --a------ C:\WINDOWS\System32\sspipes.scr 2007-03-21 21:02:43 17408 --a------ C:\WINDOWS\System32\ssmyst.scr 2007-03-21 21:02:42 251904 --a------ C:\WINDOWS\System32\strmdll.dll 2007-03-21 21:02:42 117760 --a------ C:\WINDOWS\System32\stobject.dll 2007-03-21 21:02:42 130560 --a------ C:\WINDOWS\System32\sti_ci.dll 2007-03-21 21:02:41 233984 --a------ C:\WINDOWS\System32\tapisrv.dll 2007-03-21 21:02:41 165376 --a------ C:\WINDOWS\System32\tapi32.dll 2007-03-21 21:02:41 674816 --a------ C:\WINDOWS\System32\sxs.dll 2007-03-21 21:02:40 384000 --a------ C:\WINDOWS\System32\themeui.dll 2007-03-21 21:02:40 200192 --a------ C:\WINDOWS\System32\termsrv.dll 2007-03-21 21:02:40 128512 --a------ C:\WINDOWS\System32\taskmgr.exe 2007-03-21 21:02:39 107008 --a------ C:\WINDOWS\System32\umpnpmgr.dll 2007-03-21 21:02:39 32256 --a------ C:\WINDOWS\System32\umandlg.dll 2007-03-21 21:02:39 22016 --a------ C:\WINDOWS\System32\udhisapi.dll 2007-03-21 21:02:39 40960 --a------ C:\WINDOWS\System32\tscupgrd.exe 2007-03-21 21:02:39 88064 --a------ C:\WINDOWS\System32\tscfgwmi.dll 2007-03-21 21:02:39 81920 --a------ C:\WINDOWS\System32\trkwks.dll 2007-03-21 21:02:39 10752 --a------ C:\WINDOWS\System32\tracert.exe 2007-03-21 21:02:38 16384 --a------ C:\WINDOWS\System32\ups.exe 2007-03-21 21:02:38 231424 --a------ C:\WINDOWS\System32\upnpui.dll 2007-03-21 21:02:38 164864 --a------ C:\WINDOWS\System32\upnphost.dll 2007-03-21 21:02:38 120320 --a------ C:\WINDOWS\System32\upnp.dll 2007-03-21 21:02:37 203264 --a------ C:\WINDOWS\System32\uxtheme.dll 2007-03-21 21:02:37 47616 --a------ C:\WINDOWS\System32\utilman.exe 2007-03-21 21:02:37 339456 --a------ C:\WINDOWS\System32\usp10.dll 2007-03-21 21:02:36 165376 --a------ C:\WINDOWS\System32\w32time.dll 2007-03-21 21:02:36 409088 --a------ C:\WINDOWS\System32\vssapi.dll 2007-03-21 21:02:36 48640 --a------ C:\WINDOWS\System32\vdmredir.dll 2007-03-21 21:02:36 479261 --a------ C:\WINDOWS\System32\vbscript.dll 2007-03-21 21:02:35 61952 --a------ C:\WINDOWS\System32\webclnt.dll 2007-03-21 21:02:35 16384 --a------ C:\WINDOWS\System32\watchdog.sys 2007-03-21 21:02:34 119808 --a------ C:\WINDOWS\System32\wiadss.dll 2007-03-21 21:02:34 60416 --a------ C:\WINDOWS\System32\wextract.exe 2007-03-21 21:02:34 124928 --a------ C:\WINDOWS\System32\webvw.dll 2007-03-21 21:02:33 168448 --a------ C:\WINDOWS\System32\wldap32.dll 2007-03-21 21:02:33 48128 --a------ C:\WINDOWS\System32\winsta.dll 2007-03-21 21:02:33 171520 --a------ C:\WINDOWS\System32\winmm.dll 2007-03-21 21:02:32 296448 --a------ C:\WINDOWS\System32\wmstream.dll 2007-03-21 21:02:32 118784 --a------ C:\WINDOWS\System32\wmsdmoe.dll 2007-03-21 21:02:32 77824 --a------ C:\WINDOWS\System32\wmpstub.exe 2007-03-21 21:02:32 51200 --a------ C:\WINDOWS\System32\wmerrenu.dll 2007-03-21 21:02:32 86528 --a------ C:\WINDOWS\System32\wlnotify.dll 2007-03-21 21:02:31 446464 --a------ C:\WINDOWS\System32\wmvdmoe.dll 2007-03-21 21:02:31 311327 --a------ C:\WINDOWS\System32\wmv8dmod.dll 2007-03-21 21:02:30 56832 --a------ C:\WINDOWS\System32\wzcdlg.dll 2007-03-21 21:02:30 9216 --a------ C:\WINDOWS\System32\wuauserv.dll 2007-03-21 21:02:30 17408 --a------ C:\WINDOWS\System32\wtsapi32.dll 2007-03-21 21:02:30 38912 --a------ C:\WINDOWS\System32\wsnmp32.dll 2007-03-21 21:02:30 13312 --a------ C:\WINDOWS\System32\wship6.dll 2007-03-21 21:02:30 247808 --a------ C:\WINDOWS\System32\wow32.dll 2007-03-21 21:02:29 316416 --a------ C:\WINDOWS\System32\zipfldr.dll 2007-03-21 21:02:29 172664 --a------ C:\WINDOWS\System32\xenroll.dll 2007-03-21 21:02:29 86016 --a------ C:\WINDOWS\System32\xactsrv.dll 2007-03-21 20:56:51 45056 --a------ C:\command.exe 2007-03-17 13:20:59 19483 --a------ C:\WINDOWS\System32\h32ime.dll 2007-03-17 13:20:58 27122 --a------ C:\WINDOWS\System32\mllmj.exe -- Find3M Report --------------------------------------------------------------- 2007-03-21 21:12:43 0 d-------- C:\Program Files\Messenger<MESSEN~1> 2007-03-21 21:04:32 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1> 2007-03-21 21:02:26 233632 -rahs---- C:\ntldr 2007-03-21 19:47:26 0 d-------- C:\Documents and Settings\Steve\Application Data\AVG7 2007-03-18 13:47:09 0 d-------- C:\Program Files\Google 2007-03-18 03:18:04 0 d---s---- C:\Documents and Settings\Steve\Application Data\Microsoft<MICROS~1> 2007-03-16 16:51:45 0 d-------- C:\Program Files\PokerStars<POKERS~1> 2007-03-09 16:23:55 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1> 2007-01-21 13:25:31 0 d-------- C:\Documents and Settings\Steve\Application Data\Adobe 2007-01-21 13:24:16 0 d-------- C:\Program Files\Common Files\Adobe -- Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP" "MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mimboot.exe" "MMTray"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\"" "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\h32ime [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 -- End of Deckard's System Scanner: finished at 2007-03-21 at 23:21:28 --------- Deckard's System Scanner v20070318.32 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 1.0 Architecture: X86; Language: English CPU 0: Intel(R) Pentium(R) 4 CPU 2.60GHz Percentage of Memory in Use: 46% Physical Memory (total/avail): 510.98 MiB / 275.29 MiB Pagefile Memory (total/avail): 1250.09 MiB / 978.35 MiB Virtual Memory (total/avail): 2047.88 MiB / 2006.26 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 111.78 GiB total, 85.75 GiB free. D: is CDROM (No Media) E: is CDROM (No Media) -- Security Center ------------------------------------------------------------- AUOptions is set to notify before install. Windows Internal Firewall is enabled. -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Steve\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=STEVE-EDMT4T2JS ComSpec=C:\WINDOWS\system32\cmd.exe HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Steve LOGONSERVER=\\STEVE-EDMT4T2JS NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Internet Explorer; PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0209 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Steve\LOCALS~1\Temp TMP=C:\DOCUME~1\Steve\LOCALS~1\Temp USERDOMAIN=STEVE-EDMT4T2JS USERNAME=Steve USERPROFILE=C:\Documents and Settings\Steve windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Steve (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\UninstFl.exe -q Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002} AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL Broadcom Driver Installer --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033 ccCommon --> MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB} Comcast High-Speed Internet Install Wizard --> C:\Program Files\support.com\uninstall\chsi_uninstaller.exe Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe" DellConnect --> C:\Documents and Settings\All Users\Application Data\GTek\GTRemote\GTRCUnin.exe /selfdelete Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe" HijackThis 1.99.1 --> C:\Documents and Settings\Steve\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe /uninstall Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4} J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030} J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0} Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328} Kazaa Lite K++ v2.4.3 --> "C:\Program Files\Kazaa Lite K++\unins000.exe" LimeWire 4.12.4 --> "C:\Program Files\LimeWire\uninstall.exe" LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst NAVShortcut --> MsiExec.exe /I{F325CF11-27CE-4872-8022-6E9EB27DF24F} Norton AntiVirus 2006 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B} Norton AntiVirus 2006 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe" /X Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8} Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43} Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8} Norton Protection Center --> MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6} Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4} NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvdd.inf PokerStars --> C:\Program Files\PokerStars\Uninstall.EXE /u:"PokerStars" RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56} Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09} Windows XP Service Pack 1a --> C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe -- End of Deckard's System Scanner: finished at 2007-03-21 at 23:21:28 --------- |
|
|
|
|
03-22-2007, 08:31 AM
|
#6 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,432
OS: 2000 Pro; XP Pro; XP Home
|
Re: keep getting random webpages
Good job....however...
Let's try this again, as it appears you did not run ComboFix according to the instructions given.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. --------------------------------------------------------------------------------------------- Delete this file: C:\WINDOWS\System32\mllmj.exe If it resists deletion, boot to safe mode and delete from there. --------------------------------------------------------------------------------------------- Open Hijack This and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. --------------------------------------------------------------------------------------------- So, I need the new C:\ComboFix.txt, and a new HijackThis log.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. |
|
|
|
|
03-22-2007, 12:18 PM
|
#7 (permalink) |
|
Registered User
Join Date: Mar 2007
Location: SF Bay Area
Posts: 23
OS: xp
|
Re: keep getting random webpages
I tried to do that before and just tried again but it says " windows cannot find 'C\Documents and settings\steve\desktop\combofix.exe' Make sure you typed the name correctly, and then try again. To search for a file, click the start button, and then click search" I know that I typed itin correctly because I copy&pasted it. Was there something I did wrong? I know I downloaded Com |
