Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
Log: Big Problem! Log: Big Problem!
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2 >
 
Thread Tools
Old 12-14-2007, 05:21 AM   #1 (permalink)
Registered User
 
nate04's Avatar
 
Join Date: Feb 2005
Posts: 39
OS: XP


Log: Big Problem!
Hey guys I have a huge problem! You guys have been amazing in the past by helping and I hope you can help this time. I think I have some kind of spyware or virus on my computer. My antivirus kept popping up and saying I had a trojen. And now something keeps popping up and saying I have potential spyware and my computer is making unauthorzed copies of my files and to click yes to download a spyware remover. I never have clicked yes because I think its part of the virus. My computer is so bad that now I can't even open a webpage because it just closes down. I am keeping my computer off the internet but I did get on to download the decker scanner and scanned and saved it to a disk. I think I id attach the extra.txt I hope. I saved all this on a floppy! :P Here it is PLEASE HELP:


Deckard's System Scanner v20071014.68
Run by nzeller on 2007-12-14 07:09:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
43: 2007-12-14 04:02:45 UTC - RP401 - Deckard's System Scanner Restore Point
42: 2007-12-13 01:58:14 UTC - RP400 - System Checkpoint
41: 2007-12-11 02:05:49 UTC - RP399 - System Checkpoint
40: 2007-12-10 01:07:25 UTC - RP398 - System Checkpoint
39: 2007-12-08 01:24:46 UTC - RP397 - System Checkpoint


-- First Restore Point --
1: 2007-09-15 02:22:39 UTC - RP359 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-14 07:12:13
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\wuauclt.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\WINDOWS\SYSTEM32\winter.exe
C:\WINDOWS\SYSTEM32\DSentry.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\SYSTEM32\igfxpers.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
C:\WINDOWS\SYSTEM32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\AccessDirect\DadApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\SYSTEM32\shovth.exe
C:\WINDOWS\SYSTEM32\igfxsrvc.exe
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\WINDOWS\SYSTEM32\wuauclt.exe
C:\Documents and Settings\nzeller\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\SYSTEM32\bronto.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
O4 - HKLM\..\Run: [sis32] C:\WINDOWS\system32\winsos.exe
O4 - HKLM\..\Run: [winroot] C:\WINDOWS\system32\winsn.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
O4 - Startup: infos.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: autos.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} () - http://80-site.ebrary.com.fortwayne..../ebraryRdr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub...irector/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\SYSTEM32\LEXBCES.EXE
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\SYSTEM32\WLTRYSVC.EXE


--
End of file - 8644 bytes

-- File Associations -----------------------------------------------------------

.exe - exefile - shell\open\command - "C:\WINDOWS\trayicons.exe" exec "%1" %*
.scr - scrfile - shell\open\command - "C:\WINDOWS\trayicons.exe" exec "%1" /S


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.7) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R2 SbcpHid - c:\windows\system32\drivers\sbcphid.sys

S3 jgameenp - c:\docume~1\nzeller\locals~1\temp\jgameenp.sys (file missing)
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-09-23 10:12:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-11-14 and 2007-12-14 -----------------------------

2007-12-13 21:26:37 89088 ---h----- C:\Documents and Settings\nzeller\nzeller.exe
2007-12-13 21:26:28 89088 ---h----- C:\Documents and Settings\All Users\All Users.exe
2007-12-13 21:26:28 89088 ---h----- C:\Documents and Settings\Administrator\Administrator.exe
2007-12-13 21:20:40 89088 ---h----- C:\.exe
2007-12-13 21:20:34 89088 ---hs---- C:\70AA1EBD.exe
2007-12-13 21:20:33 28929 --a------ C:\WINDOWS\system32\winsos.exe
2007-12-13 21:20:33 89088 ---hs---- C:\WINDOWS\system32\winsn.exe
2007-12-13 21:20:33 89088 ---hs---- C:\WINDOWS\system32\shovth.exe
2007-12-13 21:20:26 89088 --a------ C:\WINDOWS\wsystmp_uco.exe
2007-12-13 21:19:22 7680 --a------ C:\WINDOWS\system32\winter.exe
2007-12-13 21:19:22 7680 --a------ C:\WINDOWS\system32\proper.exe
2007-12-13 21:19:22 14848 --a------ C:\WINDOWS\system32\bronto.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-13 21:18:11 18944 --a------ C:\WINDOWS\system32\wowfx.dll
2007-12-13 21:11:21 15872 --a------ C:\WINDOWS\windisk.dll
2007-12-13 20:53:20 28929 --a------ C:\WINDOWS\trayicons.exe
2007-12-13 20:53:17 28929 --a------ C:\Documents and Settings\nzeller\wn852.exe
2007-12-02 20:37:41 0 d-------- C:\Documents and Settings\nzeller\Application Data\Viewpoint


-- Find3M Report ---------------------------------------------------------------

2007-12-14 07:05:09 0 d-------- C:\Program Files\Symantec AntiVirus
2007-11-12 20:09:56 0 d-------- C:\Program Files\QuickTime
2007-11-12 19:42:44 0 d-------- C:\Program Files\Apple Software Update


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D27987B8-7244-4DE0-AE10-39B826B492F1}]
12/13/2007 09:19 PM 14848 --a------ C:\WINDOWS\system32\bronto.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [08/02/2004 07:36 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [04/22/2004 04:23 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/22/2004 04:23 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [04/13/2005 03:48 AM]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [06/20/2002 03:30 PM]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [07/17/2002 10:18 AM]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [05/18/2005 02:49 PM]
"DadApp"="C:\Program Files\Dell\AccessDirect\dadapp.exe" [03/04/2004 11:36 AM]
"CamMonitor"="C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [06/22/2002 12:27 AM]
"BCMSMMSG"="BCMSMMSG.exe" [08/29/2003 05:59 AM C:\WINDOWS\BCMSMMSG.exe]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [12/17/2002 12:28 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [12/20/2004 01:41 PM]
"PRISMSVR.EXE"="C:\WINDOWS\system32\PRISMSVR.exe" []
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 09:35 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 09:32 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 09:36 AM]
"Undefined"="C:\WINDOWS\system32\winter.exe" [12/13/2007 09:19 PM]
"sis32"="C:\WINDOWS\system32\winsos.exe" [12/14/2007 07:06 AM]
"winroot"="C:\WINDOWS\system32\winsn.exe" [12/13/2007 09:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [12/08/2005 01:55 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [07/29/2006 07:34 PM]
"ares"="C:\Program Files\Ares\Ares.exe" []
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~3\wcescomm.exe" [06/20/2006 09:36 PM]
"Undefined"="C:\WINDOWS\system32\winter.exe" [12/13/2007 09:19 PM]

C:\Documents and Settings\nzeller\Start Menu\Programs\Startup\
DESKTOP.INI [3/20/2004 12:58:38 PM]
infos.exe [12/13/2007 9:19:22 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
autos.exe [12/13/2007 9:19:22 PM]
DESKTOP.INI [3/20/2004 12:58:38 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=1 (0x1)
"NoWindowsUpdate"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe C:\WINDOWS\system32\proper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\wowfx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc




-- End of Deckard's System Scanner: finished at 2007-12-14 07:13:36 ------------
Attached Files
File Type: txt Extra.txt (14.9 KB, 1 views)
nate04 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-14-2007, 05:25 AM   #2 (permalink)
Registered User
 
nate04's Avatar
 
Join Date: Feb 2005
Posts: 39
OS: XP


Re: Log: Big Problem!
P.S. Im sorry if there is some extra programs running. I did what I could with it because my computer is running sooooo crappy!
nate04 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-17-2007, 05:49 AM   #3 (permalink)
Registered User
 
nate04's Avatar
 
Join Date: Feb 2005
Posts: 39
OS: XP


Re: Log: Big Problem!
3 Day Bump! Please Help Administration privledges taken away!
nate04 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-23-2007, 01:45 PM   #4 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 21,354
OS: XP


Re: Log: Big Problem!
www.bleepingcomputer.com
www.forospyware.com
www.geekstogo.com

1. Please choose from any of the above links. Download the file & Save it to Desktop.

2. Double click on ComboFix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-23-2007, 02:11 PM   #5 (permalink)
Registered User
 
nate04's Avatar
 
Join Date: Feb 2005
Posts: 39
OS: XP


Re: Log: Big Problem!
I can't even open a webpage with that computer because of the virus. I tried to download and save it to a floppy but the file is too large. Is there anything else we can do to at least get it to open a webpage and keep it open? Or should I go buy a memory stick.
nate04 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-23-2007, 02:19 PM   #6 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 21,354
OS: XP


Re: Log: Big Problem!
Quote:
should I go buy a memory stick.
Give this a try first ...

Do a HijackThis scan & place a check next to these items and select "Fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe
O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\SYSTEM32\bronto.dll
O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
O4 - HKLM\..\Run: [sis32] C:\WINDOWS\system32\winsos.exe
O4 - HKLM\..\Run: [winroot] C:\WINDOWS\system32\winsn.exe
O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
O4 - Startup: infos.exe
O4 - Global Startup: autos.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll

Reboot & see if webpages open up properly
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-29-2007, 11:13 AM   #7 (permalink)
Registered User
 
nate04's Avatar
 
Join Date: Feb 2005
Posts: 39
OS: XP


Re: Log: Big Problem!
ok I did that and tried to get online and my computer went crazy. DOS windows kept popping up and a message on my toolbar from windows says that my computer was infected with spyware. when my symantic antivirus scans it say I have a Trojan.Peacomm.D I have no administative priviledges at all. I don't want to put my cmputer back on the internet until it is fixed because everytime I plug the internet into it, it gets worse. Here is my latest hijackThis file. I'm sorry if it isn't the most up to date HijackThis but I have no way to get a new one on the computer. Im afraid my computer is about to crash! If you can, tell me what to do with this log and if I need to get a memory stick to get some programs onto my sick computer.


Logfile of HijackThis v1.99.1
Scan saved at 1:18:27 PM, on 12/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\proper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\DIGStream\digstream.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\kernelwind32.exe
C:\WINDOWS\system32\newmaxxsv234.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\vedxg6ame4.exe
C:\Windows\xpupdate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\dllgh8jkd1q6.exe
C:\WINDOWS\system32\dllgh8jkd1q7.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\shovth.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll (file missing)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\ifastseek.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernelwind32.exe
O4 - HKLM\..\Run: [SystemSv12] C:\WINDOWS\system32\newmaxxsv234.exe
O4 - HKLM\..\Run: [QuickTime] C:\WINDOWS\mickey32.exe
O4 - HKLM\..\Run: [sis32] C:\WINDOWS\system32\winsos.exe
O4 - HKLM\..\Run: [winroot] C:\WINDOWS\system32\winsn.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe
O4 - HKCU\..\Run: [Brave-Sentry] C:\Program Files\BraveSentry\BraveSentry.exe
O4 - Startup: infos.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: autos.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - http://80-site.ebrary.com.fortwayne..../ebraryRdr.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documents\Settings\bot.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ZZZsvc_lich - Unknown owner - C:\lich.exe
nate04 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-29-2007, 11:31 AM   #8 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 21,354
OS: XP


Re: Log: Big Problem!
We need to get ComboFix onto the machine
Try this other trick ...

Go to Start > Run - type msconfig <Press Enter> (this opens the system configuration utility)
Under the General Tab, select Diagnostic Startup & click OK
Reboot your computer when prompted.
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-29-2007, 04:54 PM   #9 (permalink)
Registered User
 
nate04's Avatar
 
Join Date: Feb 2005
Posts: 39
OS: XP


Re: Log: Big Problem!
I got combofix on my computer by downloading it and putting it on a cd. When I run combofix a window pops up called "reg.exe - Application Error." It says "The applicaton failed to initialize properly (0xc0000142). Click on OK terminate the application." I've gotten a little farther everytime I try to run it. The last time combofix completed stage 30. I'm gonna keep trying until you respond.
nate04 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-29-2007, 08:00 PM   #10 (permalink)
Registered User
 
nate04's Avatar
 
Join Date: Feb 2005
Posts: 39
OS: XP


Re: Log: Big Problem!
Ok I got it to work. My computer is running a lot smoother thanks! Here are my combofix and HiJackThis Log:


ComboFix 07-12-30.1 - nzeller 2007-12-30 21:20:43.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.43 [GMT -5:00]Running from: C:\Documents and Settings\nzeller\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\.exe
C:\Documents and Settings\All Users.\documents\settings\bot.dll
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autos.exe
C:\Documents and Settings\nzeller\Application Data\install.dat
C:\Documents and Settings\nzeller\Application Data\microsoft\internet explorer\Desktop.htt
C:\Documents and Settings\nzeller\Start Menu\Programs\Startup\infos.exe
C:\Program Files\bravesentry
C:\Program Files\bravesentry\BraveSentry.exe
C:\Program Files\bravesentry\BraveSentry.lic
C:\Program Files\bravesentry\BraveSentry0.bs
C:\Program Files\bravesentry\BraveSentry0.dll
C:\Program Files\bravesentry\BraveSentry1.bs
C:\Program Files\bravesentry\BraveSentry2.dll
C:\Program Files\bravesentry\BraveSentry3.dll
C:\Program Files\bravesentry\Uninstall.exe
C:\Program Files\Helper
C:\Program Files\Helper\ifastseek.dll
C:\WINDOWS\desktop.html
C:\WINDOWS\system32\dllgh8jkd1q1.exe
C:\WINDOWS\system32\dllgh8jkd1q2.exe
C:\WINDOWS\system32\dllgh8jkd1q5.exe
C:\WINDOWS\system32\dllgh8jkd1q6.exe
C:\WINDOWS\system32\dllgh8jkd1q7.exe
C:\WINDOWS\system32\dllgh8jkd1q8.exe
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\kernelwind32.exe
C:\WINDOWS\system32\kr_done1
C:\WINDOWS\system32\max1d11643v.exe
C:\WINDOWS\system32\newmaxxsv234.exe
C:\WINDOWS\system32\proper.exe
C:\WINDOWS\system32\shovth.exe
C:\WINDOWS\system32\vedxg4am1et2.exe
C:\WINDOWS\system32\vedxg6ame4.exe
C:\WINDOWS\system32\vedxga1me4t1.exe
C:\WINDOWS\system32\vedxga3me2.exe
C:\WINDOWS\system32\vedxga4m1et4.exe
C:\WINDOWS\system32\vedxga4me1.exe
C:\WINDOWS\system32\vedxga5me3.exe
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\system32\winsn.exe
C:\WINDOWS\system32\winsos.exe
C:\WINDOWS\system32\winter.exe
C:\WINDOWS\system32\wowfx.dll
C:\WINDOWS\trayicons.exe
C:\WINDOWS\windisk.dll
C:\WINDOWS\windows.exe
C:\WINDOWS\wsystmp_svo.exe
C:\WINDOWS\wsystmp_uco.exe
C:\windows\xpupdate.exe
C:\Documents and Settings\All Users.\documents\settings

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\Driver




((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-31 )))))))))))))))))))))))))))))))
.

2007-12-29 12:59 . 2007-12-29 12:59 29 --a------ C:\WINDOWS\SYSTEM32\gddytuuh.tmp
2007-12-29 12:55 . 2007-12-29 12:55 0 --a------ C:\WINDOWS\SYSTEM32\lich.dat
2007-12-29 12:55 . 2007-12-29 12:55 0 --a------ C:\BraveSentry.lnk
2007-12-29 12:54 . 2007-12-29 12:54 142,848 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mqtu75.sys
2007-12-29 12:54 . 2007-12-30 21:15 69,632 --a------ C:\WINDOWS\SYSTEM32\csrssw.dll
2007-12-29 12:54 . 2007-12-29 12:54 48,146 --a------ C:\WINDOWS\taskmon.exe
2007-12-29 12:54 . 2007-12-29 12:54 35,840 --a------ C:\WINDOWS\mickey32.exe
2007-12-13 23:00 . 2007-12-13 23:00 <DIR> d-------- C:\Deckard
2007-12-13 21:26 . 2007-12-13 21:20 89,088 ---h----- C:\Documents and Settings\nzeller\nzeller.exe
2007-12-13 21:26 . 2007-12-13 21:20 89,088 ---h----- C:\Documents and Settings\All Users\All Users.exe
2007-12-13 21:26 . 2007-12-13 21:20 89,088 ---h----- C:\Documents and Settings\Administrator\Administrator.exe
2007-12-13 21:20 . 2007-12-13 21:20 89,088 ---hs---- C:\70AA1EBD.exe
2007-12-13 21:20 . 2007-12-13 21:20 93 -r-hs---- C:\autorun.inf
2007-12-13 20:53 . 2007-12-13 20:53 28,929 --a------ C:\Documents and Settings\nzeller\wn852.exe
2007-12-02 20:37 . 2007-12-02 20:37 <DIR> d-------- C:\Documents and Settings\nzeller\Application Data\Viewpoint
2007-11-12 20:01 . 2007-11-12 20:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-12 20:01 . 2007-11-12 20:01 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-12 19:42 . 2007-11-12 19:42 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-12 19:42 . 2007-11-12 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-31 02:17 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-12-14 04:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\DIGStream
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\Registration\Registration.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\UploadLB\Config\Config.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\UploadLB\Binaries\Binaries.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Roxio, Inc.,L=Milpitas,S=CA,C=US\roxv53en\roxv53en.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Remote Assistance.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Unsolicited\Unsolicited.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\Email.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\Common.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Css\Css.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\Common.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Intervideo, Inc.,L=Fremont,S=CA,C=US\WinDVD\WinDVD.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Dell Computer Corporation,L=Round Rock,S=Texas,C=US\lathelp\lathelp.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Broadcom Corporation,L=Irvine,S=CA,C=US\dtwcenxp\dtwcenxp.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Broadcom Corporation,L=Irvine,S=CA,C=US\bcsmenxp\bcsmenxp.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Broadcom Corporation,L=Irvine,S=CA,C=US\bcm440x\graphics\graphics.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Broadcom Corporation,L=Irvine,S=CA,C=US\bcm440x\bcm440x.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System_OEM\XMLs\XMLs.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System_OEM\scripts\scripts.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System_OEM\panels\panels.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System_OEM\images\images.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System_OEM\css\css.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System_OEM\blurbs\blurbs.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\UpdateCtr.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System\System.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\sysinfo.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\graphics\graphics.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\graphics\47x24pie\47x24pie.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\graphics\33x16pie\33x16pie.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System\scripts\scripts.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Remote Assistance.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\Server.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\Common.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\Client.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Css\Css.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\Common.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System\rc\rc.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System\panels\subpanels\subpanels.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System\panels\panels.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System\NetDiag\NetDiag.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System\images\images.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System\images\Expando\Expando.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System\images\Centers\Centers.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System\images\48x48\48x48.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System\images\32x32\32x32.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System\images\24x24\24x24.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System\images\16x16\16x16.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System\errors\errors.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System\ErrMsg\ErrMsg.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System\DVDUpgrd\DVDUpgrd.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System\dialogs\dialogs.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System\css\css.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\CompatCtr.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\System\blurbs\blurbs.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\PackageStore\PackageStore.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\Professional_32#0409.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\OfflineCache.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\Logs\Logs.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\Indices\Indices.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\DataColl\DataColl.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\Database\Database.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\Config\Config.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\Config\Cache\Cache.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\PCHealth\HelpCtr\Binaries\Binaries.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\Media\Media.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\Help\Tours\WindowsMediaPlayer\WindowsMediaPlayer.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\Video.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Scr\Scr.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\WMarks.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Img.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\Btn.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Css\Css.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt\Cnt.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\Wav.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Audio.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\Help\Tours\mmTour\mmTour.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\Help\Tours\htmlTour\htmlTour.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\Help\SBSI\Training\WXPPRO\WXPPRO.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\Help\SBSI\Training\WXPPRO\Content\Wave\Wave.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\Help\SBSI\Training\WXPPRO\Content\Lib\Lib.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\Help\SBSI\Training\WXPPRO\Content\Cbz\Cbz.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\Help\SBSI\Training\WXPPRO\CBO\CBO.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\Help\SBSI\Training\Training.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\Help\SBSI\Training\Database\Database.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\Help\Help.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\Cursors\Cursors.exe
2007-12-14 02:20 89,088 ---h--w C:\WINDOWS\AppPatch\AppPatch.exe
2007-12-03 01:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-13 01:09 --------- d-----w C:\Program Files\QuickTime
2006-02-26 04:15 5,711 ----a-w C:\Program Files\hijackthis.log
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-12-08 13:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-07-29 19:34]
"ares"="C:\Program Files\Ares\Ares.exe" []
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~3\wcescomm.exe" [2006-06-20 21:36]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-08-02 19:36]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-04-22 16:23]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-04-22 16:23]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-06-20 15:30]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-07-17 10:18]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [2005-05-18 14:49]
"DadApp"="C:\Program Files\Dell\AccessDirect\dadapp.exe" [2004-03-04 11:36]
"CamMonitor"="C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-22 00:27]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 05:59 C:\WINDOWS\BCMSMMSG.exe]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 12:28]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2004-12-20 13:41]
"PRISMSVR.EXE"="C:\WINDOWS\system32\PRISMSVR.exe" []
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36]
"QuickTime"="C:\WINDOWS\mickey32.exe" [2007-12-29 12:54]
"sis32"="C:\WINDOWS\system32\winsos.exe" []
"winroot"="C:\WINDOWS\system32\winsn.exe" []

R3 ZZZdrv_lich;ZZZdrv_lich;C:\lich.sys [2007-12-30 21:15]
S2 ZZZsvc_lich;ZZZsvc_lich;C:\lich.exe [2007-12-29 12:54]
S3 jgameenp;jgameenp;C:\DOCUME~1\nzeller\LOCALS~1\Temp\jgameenp.sys []

.
Contents of the 'Scheduled Tasks' folder
"2007-09-23 15:12:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 21:28:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\Program Files\Internet Explorer\iexplore.exe [1404] 0xFF4F2330

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-30 21:30:53
C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 02:30:22






-------------------------------------------------------------------------



Logfile of HijackThis v1.99.1
Scan saved at 9:33:14 PM, on 12/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime] C:\WINDOWS\mickey32.exe
O4 - HKLM\..\Run: [sis32] C:\WINDOWS\system32\winsos.exe
O4 - HKLM\..\Run: [winroot] C:\WINDOWS\system32\winsn.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - http://80-site.ebrary.com.fortwayne..../ebraryRdr.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ZZZsvc_lich - Unknown owner - C:\lich.exe
nate04 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!