Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Help with numerous pop ups
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 07-17-2007, 01:00 PM   #1 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 43
OS: XP


Help with numerous pop ups
Hello, I would like for someone to help me with a pop-up problem I am having. My daughter was on the internet yesterday and after she got off - wham!

Here is my main txt file, Thanks!

Deckard's System Scanner v20070711.54
Run by Mom on 2007-07-17 at 13:21:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
38: 2007-07-17 18:21:50 UTC - RP38 - Deckard's System Scanner Restore Point
37: 2007-07-17 14:31:06 UTC - RP37 - Removed Internet Service Offers Launcher
36: 2007-07-17 03:23:59 UTC - RP36 - Removed Windows Live Toolbar
35: 2007-07-17 03:23:03 UTC - RP35 - Removed Windows Live Favorites for Windows Live Toolbar
34: 2007-07-17 00:56:59 UTC - RP34 - Installed Ad-Aware 2007


-- First Restore Point --
1: 2007-06-21 00:00:45 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-07-17 13:22:49
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\Program Files\McAfee.com\VSO\McShield.exe
C:\Program Files\McAfee.com\Agent\McTskshd.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee\SpamKiller\MSKAgent.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\vjcwogxA.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
C:\WINDOWS\system32\mrdsregq.exe
C:\Program Files\NetWaiting\netwaiting.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Mom\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F404FB4-EAB7-48FA-90CC-70B9E8BE40D6} - C:\Program Files\Windows NT\vizycijuq83122.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - C:\Program Files\McAfee\SpamKiller\McApfBHO.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: BayScribeBHO - {5E028439-81C7-4B82-BC74-25156306F532} - C:\Program Files\BayScribe\bayscribe.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\fduqefvb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: 0 - {BC82B137-653F-4BB6-469B-27102E1A3DBD} - C:\Program Files\Common Files\zyliv.dll
O2 - BHO: (no name) - {DCD53738-C4F9-414A-A03C-C7405A4AC844} - C:\WINDOWS\system32\wvussrp.dll
O2 - BHO: (no name) - {E73B4B26-2D32-40C3-A5D4-5AD0FEABB727} - C:\WINDOWS\system32\gebyw.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\Program Files\McAfee.com\VSO\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vjcwogxA] C:\WINDOWS\vjcwogxA.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\pwinsndt.exe SKY009
O4 - HKLM\..\Run: [{66-6E-E9-9D-ZN}] C:\windows\system32\mrdsregq.exe SKY009
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\pusyxdph.dll",forkonce
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\pwinsndt.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\Program Files\McAfee\SpamKiller\McApfBHO.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\Program Files\McAfee\SpamKiller\McApfBHO.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://online.musicmatch.com (HKLM)
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework...ex/TmHcmsX.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1182429767203
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D9E4E21E-60E0-11DA-91EB-00123F33E209} (DNInstallerOCX Class) - https://mq1webc2.speechmachines.org/...Installer2.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - Winlogon Notify: gebyw - C:\WINDOWS\system32\gebyw.dll
O20 - Winlogon Notify: wvussrp - C:\WINDOWS\system32\wvussrp.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
O23 - Service: Apple Mobile Device - Apple, Inc. - "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\Mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - C:\Program Files\McAfee.com\VSO\McShield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\McTskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 core - c:\windows\system32\drivers\core.sys
R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys <Not Verified; McAfee; McAfee Personal Firewall>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 GEARSecurity - c:\windows\system32\gearsec.exe <Not Verified; GEAR Software; gearsec>

S2 MskService (McAfee SpamKiller Server) - c:\progra~1\mcafee\spamki~1\msksrvr.exe <Not Verified; McAfee Inc.; McAfee SpamKiller>
S2 Net Agent - c:\windows\dls0523pmw.exe (file missing)


-- Scheduled Tasks -------------------------------------------------------------

2007-07-16 13:10:09 352 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (OSTLUND-Jarrod).job


-- Files created between 2007-06-17 and 2007-07-17 -----------------------------

2007-07-17 12:23:36 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2007-07-17 12:23:35 0 d-------- C:\Program Files\SpywareBlaster
2007-07-17 12:20:04 0 d-------- C:\Documents and Settings\Mom\Application Data\Viewpoint
2007-07-17 09:35:35 8576 --a------ C:\WINDOWS\system32\drivers\pbcmdqamwenb.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-07-17 09:25:08 8576 --a------ C:\WINDOWS\system32\drivers\ojhbtmlmxujf.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-07-17 09:24:46 401 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys
2007-07-17 09:24:46 8704 --a------ C:\WINDOWS\system32\pfdnnt.exe <Not Verified; Panda Software International; Panda Anti-malware>
2007-07-17 09:11:38 70144 -----n--- C:\Program Files\Common Files\zyliv.dll
2007-07-17 09:10:31 128576 --a------ C:\WINDOWS\system32\pusyxdph.dll
2007-07-17 08:22:27 66624 -----n--- C:\WINDOWS\system32\fduqefvb.dll
2007-07-17 08:18:27 1931285 ---hs---- C:\WINDOWS\system32\wybeg.bak2
2007-07-17 08:17:29 8576 --a------ C:\WINDOWS\system32\drivers\dyliccwcpjrt.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-07-17 08:00:38 8576 --a------ C:\WINDOWS\system32\drivers\bigwvxwkfbgk.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-07-17 07:21:39 246 --a------ C:\Program Files\Common Files\zyliv
2007-07-17 07:21:37 135168 --a------ C:\WINDOWS\tk58.exe
2007-07-16 23:18:35 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-07-16 21:56:43 49162 --a------ C:\WINDOWS\system32\mrdsregq.exe
2007-07-16 19:57:03 0 d-------- C:\Program Files\Lavasoft
2007-07-16 19:57:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-07-16 19:55:39 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-16 18:43:03 6409 ---hs---- C:\WINDOWS\system32\wybeg.bak1
2007-07-16 18:42:35 266336 -----n--- C:\WINDOWS\system32\gebyw.dll
2007-07-16 18:41:13 0 d-------- C:\Program Files\InetGet2
2007-07-16 18:38:45 934 --a------ C:\WINDOWS\system32\winpfz32.sys
2007-07-16 18:38:21 192611 --a------ C:\WINDOWS\system32\pwinsndt.exe
2007-07-16 18:38:09 49158 --a------ C:\WINDOWS\system32\dwdsregt.exe
2007-07-16 18:38:07 1146352 -r-hs---- C:\WINDOWS\vjcwogxA.exe <Not Verified; System Service; System Monitor Service>
2007-07-16 18:38:07 34816 --a------ C:\WINDOWS\rau001978.exe
2007-07-16 18:38:04 49152 --a------ C:\WINDOWS\TISKY009.exe
2007-07-16 18:38:02 31254 --a------ C:\WINDOWS\system32\opnlmmk.dll
2007-07-16 18:38:02 72832 --a------ C:\WINDOWS\system32\drivers\core.sys
2007-07-16 18:38:01 0 d-------- C:\WINDOWS\system32\Z7
2007-07-16 18:38:01 0 d-------- C:\WINDOWS\system32\Z5
2007-07-16 18:38:01 0 d-------- C:\WINDOWS\system32\Z3
2007-07-16 18:38:01 0 d-------- C:\WINDOWS\system32\Z11
2007-07-16 18:38:01 0 d-------- C:\WINDOWS\system32\Z1
2007-07-16 18:38:01 0 d-------- C:\WINDOWS\system32\driver
2007-07-16 18:37:51 376832 --a------ C:\WINDOWS\system32\WinNB58.dll <Not Verified; ; MBar IES AFF>
2007-07-16 18:37:39 0 d-------- C:\Documents and Settings\Mom\Application Data\T?sks
2007-07-16 18:37:31 31254 --a------ C:\WINDOWS\system32\wvussrp.dll
2007-07-16 18:37:31 0 d-------- C:\WINDOWS\system32\b02FdUe
2007-07-16 18:37:31 0 d-------- C:\Temp
2007-07-14 17:41:33 552 --a------ C:\WINDOWS\eReg.dat
2007-07-14 17:29:21 0 d-------- C:\Program Files\EA GAMES
2007-07-09 15:05:49 0 d-------- C:\Program Files\SmartFTP Client
2007-07-08 20:59:55 0 d-------- C:\Documents and Settings\James\Application Data\acccore
2007-07-01 17:29:58 0 d-------- C:\Program Files\iPod
2007-07-01 17:29:54 0 d-------- C:\Program Files\iTunes
2007-07-01 17:29:09 0 d-------- C:\Program Files\QuickTime
2007-07-01 17:28:54 0 d-------- C:\Program Files\Apple Software Update
2007-07-01 17:28:27 0 d-------- C:\Program Files\Common Files\Apple
2007-07-01 17:28:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-07-01 17:27:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-07-01 17:18:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-07-01 17:09:00 0 d-------- C:\Program Files\Windows Media Connect 2
2007-07-01 17:07:24 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-06-30 18:30:19 0 d-------- C:\Documents and Settings\James\Application Data\Sonic
2007-06-30 18:12:45 0 d-------- C:\Documents and Settings\James\Application Data\Skype
2007-06-30 16:47:11 0 d-------- C:\Documents and Settings\Mom\Application Data\Skype
2007-06-30 10:02:44 0 d-------- C:\Documents and Settings\Jill\Application Data\Skype
2007-06-29 12:44:43 0 d-------- C:\Documents and Settings\James\Application Data\Corel Photo Album
2007-06-28 17:15:58 0 d-------- C:\Program Files\Winamp
2007-06-28 16:54:22 0 d-------- C:\Program Files\Skype
2007-06-28 16:54:22 0 d-------- C:\Program Files\Common Files\Skype
2007-06-28 16:54:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-06-26 16:27:04 0 d-------- C:\Documents and Settings\Mom\Application Data\Corel Photo Album
2007-06-25 17:10:34 0 d-------- C:\Documents and Settings\Mom\Contacts
2007-06-25 09:43:45 0 d-------- C:\Documents and Settings\Mom\Application Data\AdobeUM
2007-06-24 16:25:33 0 d-------- C:\Documents and Settings\Jill\Application Data\CyberLink
2007-06-24 15:48:57 0 d-------- C:\Documents and Settings\Jill\Application Data\Corel Photo Album
2007-06-23 22:54:39 0 d-------- C:\Documents and Settings\James\Contacts
2007-06-23 22:47:19 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-23 22:43:44 0 d-------- C:\Program Files\MSXML 4.0
2007-06-23 19:56:46 0 d---s---- C:\Documents and Settings\Jill\UserData
2007-06-23 18:15:33 0 d-------- C:\Documents and Settings\Jill\Application Data\AdobeUM
2007-06-23 18:15:23 0 d-------- C:\Documents and Settings\Jill\Application Data\Adobe
2007-06-23 17:05:20 0 d-------- C:\WINDOWS\Sun
2007-06-23 16:35:38 0 d-------- C:\WINDOWS\system32\PreInstall
2007-06-23 16:04:02 0 d-------- C:\Documents and Settings\Jill\Contacts
2007-06-23 16:01:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-06-23 16:01:38 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-23 16:00:37 0 d-------- C:\Program Files\Windows Live Toolbar
2007-06-23 16:00:09 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-06-23 15:59:47 0 d-------- C:\Program Files\MSN Messenger
2007-06-23 13:38:37 442368 -ra------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2007-06-23 10:50:11 0 d-------- C:\Documents and Settings\Jill\Application Data\Macromedia
2007-06-23 10:48:30 0 d-------- C:\Documents and Settings\Jill\Application Data\Google
2007-06-23 10:48:30 0 d-------- C:\Documents and Settings\Jill\Application Data\BayScribe
2007-06-23 10:44:31 0 d-------- C:\Documents and Settings\Jill\Application Data\McAfee.com Personal Firewall
2007-06-23 10:44:29 0 d-------- C:\Documents and Settings\Jill\Application Data\GTek
2007-06-23 10:44:06 0 d--h----- C:\Documents and Settings\Jill\Templates
2007-06-23 10:44:06 0 dr------- C:\Documents and Settings\Jill\Start Menu
2007-06-23 10:44:06 0 dr-h----- C:\Documents and Settings\Jill\SendTo
2007-06-23 10:44:06 0 dr-h----- C:\Documents and Settings\Jill\Recent
2007-06-23 10:44:06 0 d--h----- C:\Documents and Settings\Jill\PrintHood
2007-06-23 10:44:06 0 d--h----- C:\Documents and Settings\Jill\NetHood
2007-06-23 10:44:06 0 dr------- C:\Documents and Settings\Jill\My Documents
2007-06-23 10:44:06 0 d--h----- C:\Documents and Settings\Jill\Local Settings
2007-06-23 10:44:06 0 dr------- C:\Documents and Settings\Jill\Favorites
2007-06-23 10:44:06 0 d-------- C:\Documents and Settings\Jill\Desktop
2007-06-23 10:44:06 0 d---s---- C:\Documents and Settings\Jill\Cookies
2007-06-23 10:44:06 0 dr-h----- C:\Documents and Settings\Jill\Application Data
2007-06-23 10:44:06 0 d-------- C:\Documents and Settings\Jill\Application Data\Symantec
2007-06-23 10:44:06 0 d-------- C:\Documents and Settings\Jill\Application Data\Sun
2007-06-23 10:44:06 0 d---s---- C:\Documents and Settings\Jill\Application Data\Microsoft
2007-06-23 10:44:06 0 d-------- C:\Documents and Settings\Jill\Application Data\InstallShield
2007-06-23 10:44:06 0 d-------- C:\Documents and Settings\Jill\Application Data\Identities
2007-06-23 10:44:05 3145728 --ah----- C:\Documents and Settings\Jill\NTUSER.DAT
2007-06-22 13:52:45 0 d-------- C:\Documents and Settings\James\Application Data\Macromedia
2007-06-22 13:52:20 0 d-------- C:\Documents and Settings\James\Application Data\Google
2007-06-22 13:52:20 0 d-------- C:\Documents and Settings\James\Application Data\BayScribe
2007-06-22 11:52:34 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-06-22 11:52:00 0 d-------- C:\Program Files\AIM6
2007-06-22 11:50:18 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-06-21 23:30:08 3766 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-06-21 23:30:08 88 -r-hs---- C:\WINDOWS\system32\94F63881E8.sys
2007-06-21 13:11:52 0 d-------- C:\Documents and Settings\James\Application Data\McAfee.com Personal Firewall
2007-06-21 13:11:51 0 d-------- C:\Documents and Settings\James\Application Data\GTek
2007-06-21 13:11:27 0 dr------- C:\Documents and Settings\James\Favorites
2007-06-21 13:11:27 0 d-------- C:\Documents and Settings\James\Desktop
2007-06-21 13:11:27 0 d---s---- C:\Documents and Settings\James\Cookies
2007-06-21 13:11:27 0 dr-h----- C:\Documents and Settings\James\Application Data
2007-06-21 13:11:27 0 d-------- C:\Documents and Settings\James\Application Data\Symantec
2007-06-21 13:11:27 0 d-------- C:\Documents and Settings\James\Application Data\Sun
2007-06-21 13:11:27 0 d---s---- C:\Documents and Settings\James\Application Data\Microsoft
2007-06-21 13:11:27 0 d-------- C:\Documents and Settings\James\Application Data\InstallShield
2007-06-21 13:11:27 0 d-------- C:\Documents and Settings\James\Application Data\Identities
2007-06-21 13:11:26 0 d--h----- C:\Documents and Settings\James\Templates
2007-06-21 13:11:26 0 dr------- C:\Documents and Settings\James\Start Menu
2007-06-21 13:11:26 0 dr-h----- C:\Documents and Settings\James\SendTo
2007-06-21 13:11:26 0 dr-h----- C:\Documents and Settings\James\Recent
2007-06-21 13:11:26 0 d--h----- C:\Documents and Settings\James\PrintHood
2007-06-21 13:11:26 1572864 --ah----- C:\Documents and Settings\James\NTUSER.DAT
2007-06-21 13:11:26 0 d--h----- C:\Documents and Settings\James\NetHood
2007-06-21 13:11:26 0 dr------- C:\Documents and Settings\James\My Documents
2007-06-21 13:11:26 0 d--h----- C:\Documents and Settings\James\Local Settings
2007-06-21 09:29:04 0 d-------- C:\Documents and Settings\Mom\Application Data\BayScribe
2007-06-21 09:25:29 0 d-------- C:\Program Files\BayScribe
2007-06-21 08:45:39 0 d-------- C:\Documents and Settings\Mom\Application Data\CyberLink
2007-06-21 0830 0 d-------- C:\Documents and Settings\All Users\Application Data\DocQscribe
2007-06-21 08:05:28 0 d-------- C:\Program Files\Common Files\Philips Speech Shared
2007-06-21 08:04:37 0 d-------- C:\Program Files\DocQscribe
2007-06-21 07:45:35 0 d-------- C:\Documents and Settings\Mom\Application Data\Adobe
2007-06-21 07:45:33 0 d-------- C:\Program Files\Common Files\Adobe
2007-06-21 07:42:40 0 d---s---- C:\Documents and Settings\Mom\UserData
2007-06-21 07:42:06 0 d-------- C:\Documents and Settings\Mom\Application Data\Macromedia
2007-06-21 07:40:50 0 d-------- C:\Documents and Settings\Mom\Application Data\Google
2007-06-21 07:39:07 0 d-------- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2007-06-21 07:36:26 0 d-------- C:\Documents and Settings\Mom\Application Data\McAfee.com Personal Firewall
2007-06-21 07:36:25 0 d-------- C:\Documents and Settings\Mom\Application Data\GTek
2007-06-21 07:35:54 0 dr------- C:\Documents and Settings\Mom\Favorites
2007-06-21 07:35:54 0 d-------- C:\Documents and Settings\Mom\Desktop
2007-06-21 07:35:54 0 d---s---- C:\Documents and Settings\Mom\Cookies
2007-06-21 07:35:54 0 dr-h----- C:\Documents and Settings\Mom\Application Data
2007-06-21 07:35:54 0 d-------- C:\Documents and Settings\Mom\Application Data\Symantec
2007-06-21 07:35:54 0 d-------- C:\Documents and Settings\Mom\Application Data\Sun
2007-06-21 07:35:54 0 d-------- C:\Documents and Settings\Mom\Application Data\InstallShield
2007-06-21 07:35:54 0 d-------- C:\Documents and Settings\Mom\Application Data\Identities
2007-06-21 07:35:53 0 d--h----- C:\Documents and Settings\Mom\Templates
2007-06-21 07:35:53 0 dr------- C:\Documents and Settings\Mom\Start Menu
2007-06-21 07:35:53 0 dr-h----- C:\Documents and Settings\Mom\SendTo
2007-06-21 07:35:53 0 dr-h----- C:\Documents and Settings\Mom\Recent
2007-06-21 07:35:53 0 d--h----- C:\Documents and Settings\Mom\PrintHood
2007-06-21 07:35:53 3145728 --ah----- C:\Documents and Settings\Mom\NTUSER.DAT
2007-06-21 07:35:53 0 d--h----- C:\Documents and Settings\Mom\NetHood
2007-06-21 07:35:53 0 dr------- C:\Documents and Settings\Mom\My Documents
2007-06-21 07:35:53 0 d--h----- C:\Documents and Settings\Mom\Local Settings
2007-06-20 22:05:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-06-20 22:05:28 0 d-------- C:\Program Files\Google
2007-06-20 21:14:36 0 d-------- C:\Program Files\Soulseek
2007-06-20 20:58:30 0 d-------- C:\Program Files\Power Tab Software
2007-06-20 20:31:11 0 d-------- C:\Program Files\Ares
2007-06-20 19:15:53 0 d-------- C:\Program Files\DellSupport
2007-06-20 19:09:56 0 d-------- C:\Program Files\Audacity
2007-06-20 19:05:18 0 d-------- C:\WINDOWS\system32\LogFiles
2007-06-20 19:00:36 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2007-06-20 19:00:24 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2007-06-20 19:00:24 0 d-------- C:\Documents and Settings\Default User\Application Data\Sun
2007-06-20 19:00:24 0 d-------- C:\Documents and Settings\Default User\Application Data\InstallShield
2007-06-20 19:00:24 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities
2007-06-20 18:53:16 0 d-------- C:\Program Files\McAfee
2007-06-20 18:53:16 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-06-20 18:53:10 9216 --a------ C:\WINDOWS\system32\MpfApi.dll <Not Verified; McAfee; McAfee Personal Firewall>
2007-06-20 18:53:10 80640 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys <Not Verified; McAfee; McAfee Personal Firewall>
2007-06-20 18:53:06 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2007-06-20 18:52:29 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-06-20 18:52:18 0 d-------- C:\Program Files\McAfee.com
2007-06-20 18:51:36 0 d-------- C:\Program Files\Corel Corporation
2007-06-20 18:51:10 0 d-------- C:\Program Files\Corel
2007-06-20 18:51:10 0 d-------- C:\Program Files\Common Files\Corel
2007-06-20 18:50:34 149504 --a------ C:\WINDOWS\UNWISE.EXE
2007-06-20 18:49:15 712704 --a------ C:\WINDOWS\system32\DellSystemRestore.dll
2007-06-20 18:49:04 4608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys <Not Verified; Symantec Corporation; Symantec Core Component>
2007-06-20 18:48:47 0 d-------- C:\Program Files\Norton Ghost
2007-06-20 18:48:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-06-20 18:47:58 0 d-------- C:\Program Files\Symantec
2007-06-20 18:47:58 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-06-20 18:47:58 0 --ah----- C:\Documents and Settings\All Users\Application Data\gwseh.dat
2007-06-20 18:47:21 0 d-------- C:\Documents and Settings\All Users\Application Data\GTek
2007-06-20 18:47:06 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-06-20 18:46:42 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-06-20 18:46:37 0 d-------- C:\WINDOWS\system32\dla
2007-06-20 18:46:36 0 d-------- C:\Program Files\Sonic
2007-06-20 18:46:28 0 d-------- C:\Program Files\EarthLink Setup
2007-06-20 18:46:21 0 d-------- C:\Program Files\AOL Companion
2007-06-20 18:46:20 0 d-------- C:\WINDOWS\occache
2007-06-20 18:46:20 0 d-------- C:\Program Files\Learn2.com
2007-06-20 18:46:19 0 d-------- C:\Program Files\Viewpoint
2007-06-20 18:46:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-06-20 18:46:12 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2007-06-20 18:46:08 0 d-------- C:\Program Files\Common Files\Nullsoft
2007-06-20 18:46:04 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
2007-06-20 18:46:04 0 d-------- C:\My Music
2007-06-20 18:46:01 0 d-------- C:\Program Files\Real
2007-06-20 18:46:01 0 d-------- C:\Program Files\Common Files\Real
2007-06-20 18:45:39 1044480 --a------ C:\WINDOWS\system32\roboex32.dll <Not Verified; eHelp Corporation.; RoboHELP for WinHelp 9>
2007-06-20 18:45:39 153088 --a------ C:\WINDOWS\system32\jgdwmie.dll <Not Verified; America Online; JG Decoder>
2007-06-20 18:45:39 54784 --a------ C:\WINDOWS\system32\Inetwh32.dll <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2007-06-20 18:45:21 225280 --a------ C:\WINDOWS\system32\AOLDial.dll <Not Verified; America Online, Inc; AOL Connectivity Service>
2007-06-20 18:45:19 0 d-------- C:\Program Files\Common Files\aolshare
2007-06-20 18:45:17 0 d-------- C:\Program Files\America Online 9.0
2007-06-20 18:45:17 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-06-20 18:45:08 335 --a------ C:\WINDOWS\nsreg.dat
2007-06-20 18:45:08 0 d-------- C:\Program Files\Common Files\AOL
2007-06-20 18:45:04 0 d-------- C:\Program Files\Microsoft Plus! Photo Story 2 LE
2007-06-20 18:45:00 0 d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
2007-06-20 18:44:25 0 d-------- C:\Program Files\MUSICMATCH
2007-06-20 18:43:51 0 d-------- C:\WINDOWS\RegisteredPackages
2007-06-20 18:43:49 0 d-------- C:\Program Files\NetZeroInstallers
2007-06-20 18:43:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-06-20 18:43:14 53248 --a------ C:\WINDOWS\system32\DellSys.dll <Not Verified; Dell Inc; OpenManage Client Instrumentation Lite>
2007-06-20 18:43:10 17153 --a------ C:\WINDOWS\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
2007-06-20 18:42:57 0 d-------- C:\Program Files\CyberLink
2007-06-20 18:42:50 0 d-------- C:\Program Files\Digital Line Detect
2007-06-20 18:42:43 0 d-------- C:\Program Files\NetWaiting
2007-06-20 18:42:36 0 d-------- C:\Program Files\Modem Helper
2007-06-20 18:42:21 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-06-20 18:41:42 0 d-------- C:\Program Files\Broadcom
2007-06-20 18:41:37 0 d-------- C:\WINDOWS\Downloaded Installations
2007-06-20 18:41:19 0 d-------- C:\Program Files\Synaptics
2007-06-20 18:41:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-20 18:41:07 16128 --a------ C:\WINDOWS\system32\drivers\APPDRV.SYS <Not Verified; Dell Inc; Application Driver>
2007-06-20 18:39:31 0 d-------- C:\Program Files\CONEXANT
2007-06-20 18:39:25 1052672 --a------ C:\WINDOWS\system32\stlang.dll <Not Verified; SigmaTel, Inc.; C-Major Audio>
2007-06-20 18:39:25 282624 --a------ C:\WINDOWS\stsystra.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
2007-06-20 18:39:25 0 d-------- C:\Program Files\Sigmatel
2007-06-20 18:38:26 770048 --a------ C:\WINDOWS\system32\BCMLogon.dll <Not Verified; Dell Inc.; Wireless Network Logon Provider>
2007-06-20 18:38:23 86016 --a------ C:\WINDOWS\system32\preflib.dll
2007-06-20 18:38:23 33664 --a------ C:\WINDOWS\system32\drivers\BCMWLNPF.SYS <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
2007-06-20 18:38:22 20480 --a------ C:\WINDOWS\system32\WLTRYSVC.EXE
2007-06-20 18:38:22 1392640 --a------ C:\WINDOWS\system32\WLTRAY.EXE <Not Verified; Dell Inc.; Dell Wireless WLAN Card Wireless Network Tray Applet>
2007-06-20 18:38:22 253952 --a------ C:\WINDOWS\system32\bcmwlu00.exe <Not Verified; Dell Inc.; Dell Wireless WLAN Card Uninstaller>
2007-06-20 18:38:22 1253376 --a------ C:\WINDOWS\system32\BCMWLTRY.EXE <Not Verified; Dell Inc.; Dell Wireless WLAN Card Wireless Network Controller>
2007-06-20 18:38:22 69632 --a------ C:\WINDOWS\system32\bcmwlpkt.dll <Not Verified; CACE Technologies; WinPcap low level packet library>
2007-06-20 18:38:21 2129920 --a------ C:\WINDOWS\system32\WLBCGCBPRO731.DLL <Not Verified; BCGSoft Ltd; BCGControlBar Professional Dynamic Link Library>
2007-06-20 18:38:21 757760 --a------ C:\WINDOWS\system32\bcm1xsup.dll
2007-06-20 18:38:21 0 d-------- C:\Program Files\Dell
2007-06-20 18:38:19 0 d-------- C:\Program Files\Common Files\InstallShield
2007-06-20 18:36:01 0 d-------- C:\Program Files\Java
2007-06-20 18:36:00 0 d-------- C:\Program Files\Common Files\Java
2007-06-20 18:34:26 0 d--h----- C:\WINDOWS\$hf_mig$
2007-06-20 18:26:55 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-06-19 20:50:19 155648 --a------ C:\WINDOWS\system32\GWSEH.dll <Not Verified; America Online, Inc.; GWSEH Module>
2007-06-19 20:49:52 24576 --a------ C:\WINDOWS\system32\DSRIRREM.EXE
2007-06-19 20:49:52 1488 --a------ C:\WINDOWS\system32\DSR_BAT.BAT
2007-06-19 20:48:21 49152 --a------ C:\WINDOWS\setpwrcg.exe
2007-06-19 20:48:02 0 d-------- C:\drivers


-- Find3M Report ---------------------------------------------------------------

2007-07-17 11:39:35 0 d-------- C:\Program Files\Windows NT
2007-07-17 11:37:58 0 d-------- C:\Program Files\Messenger
2007-07-16 21:53:10 0 d-------- C:\Documents and Settings\Mom\Application Data\T?sks
2007-06-27 09:04:14 0 d-------- C:\Program Files\Online Services


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
{2F404FB4-EAB7-48FA-90CC-70B9E8BE40D6} C:\Program Files\Windows NT\vizycijuq83122.dll
{41D68ED8-4CFF-4115-88A6-6EBB8AF19000} c:\program files\mcafee\spamkiller\mcapfbho.dll
{5CA3D70E-1895-11CF-8E15-001234567890} C:\WINDOWS\system32\dla\tfswshx.dll
{5E028439-81C7-4B82-BC74-25156306F532} C:\Program Files\BayScribe\bayscribe.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{938A8A03-A938-4019-B764-03FF8D167D79} C:\WINDOWS\system32\fduqefvb.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar1.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
{BC82B137-653F-4BB6-469B-27102E1A3DBD} C:\Program Files\Common Files\zyliv.dll
{DCD53738-C4F9-414A-A03C-C7405A4AC844} C:\WINDOWS\system32\wvussrp.dll
{E73B4B26-2D32-40C3-A5D4-5AD0FEABB727} C:\WINDOWS\system32\gebyw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY.exe"
"SigmatelSysTrayApp"="stsystra.exe"
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Norton Ghost 10.0"="\"C:\\Program Files\\Norton Ghost\\Agent\\GhostTray.exe\""
@=""
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"VirusScan Online"="c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"poolsv"="\"C:\\WINDOWS\\poolsv.exe\""
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"vjcwogxA"="C:\\WINDOWS\\vjcwogxA.exe"
"ExploreUpdSched"="C:\\WINDOWS\\system32\\pwinsndt.exe SKY009"
"{66-6E-E9-9D-ZN}"="C:\\windows\\system32\\mrdsregq.exe SKY009"
"icq.com"="rundll32.exe \"C:\\WINDOWS\\system32\\pusyxdph.dll\",forkonce"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ModemOnHold"="C:\\Program Files\\NetWaiting\\netWaiting.exe"
"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{827D3881-317C-442A-B4ED-F576CBA700BB}"="GW SEH Intercept"
"{DCD53738-C4F9-414A-A03C-C7405A4AC844}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebyw
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvussrp

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_OJHBTMLMXUJF
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_PBCMDQAMWENB


-- End of Deckard's System Scanner: finished at 2007-07-17 at 13:24:07 ---------
Attached Files
File Type: txt extra.txt (14.0 KB, 0 views)
danster64 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 07-17-2007, 03:16 PM   #2 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,463
OS: N/A


Re: Help with numerous pop ups
1. Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-17-2007, 10:10 PM   #3 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 43
OS: XP


Re: Help with numerous pop ups
Hello, Here is a log file from Combo Fix and my latest highjack file.

Thanks


"Mom" - 2007-07-17 22:08:39 - ComboFix 07-07-17.8 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\opnlmmk.dll
C:\WINDOWS\system32\pusyxdph.dll
C:\WINDOWS\system32\opnlmmk.dll
C:\WINDOWS\system32\wybeg.bak1
C:\WINDOWS\system32\wybeg.bak2
C:\WINDOWS\system32\wybeg.ini
C:\WINDOWS\system32\hpdxysup.ini
C:\WINDOWS\system32\gebyw.dll
C:\WINDOWS\system32\wvussrp.dll
C:\WINDOWS\system32\wvussrp.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Mom\APPLIC~1.\tsks~1
C:\Program Files\Common Files\zyliv.dll
C:\Program Files\inetget2
C:\Program Files\Windows NT\vizycijuq83122.dll
C:\temp\tn3
C:\WINDOWS\rau001978.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\system32\mrdsregq.exe
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\winnb58.dll
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\Z1
C:\WINDOWS\system32\Z1\mwspasrt83122.exe
C:\WINDOWS\system32\Z3
C:\WINDOWS\system32\Z5
C:\WINDOWS\system32\Z7
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\TISKY009.exe
C:\WINDOWS\tk58.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\LEGACY_NET_AGENT
-------\core
-------\Net Agent


((((((((((((((((((((((((( Files Created from 2007-06-18 to 2007-07-18 )))))))))))))))))))))))))))))))


2007-07-17 22:07 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-17 13:21 <DIR> d-------- C:\Deckard
2007-07-17 12:23 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-07-17 12:23 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-07-17 12:20 <DIR> d-------- C:\DOCUME~1\Mom\APPLIC~1\Viewpoint
2007-07-17 09:35 8,576 --a------ C:\WINDOWS\system32\drivers\pbcmdqamwenb.sys
2007-07-17 09:25 8,576 --a------ C:\WINDOWS\system32\drivers\ojhbtmlmxujf.sys
2007-07-17 08:17 8,576 --a------ C:\WINDOWS\system32\drivers\dyliccwcpjrt.sys
2007-07-17 08:00 8,576 --a------ C:\WINDOWS\system32\drivers\bigwvxwkfbgk.sys
2007-07-16 23:18 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-07-16 19:57 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-16 19:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-16 19:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-16 18:38 192,611 --a------ C:\WINDOWS\system32\pwinsndt.exe
2007-07-16 18:38 1,146,352 -r-hs---- C:\WINDOWS\vjcwogxA.exe
2007-07-16 18:38 <DIR> d-------- C:\WINDOWS\system32\Z11
2007-07-16 18:38 <DIR> d-------- C:\WINDOWS\system32\driver
2007-07-16 18:38 <DIR> d-------- C:\Temp\0c2
2007-07-16 18:37 <DIR> d-------- C:\WINDOWS\system32\b02FdUe
2007-07-16 18:37 <DIR> d-------- C:\Temp\brr
2007-07-16 18:37 <DIR> d-------- C:\Temp
2007-07-14 17:41 552 --a------ C:\WINDOWS\eReg.dat
2007-07-14 17:29 <DIR> d-------- C:\Program Files\EA GAMES
2007-07-13 14:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-07-13 14:56 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-07-09 15:05 <DIR> d-------- C:\Program Files\SmartFTP Client
2007-07-08 20:59 <DIR> d-------- C:\DOCUME~1\James\APPLIC~1\acccore
2007-07-01 17:29 <DIR> d-------- C:\Program Files\QuickTime
2007-07-01 17:29 <DIR> d-------- C:\Program Files\iTunes
2007-07-01 17:29 <DIR> d-------- C:\Program Files\iPod
2007-07-01 17:28 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-01 17:28 <DIR> d-------- C:\Program Files\Apple Software Update
2007-07-01 17:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-01 17:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-07-01 17:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-07-01 17:09 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-07-01 17:07 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-07-01 16:20 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-07-01 16:20 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-07-01 16:20 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-06-30 18:30 <DIR> d-------- C:\DOCUME~1\James\APPLIC~1\Sonic
2007-06-30 18:12 <DIR> d-------- C:\DOCUME~1\James\APPLIC~1\Skype
2007-06-30 16:47 <DIR> d-------- C:\DOCUME~1\Mom\APPLIC~1\Skype
2007-06-30 10:02 <DIR> d-------- C:\DOCUME~1\Jill\APPLIC~1\Skype
2007-06-29 12:44 <DIR> d-------- C:\DOCUME~1\James\APPLIC~1\Corel Photo Album
2007-06-28 17:15 <DIR> d-------- C:\Program Files\Winamp
2007-06-28 16:54 <DIR> d-------- C:\Program Files\Skype
2007-06-28 16:54 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-06-28 16:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-06-27 10:25 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-06-26 16:27 <DIR> d-------- C:\DOCUME~1\Mom\APPLIC~1\Corel Photo Album
2007-06-25 17:10 <DIR> d-------- C:\DOCUME~1\Mom\Contacts
2007-06-25 09:43 <DIR> d-------- C:\DOCUME~1\Mom\APPLIC~1\AdobeUM
2007-06-24 16:25 <DIR> d-------- C:\DOCUME~1\Jill\APPLIC~1\CyberLink
2007-06-24 15:48 <DIR> d-------- C:\DOCUME~1\Jill\APPLIC~1\Corel Photo Album
2007-06-23 22:54 <DIR> d-------- C:\DOCUME~1\James\Contacts
2007-06-23 22:47 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-23 22:43 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-23 19:56 <DIR> d---s---- C:\DOCUME~1\Jill\UserData
2007-06-23 18:15 <DIR> d-------- C:\DOCUME~1\Jill\APPLIC~1\AdobeUM
2007-06-23 16:35 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-06-23 16:35 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-06-23 16:04 <DIR> d-------- C:\DOCUME~1\Jill\Contacts
2007-06-23 16:02 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-06-23 16:02 208,248 --a------ C:\WINDOWS\system32\muweb.dll
2007-06-23 16:01 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-06-23 16:01 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-23 16:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
2007-06-23 16:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-06-23 16:00 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-06-23 15:59 <DIR> d-------- C:\Program Files\MSN Messenger
2007-06-23 13:38 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2007-06-23 10:48 <DIR> d-------- C:\DOCUME~1\Jill\APPLIC~1\Google
2007-06-23 10:48 <DIR> d-------- C:\DOCUME~1\Jill\APPLIC~1\BayScribe
2007-06-23 10:44 3,145,728 --ah----- C:\DOCUME~1\Jill\NTUSER.DAT
2007-06-23 10:44 <DIR> d-------- C:\DOCUME~1\Jill\APPLIC~1\Symantec
2007-06-23 10:44 <DIR> d-------- C:\DOCUME~1\Jill\APPLIC~1\McAfee.com Personal Firewall
2007-06-23 10:44 <DIR> d-------- C:\DOCUME~1\Jill\APPLIC~1\InstallShield
2007-06-23 10:44 <DIR> d-------- C:\DOCUME~1\Jill\APPLIC~1\GTek
2007-06-22 14:42 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-06-22 14:42 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-06-22 13:52 <DIR> d-------- C:\DOCUME~1\James\APPLIC~1\Google
2007-06-22 13:52 <DIR> d-------- C:\DOCUME~1\James\APPLIC~1\BayScribe
2007-06-22 13:17 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-06-22 13:17 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-06-22 13:17 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-06-22 13:15 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-06-22 13:15 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-06-22 13:15 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-06-22 13:15 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-06-22 13:12 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-06-22 13:12 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-06-22 13:12 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-06-22 13:11 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-06-22 13:11 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-06-22 13:11 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-06-22 13:11 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-06-22 13:08 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-06-22 13:08 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-06-22 13:07 73,216 --a------ C:\WINDOWS\system32\avwav.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-18 03:12:37 -------- d-----w C:\Program Files\Windows NT
2007-07-18 03:02:44 246 ----a-w C:\Program Files\Common Files\zyliv
2007-07-17 16:37:58 -------- d-----w C:\Program Files\Messenger
2007-07-14 22:41:39 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-27 14:04:14 -------- d-----w C:\Program Files\Online Services
2007-06-20 01:47:50 6,171 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_INS_I6400.mrk
2007-06-04 20:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 20:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 20:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2003-11-03 14:17 54248 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41D68ED8-4CFF-4115-88A6-6EBB8AF19000}]
2005-07-12 18:02 262236 --a------ c:\program files\mcafee\spamkiller\mcapfbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2004-12-06 01:05 118842 --a------ C:\WINDOWS\system32\dla\tfswshx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5E028439-81C7-4B82-BC74-25156306F532}]
2007-06-14 09:10 258048 --a------ C:\Program Files\BayScribe\bayscribe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-08-31 20:33 322368 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-06-20 22:05 2403392 -ra------ c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-07-04 23:08 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-02-20 12:29]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 15:30]
"Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [2005-12-07 16:05]
"@"="" []
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-07-01 19:22]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2005-08-26 14:26]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-07-12 19:05]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-07-12 18:06]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 12:49]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-08-18 17:52]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2004-12-20 13:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 02:24]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-04 23:08]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-06-20 18:42:51]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{827D3881-317C-442A-B4ED-F576CBA700BB}"="C:\WINDOWS\SYSTEM32\GWSEH.dll" [2004-09-23 07:21]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]


Contents of the 'Scheduled Tasks' folder
2007-07-16 18:10:09 C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (OSTLUND-Jarrod).job

**************************************************************************

catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-17 22:16:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-17 22:18:04 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-17 22:17

--- E O F ---


Deckard's System Scanner v20070711.54
Run by Mom on 2007-07-17 at 22:22:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-07-17 22:22:46
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\Program Files\McAfee.com\VSO\McShield.exe
C:\Program Files\McAfee.com\Agent\McTskshd.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee\SpamKiller\MSKAgent.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NetWaiting\netwaiting.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Mom\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - C:\Program Files\McAfee\SpamKiller\McApfBHO.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: BayScribeBHO - {5E028439-81C7-4B82-BC74-25156306F532} - C:\Program Files\BayScribe\bayscribe.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\Program Files\McAfee.com\VSO\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\Program Files\McAfee\SpamKiller\McApfBHO.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\Program Files\McAfee\SpamKiller\McApfBHO.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://online.musicmatch.com (HKLM)
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework...ex/TmHcmsX.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1182429767203
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D9E4E21E-60E0-11DA-91EB-00123F33E209} (DNInstallerOCX Class) - https://mq1webc2.speechmachines.org/...Installer2.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
O23 - Service: Apple Mobile Device - Apple, Inc. - "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\Mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - C:\Program Files\McAfee.com\VSO\McShield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\McTskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe


-- Files created between 2007-06-17 and 2007-07-17 -----------------------------

2007-07-17 12:23:36 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2007-07-17 12:23:35 0 d-------- C:\Program Files\SpywareBlaster
2007-07-17 12:20:04 0 d-------- C:\Documents and Settings\Mom\Application Data\Viewpoint
2007-07-17 09:35:35 8576 --a------ C:\WINDOWS\system32\drivers\pbcmdqamwenb.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-07-17 09:25:08 8576 --a------ C:\WINDOWS\system32\drivers\ojhbtmlmxujf.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-07-17 08:17:29 8576 --a------ C:\WINDOWS\system32\drivers\dyliccwcpjrt.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-07-17 08:00:38 8576 --a------ C:\WINDOWS\system32\drivers\bigwvxwkfbgk.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-07-17 07:21:39 246 --a------ C:\Program Files\Common Files\zyliv
2007-07-16 23:18:35 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-07-16 19:57:03 0 d-------- C:\Program Files\Lavasoft
2007-07-16 19:57:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-07-16 19:55:39 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-16 18:38:21 192611 --a------ C:\WINDOWS\system32\pwinsndt.exe
2007-07-16 18:38:07 1146352 -r-hs---- C:\WINDOWS\vjcwogxA.exe <Not Verified; System Service; System Monitor Service>
2007-07-16 18:38:01 0 d-------- C:\WINDOWS\system32\Z11
2007-07-16 18:38:01 0 d-------- C:\WINDOWS\system32\driver
2007-07-16 18:37:31 0 d-------- C:\WINDOWS\system32\b02FdUe
2007-07-16 18:37:31 0 d-------- C:\Temp
2007-07-14 17:41:33 552 --a------ C:\WINDOWS\eReg.dat
2007-07-14 17:29:21 0 d-------- C:\Program Files\EA GAMES
2007-07-09 15:05:49 0 d-------- C:\Program Files\SmartFTP Client
2007-07-08 20:59:55 0 d-------- C:\Documents and Settings\James\Application Data\acccore
2007-07-01 17:29:58 0 d-------- C:\Program Files\iPod
2007-07-01 17:29:54 0 d-------- C:\Program Files\iTunes
2007-07-01 17:29:09 0 d-------- C:\Program Files\QuickTime
2007-07-01 17:28:54 0 d-------- C:\Program Files\Apple Software Update
2007-07-01 17:28:27 0 d-------- C:\Program Files\Common Files\Apple
2007-07-01 17:28:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-07-01 17:27:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-07-01 17:18:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-07-01 17:09:00 0 d-------- C:\Program Files\Windows Media Connect 2
2007-07-01 17:07:24 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-06-30 18:30:19 0 d-------- C:\Documents and Settings\James\Application Data\Sonic
2007-06-30 18:12:45 0 d-------- C:\Documents and Settings\James\Application Data\Skype
2007-06-30 16:47:11 0 d-------- C:\Documents and Settings\Mom\Application Data\Skype
2007-06-30 10:02:44 0 d-------- C:\Documents and Settings\Jill\Application Data\Skype
2007-06-29 12:44:43 0 d-------- C:\Documents and Settings\James\Application Data\Corel Photo Album
2007-06-28 17:15:58 0 d-------- C:\Program Files\Winamp
2007-06-28 16:54:22 0 d-------- C:\Program Files\Skype
2007-06-28 16:54:22 0 d-------- C:\Program Files\Common Files\Skype
2007-06-28 16:54:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-06-26 16:27:04 0 d-------- C:\Documents and Settings\Mom\Application Data\Corel Photo Album
2007-06-25 17:10:34 0 d-------- C:\Documents and Settings\Mom\Contacts
2007-06-25 09:43:45 0 d-------- C:\Documents and Settings\Mom\Application Data\AdobeUM
2007-06-24 16:25:33 0 d-------- C:\Documents and Settings\Jill\Application Data\CyberLink
2007-06-24 15:48:57 0 d-------- C:\Documents and Settings\Jill\Application Data\Corel Photo Album
2007-06-23 22:54:39 0 d-------- C:\Documents and Settings\James\Contacts
2007-06-23 22:47:19 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-23 22:43:44 0 d-------- C:\Program Files\MSXML 4.0
2007-06-23 19:56:46 0 d---s---- C:\Documents and Settings\Jill\UserData
2007-06-23 18:15:33 0 d-------- C:\Documents and Settings\Jill\Application Data\AdobeUM
2007-06-23 18:15:23 0 d-------- C:\Documents and Settings\Jill\Application Data\Adobe
2007-06-23 17:05:20 0 d-------- C:\WINDOWS\Sun
2007-06-23 16:35:38 0 d-------- C:\WINDOWS\system32\PreInstall
2007-06-23 16:04:02 0 d-------- C:\Documents and Settings\Jill\Contacts
2007-06-23 16:01:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-06-23 16:01:38 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-23 16:00:37 0 d-------- C:\Program Files\Windows Live Toolbar
2007-06-23 16:00:09 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-06-23 15:59:47 0 d-------- C:\Program Files\MSN Messenger
2007-06-23 13:38:37 442368 -ra------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2007-06-23 10:50:11 0 d-------- C:\Documents and Settings\Jill\Application Data\Macromedia
2007-06-23 10:48:30 0 d-------- C:\Documents and Settings\Jill\Application Data\Google
2007-06-23 10:48:30 0 d-------- C:\Documents and Settings\Jill\Application Data\BayScribe
2007-06-23 10:44:31 0 d-------- C:\Documents and Settings\Jill\Application Data\McAfee.com Personal Firewall
2007-06-23 10:44:29 0 d-------- C:\Documents and Settings\Jill\Application Data\GTek
2007-06-23 10:44:06 0 d--h----- C:\Documents and Settings\Jill\Templates
2007-06-23 10:44:06 0 dr------- C:\Documents and Settings\Jill\Start Menu
2007-06-23 10:44:06 0 dr-h----- C:\Documents and Settings\Jill\SendTo
2007-06-23 10:44:06 0 dr-h----- C:\Documents and Settings\Jill\Recent
2007-06-23 10:44:06 0 d--h----- C:\Documents and Settings\Jill\PrintHood
2007-06-23 10:44:06 0 d--h----- C:\Documents and Settings\Jill\NetHood
2007-06-23 10:44:06 0 dr------- C:\Documents and Settings\Jill\My Documents
2007-06-23 10:44:06 0 d--h----- C:\Documents and Settings\Jill\Local Settings
2007-06-23 10:44:06 0 dr------- C:\Documents and Settings\Jill\Favorites
2007-06-23 10:44:06 0 d-------- C:\Documents and Settings\Jill\Desktop
2007-06-23 10:44:06 0 d---s---- C:\Documents and Settings\Jill\Cookies
2007-06-23 10:44:06 0 dr-h----- C:\Documents and Settings\Jill\Application Data
2007-06-23 10:44:06 0 d-------- C:\Documents and Settings\Jill\Application Data\Symantec
2007-06-23 10:44:06 0 d-------- C:\Documents and Settings\Jill\Application Data\Sun
2007-06-23 10:44:06 0 d---s---- C:\Documents and Settings\Jill\Application Data\Microsoft
2007-06-23 10:44:06 0 d-------- C:\Documents and Settings\Jill\Application Data\InstallShield
2007-06-23 10:44:06 0 d-------- C:\Documents and Settings\Jill\Application Data\Identities
2007-06-23 10:44:05 3145728 --ah----- C:\Documents and Settings\Jill\NTUSER.DAT
2007-06-22 13:52:45 0 d-------- C:\Documents and Settings\James\Application Data\Macromedia
2007-06-22 13:52:20 0 d-------- C:\Documents and Settings\James\Application Data\Google
2007-06-22 13:52:20 0 d-------- C:\Documents and Settings\James\Application Data\BayScribe
2007-06-22 11:52:34 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-06-22 11:52:00 0 d-------- C:\Program Files\AIM6
2007-06-22 11:50:18 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-06-21 23:30:08 3766 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-06-21 23:30:08 88 -r-hs---- C:\WINDOWS\system32\94F63881E8.sys
2007-06-21 13:11:52 0 d-------- C:\Documents and Settings\James\Application Data\McAfee.com Personal Firewall
2007-06-21 13:11:51 0 d-------- C:\Documents and Settings\James\Application Data\GTek
2007-06-21 13:11:27 0 dr------- C:\Documents and Settings\James\Favorites
2007-06-21 13:11:27 0 d-------- C:\Documents and Settings\James\Desktop
2007-06-21 13:11:27 0 d---s---- C:\Documents and Settings\James\Cookies
2007-06-21 13:11:27 0 dr-h----- C:\Documents and Settings\James\Application Data
2007-06-21 13:11:27 0 d-------- C:\Documents and Settings\James\Application Data\Symantec
2007-06-21 13:11:27 0 d-------- C:\Documents and Settings\James\Application Data\Sun
2007-06-21 13:11:27 0 d---s---- C:\Documents and Settings\James\Application Data\Microsoft
2007-06-21 13:11:27 0 d-------- C:\Documents and Settings\James\Application Data\InstallShield
2007-06-21 13:11:27 0 d-------- C:\Documents and Settings\James\Application Data\Identities
2007-06-21 13:11:26 0 d--h----- C:\Documents and Settings\James\Templates
2007-06-21 13:11:26 0 dr------- C:\Documents and Settings\James\Start Menu
2007-06-21 13:11:26 0 dr-h----- C:\Documents and Settings\James\SendTo
2007-06-21 13:11:26 0 dr-h----- C:\Documents and Settings\James\Recent
2007-06-21 13:11:26 0 d--h----- C:\Documents and Settings\James\PrintHood
2007-06-21 13:11:26 1572864 --ah----- C:\Documents and Settings\James\NTUSER.DAT
2007-06-21 13:11:26 0 d--h----- C:\Documents and Settings\James\NetHood
2007-06-21 13:11:26 0 dr------- C:\Documents and Settings\James\My Documents
2007-06-21 13:11:26 0 d--h----- C:\Documents and Settings\James\Local Settings
2007-06-21 09:29:04 0 d-------- C:\Documents and Settings\Mom\Application Data\BayScribe
2007-06-21 09:25:29 0 d-------- C:\Program Files\BayScribe
2007-06-21 08:45:39 0 d-------- C:\Documents and Settings\Mom\Application Data\CyberLink
2007-06-21 0830 0 d-------- C:\Documents and Settings\All Users\Application Data\DocQscribe
2007-06-21 08:05:28 0 d-------- C:\Program Files\Common Files\Philips Speech Shared
2007-06-21 08:04:37 0 d-------- C:\Program Files\DocQscribe
2007-06-21 07:45:35 0 d-------- C:\Documents and Settings\Mom\Application Data\Adobe
2007-06-21 07:45:33 0 d-------- C:\Program Files\Common Files\Adobe
2007-06-21 07:42:40 0 d---s---- C:\Documents and Settings\Mom\UserData
2007-06-21 07:42:06 0 d-------- C:\Documents and Settings\Mom\Application Data\Macromedia
2007-06-21 07:40:50 0 d-------- C:\Documents and Settings\Mom\Application Data\Google
2007-06-21 07:39:07 0 d-------- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2007-06-21 07:36:26 0 d-------- C:\Documents and Settings\Mom\Application Data\McAfee.com Personal Firewall
2007-06-21 07:36:25 0 d-------- C:\Documents and Settings\Mom\Application Data\GTek
2007-06-21 07:35:54 0 dr------- C:\Documents and Settings\Mom\Favorites
2007-06-21 07:35:54 0 d-------- C:\Documents and Settings\Mom\Desktop
2007-06-21 07:35:54 0 d---s---- C:\Documents and Settings\Mom\Cookies
2007-06-21 07:35:54 0 dr-h----- C:\Documents and Settings\Mom\Application Data
2007-06-21 07:35:54 0 d-------- C:\Documents and Settings\Mom\Application Data\Symantec
2007-06-21 07:35:54 0 d-------- C:\Documents and Settings\Mom\Application Data\Sun
2007-06-21 07:35:54 0 d-------- C:\Documents and Settings\Mom\Application Data\InstallShield
2007-06-21 07:35:54 0 d-------- C:\Documents and Settings\Mom\Application Data\Identities
2007-06-21 07:35:53 0 d--h----- C:\Documents and Settings\Mom\Templates
2007-06-21 07:35:53 0 dr------- C:\Documents and Settings\Mom\Start Menu
2007-06-21 07:35:53 0 dr-h----- C:\Documents and Settings\Mom\SendTo
2007-06-21 07:35:53 0 dr-h----- C:\Documents and Settings\Mom\Recent
2007-06-21 07:35:53 0 d--h----- C:\Documents and Settings\Mom\PrintHood
2007-06-21 07:35:53 3145728 --ah----- C:\Documents and Settings\Mom\NTUSER.DAT
2007-06-21 07:35:53 0 d--h----- C:\Documents and Settings\Mom\NetHood
2007-06-21 07:35:53 0 dr------- C:\Documents and Settings\Mom\My Documents
2007-06-21 07:35:53 0 d--h----- C:\Documents and Settings\Mom\Local Settings
2007-06-20 22:05:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-06-20 22:05:28 0 d-------- C:\Program Files\Google
2007-06-20 21:14:36 0 d-------- C:\Program Files\Soulseek
2007-06-20 20:58:30 0 d-------- C:\Program Files\Power Tab Software
2007-06-20 20:31:11 0 d-------- C:\Program Files\Ares
2007-06-20 19:15:53 0 d-------- C:\Program Files\DellSupport
2007-06-20 19:09:56 0 d-------- C:\Program Files\Audacity
2007-06-20 19:05:18 0 d-------- C:\WINDOWS\system32\LogFiles
2007-06-20 19:00:36 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2007-06-20 19:00:24 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2007-06-20 19:00:24 0 d-------- C:\Documents and Settings\Default User\Application Data\Sun
2007-06-20 19:00:24 0 d-------- C:\Documents and Settings\Default User\Application Data\InstallShield
2007-06-20 19:00:24 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities
2007-06-20 18:53:16 0 d-------- C:\Program Files\McAfee
2007-06-20 18:53:16 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-06-20 18:53:10 9216 --a------ C:\WINDOWS\system32\MpfApi.dll <Not Verified; McAfee; McAfee Personal Firewall>
2007-06-20 18:53:10 80640 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys <Not Verified; McAfee; McAfee Personal Firewall>
2007-06-20 18:53:06 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2007-06-20 18:52:29 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-06-20 18:52:18 0 d-------- C:\Program Files\McAfee.com
2007-06-20 18:51:36 0 d-------- C:\Program Files\Corel Corporation
2007-06-20 18:51:10 0 d-------- C:\Program Files\Corel
2007-06-20 18:51:10 0 d-------- C:\Program Files\Common Files\Corel
2007-06-20 18:50:34 149504 --a------ C:\WINDOWS\UNWISE.EXE
2007-06-20 18:49:15 712704 --a------ C:\WINDOWS\system32\DellSystemRestore.dll
2007-06-20 18:49:04 4608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys <Not Verified; Symantec Corporation; Symantec Core Component>
2007-06-20 18:48:47 0 d-------- C:\Program Files\Norton Ghost
2007-06-20 18:48:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-06-20 18:47:58 0 d-------- C:\Program Files\Symantec
2007-06-20 18:47:58 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-06-20 18:47:58 0 --ah----- C:\Documents and Settings\All Users\Application Data\gwseh.dat
2007-06-20 18:47:21 0 d-------- C:\Documents and Settings\All Users\Application Data\GTek
2007-06-20 18:47:06 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-06-20 18:46:42 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-06-20 18:46:37 0 d-------- C:\WINDOWS\system32\dla
2007-06-20 18:46:36 0 d-------- C:\Program Files\Sonic
2007-06-20 18:46:28 0 d-------- C:\Program Files\EarthLink Setup
2007-06-20 18:46:21 0 d-------- C:\Program Files\AOL Companion
2007-06-20 18:46:20 0 d-------- C:\WINDOWS\occache
2007-06-20 18:46:20 0 d-------- C:\Program Files\Learn2.com
2007-06-20 18:46:19 0 d-------- C:\Program Files\Viewpoint
2007-06-20 18:46:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-06-20 18:46:12 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2007-06-20 18:46:08 0 d-------- C:\Program Files\Common Files\Nullsoft
2007-06-20 18:46:04 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
2007-06-20 18:46:04 0 d-------- C:\My Music
2007-06-20 18:46:01 0 d-------- C:\Program Files\Real
2007-06-20 18:46:01 0 d-------- C:\Program Files\Common Files\Real
2007-06-20 18:45:39 1044480 --a------ C:\WINDOWS\system32\roboex32.dll <Not Verified; eHelp Corporation.; RoboHELP for WinHelp 9>
2007-06-20 18:45:39 153088 --a------ C:\WINDOWS\system32\jgdwmie.dll <Not Verified; America Online; JG Decoder>
2007-06-20 18:45:39 54784 --a------ C:\WINDOWS\system32\Inetwh32.dll <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2007-06-20 18:45:21 225280 --a------ C:\WINDOWS\system32\AOLDial.dll <Not Verified; America Online, Inc; AOL Connectivity Service>
2007-06-20 18:45:19 0 d-------- C:\Program Files\Common Files\aolshare
2007-06-20 18:45:17 0 d-------- C:\Program Files\America Online 9.0
2007-06-20 18:45:17 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-06-20 18:45:08 335 --a------ C:\WINDOWS\nsreg.dat
2007-06-20 18:45:08 0 d-------- C:\Program Files\Common Files\AOL
2007-06-20 18:45:04 0 d-------- C:\Program Files\Microsoft Plus! Photo Story 2 LE
2007-06-20 18:45:00 0 d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
2007-06-20 18:44:25 0 d-------- C:\Program Files\MUSICMATCH
2007-06-20 18:43:51 0 d-------- C:\WINDOWS\RegisteredPackages
2007-06-20 18:43:49 0 d-------- C:\Program Files\NetZeroInstallers
2007-06-20 18:43:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-06-20 18:43:14 53248 --a------ C:\WINDOWS\system32\DellSys.dll <Not Verified; Dell Inc; OpenManage Client Instrumentation Lite>
2007-06-20 18:43:10 17153 --a------ C:\WINDOWS\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
2007-06-20 18:42:57 0 d-------- C:\Program Files\CyberLink
2007-06-20 18:42:50 0 d-------- C:\Program Files\Digital Line Detect
2007-06-20 18:42:43 0 d-------- C:\Program Files\NetWaiting
2007-06-20 18:42:36 0 d-------- C:\Program Files\Modem Helper
2007-06-20 18:42:21 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-06-20 18:41:42 0 d-------- C:\Program Files\Broadcom
2007-06-20 18:41:37 0 d-------- C:\WINDOWS\Downloaded Installations
2007-06-20 18:41:19 0 d-------- C:\Program Files\Synaptics
2007-06-20 18:41:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-20 18:41:07 16128 --a------ C:\WINDOWS\system32\drivers\APPDRV.SYS <Not Verified; Dell Inc; Application Driver>
2007-06-20 18:39:31 0 d-------- C:\Program Files\CONEXANT
2007-06-20 18:39:25 1052672 --a------ C:\WINDOWS\system32\stlang.dll <Not Verified; SigmaTel, Inc.; C-Major Audio>
2007-06-20 18:39:25 282624 --a------ C:\WINDOWS\stsystra.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
2007-06-20 18:39:25 0 d-------- C:\Program Files\Sigmatel
2007-06-20 18:38:26 770048 --a------ C:\WINDOWS\system32\BCMLogon.dll <Not Verified; Dell Inc.; Wireless Network Logon Provider>
2007-06-20 18:38:23 86016 --a------ C:\WINDOWS\system32\preflib.dll
2007-06-20 18:38:23 33664 --a------ C:\WINDOWS\system32\drivers\BCMWLNPF.SYS <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
2007-06-20 18:38:22 20480 --a------ C:\WINDOWS\system32\WLTRYSVC.EXE
2007-06-20 18:38:22 1392640 --a------ C:\WINDOWS\system32\WLTRAY.EXE <Not Verified; Dell Inc.; Dell Wireless WLAN Card Wireless Network Tray Applet>
2007-06-20 18:38:22 253952 --a------ C:\WINDOWS\system32\bcmwlu00.exe <Not Verified; Dell Inc.; Dell Wireless WLAN Card Uninstaller>
2007-06-20 18:38:22 1253376 --a------ C:\WINDOWS\system32\BCMWLTRY.EXE <Not Verified; Dell Inc.; Dell Wireless WLAN Card Wireless Network Controller>
2007-06-20 18:38:22 69632 --a------ C:\WINDOWS\system32\bcmwlpkt.dll <Not Verified; CACE Technologies; WinPcap low level packet library>
2007-06-20 18:38:21 2129920 --a------ C:\WINDOWS\system32\WLBCGCBPRO731.DLL <Not Verified; BCGSoft Ltd; BCGControlBar Professional Dynamic Link Library>
2007-06-20 18:38:21 757760 --a------ C:\WINDOWS\system32\bcm1xsup.dll
2007-06-20 18:38:21 0 d-------- C:\Program Files\Dell
2007-06-20 18:38:19 0 d-------- C:\Program Files\Common Files\InstallShield
2007-06-20 18:36:01 0 d-------- C:\Program Files\Java
2007-06-20 18:36:00 0 d-------- C:\Program Files\Common Files\Java
2007-06-20 18:34:26 0 d--h----- C:\WINDOWS\$hf_mig$
2007-06-20 18:26:55 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-06-19 20:50:19 155648 --a------ C:\WINDOWS\system32\GWSEH.dll <Not Verified; America Online, Inc.; GWSEH Module>
2007-06-19 20:49:52 24576 --a------ C:\WINDOWS\system32\DSRIRREM.EXE
2007-06-19 20:49:52 1488 --a------ C:\WINDOWS\system32\DSR_BAT.BAT
2007-06-19 20:48:21 49152 --a------ C:\WINDOWS\setpwrcg.exe
2007-06-19 20:48:02 0 d-------- C:\drivers


-- Find3M Report ---------------------------------------------------------------

2007-07-17 22:12:37 0 d-------- C:\Program Files\Windows NT
2007-07-17 11:37:58 0 d-------- C:\Program Files\Messenger
2007-06-27 09:04:14 0 d-------- C:\Program Files\Online Services


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
{41D68ED8-4CFF-4115-88A6-6EBB8AF19000} c:\program files\mcafee\spamkiller\mcapfbho.dll
{5CA3D70E-1895-11CF-8E15-001234567890} C:\WINDOWS\system32\dla\tfswshx.dll
{5E028439-81C7-4B82-BC74-25156306F532} C:\Program Files\BayScribe\bayscribe.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar1.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SigmatelSysTrayApp"="stsystra.exe"
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Norton Ghost 10.0"="\"C:\\Program Files\\Norton Ghost\\Agent\\GhostTray.exe\""
@=""
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"VirusScan Online"="c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ModemOnHold"="C:\\Program Files\\NetWaiting\\netWaiting.exe"
"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{827D3881-317C-442A-B4ED-F576CBA700BB}"="GW SEH Intercept"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_CATCHME


-- End of Deckard's System Scanner: finished at 2007-07-17 at 22:23:17 ---------
danster64 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-18-2007, 12:50 AM   #4 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,463
OS: N/A


Re: Help with numerous pop ups
Go to Start > Control Panel > Add or Remove Programs and uninstall the following programs:
  • ViewPoint
Please note any other programs that you dont recognize in that list in your next response


---------------


Open notepad and copy/paste the text in the quotebox below into it:

Code:
http://www.techsupportforum.com/security-center/hijackthis-log-help/168113-help-numerous-pop-ups.html
Collect::
C:\WINDOWS\system32\pwinsndt.exe
C:\WINDOWS\vjcwogxA.exe
File::
C:\WINDOWS\system32\drivers\pbcmdqamwenb.sys
C:\WINDOWS\system32\drivers\ojhbtmlmxujf.sys
C:\WINDOWS\system32\drivers\dyliccwcpjrt.sys
C:\WINDOWS\system32\drivers\bigwvxwkfbgk.sys
Folder::
C:\WINDOWS\system32\Z11
C:\WINDOWS\system32\driver
C:\Temp\0c2
C:\WINDOWS\system32\b02FdUe
C:\Temp
C:\Program Files\Common Files\zyliv
C:\DOCUME~1\Mom\APPLIC~1\Viewpoint
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
Save this as "CFScript"




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Additonally, ComboFix will generate a zipped file on your Desktop, called Submit [Date Time].zip
Please submit this file to:

http://www.bleepingcomputer.com/subm....php?channel=4

The file must be uploaded before proceeding to the next step.


---------------


Please perform an online scan using Internet Explorer at http://www.kaspersky.com/virusscanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. We only require a report from it.
    It does not provide an option to clean/disinfect.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
* If you're downloading torrents in the background, please disconnect all of them.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.


---------------


In your next post, please include fresh logs from:
  1. Online scan
  2. ComboFix's log
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-18-2007, 01:37 PM   #5 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 43
OS: XP


Re: Help with numerous pop ups
Hello, I did not notice anything else suspicious on my add/remove programs list. I am sending Kaspersky report and Combo fix report seperately because Kapersky is too large. I sent zip file to bleepingcomputer.com. Computer seems to be working okay. Thanks, Dan

"Mom" - 2007-07-18 11:35:37 - ComboFix 07-07-17.8 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Mom\Desktop\CFScript.txt


((((((((((((((((((((((((( Files Created from 2007-06-18 to 2007-07-18 )))))))))))))))))))))))))))))))


2007-07-17 22:07 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-17 13:21 <DIR> d-------- C:\Deckard
2007-07-17 12:23 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-07-17 12:23 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-07-16 23:18 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-07-16 19:57 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-16 19:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-16 19:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-14 17:41 552 --a------ C:\WINDOWS\eReg.dat
2007-07-14 17:29 <DIR> d-------- C:\Program Files\EA GAMES
2007-07-13 14:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-07-13 14:56 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-07-09 15:05 <DIR> d-------- C:\Program Files\SmartFTP Client
2007-07-08 20:59 <DIR> d-------- C:\DOCUME~1\James\APPLIC~1\acccore
2007-07-01 17:29 <DIR> d-------- C:\Program Files\QuickTime
2007-07-01 17:29 <DIR> d-------- C:\Program Files\iTunes
2007-07-01 17:29 <DIR> d-------- C:\Program Files\iPod
2007-07-01 17:28 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-01 17:28 <DIR> d-------- C:\Program Files\Apple Software Update
2007-07-01 17:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-01 17:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-07-01 17:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-07-01 17:09 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-07-01 17:07 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-07-01 16:20 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-07-01 16:20 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-07-01 16:20 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-06-30 18:30 <DIR> d-------- C:\DOCUME~1\James\APPLIC~1\Sonic
2007-06-30 18:12 <DIR> d-------- C:\DOCUME~1\James\APPLIC~1\Skype
2007-06-30 16:47 <DIR> d-------- C:\DOCUME~1\Mom\APPLIC~1\Skype
2007-06-30 10:02 <DIR> d-------- C:\DOCUME~1\Jill\APPLIC~1\Skype
2007-06-29 12:44 <DIR> d-------- C:\DOCUME~1\James\APPLIC~1\Corel Photo Album
2007-06-28 17:15 <DIR> d-------- C:\Program Files\Winamp
2007-06-28 16:54 <DIR> d-------- C:\Program Files\Skype
2007-06-28 16:54 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-06-28 16:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-06-27 10:25 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-06-26 16:27 <DIR> d-------- C:\DOCUME~1\Mom\APPLIC~1\Corel Photo Album
2007-06-25 17:10 <DIR> d-------- C:\DOCUME~1\Mom\Contacts
2007-06-25 09:43 <DIR> d-------- C:\DOCUME~1\Mom\APPLIC~1\AdobeUM
2007-06-24 16:25 <DIR> d-------- C:\DOCUME~1\Jill\APPLIC~1\CyberLink
2007-06-24 15:48 <DIR> d-------- C:\DOCUME~1\Jill\APPLIC~1\Corel Photo Album
2007-06-23 22:54 <DIR> d-------- C:\DOCUME~1\James\Contacts
2007-06-23 22:47 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-23 22:43 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-23 19:56 <DIR> d---s---- C:\DOCUME~1\Jill\UserData
2007-06-23 18:15 <DIR> d-------- C:\DOCUME~1\Jill\APPLIC~1\AdobeUM
2007-06-23 16:35 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-06-23 16:35 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-06-23 16:04 <DIR> d-------- C:\DOCUME~1\Jill\Contacts
2007-06-23 16:02 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-06-23 16:02 208,248 --a------ C:\WINDOWS\system32\muweb.dll
2007-06-23 16:01 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-06-23 16:01 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-23 16:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
2007-06-23 16:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-06-23 16:00 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-06-23 15:59 <DIR> d-------- C:\Program Files\MSN Messenger
2007-06-23 13:38 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2007-06-23 10:48 <DIR> d-------- C:\DOCUME~1\Jill\APPLIC~1\Google
2007-06-23 10:48 <DIR> d-------- C:\DOCUME~1\Jill\APPLIC~1\BayScribe
2007-06-23 10:44 3,145,728 --ah----- C:\DOCUME~1\Jill\NTUSER.DAT
2007-06-23 10:44 <DIR> d-------- C:\DOCUME~1\Jill\APPLIC~1\Symantec
2007-06-23 10:44 <DIR> d-------- C:\DOCUME~1\Jill\APPLIC~1\McAfee.com Personal Firewall
2007-06-23 10:44 <DIR> d-------- C:\DOCUME~1\Jill\APPLIC~1\InstallShield
2007-06-23 10:44 <DIR> d-------- C:\DOCUME~1\Jill\APPLIC~1\GTek
2007-06-22 14:42 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-06-22 14:42 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-06-22 13:52 <DIR> d-------- C:\DOCUME~1\James\APPLIC~1\Google
2007-06-22 13:52 <DIR> d-------- C:\DOCUME~1\James\APPLIC~1\BayScribe
2007-06-22 13:17 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-06-22 13:17 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-06-22 13:17 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-06-22 13:15 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-06-22 13:15 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-06-22 13:15 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-06-22 13:15 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-06-22 13:12 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-06-22 13:12 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-06-22 13:12 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-06-22 13:11 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-06-22 13:11 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-06-22 13:11 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-06-22 13:11 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-06-22 13:08 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-06-22 13:08 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-06-22 13:07 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-06-22 13:07 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-06-22 13:07 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-06-22 13:07 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-06-22 13:07 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-06-22 11:52 <DIR> d-------- C:\Program Files\AIM6
2007-06-22 11:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-06-22 11:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-06-21 23:30 88 -r-hs---- C:\WINDOWS\system32\94F63881E8.sys
2007-06-21 23:30 3,766 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-06-21 13:11 1,572,864 --ah----- C:\DOCUME~1\James\NTUSER.DAT
2007-06-21 13:11 <DIR> d-------- C:\DOCUME~1\James\APPLIC~1\Symantec
2007-06-21 13:11 <DIR> d-------- C:\DOCUME~1\James\APPLIC~1\McAfee.com Personal Firewall
2007-06-21 13:11 <DIR> d-------- C:\DOCUME~1\James\APPLIC~1\InstallShield


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-18 03:12:37 -------- d-----w C:\Program Files\Windows NT
2007-07-18 03:02:44 246 ----a-w C:\Program Files\Common Files\zyliv
2007-07-17 16:37:58 -------- d-----w C:\Program Files\Messenger
2007-07-14 22:41:39 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-27 14:04:14 -------- d-----w C:\Program Files\Online Services
2007-06-20 01:47:50 6,171 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_INS_I6400.mrk
2007-06-04 20:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 20:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 20:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2003-11-03 14:17 54248 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41D68ED8-4CFF-4115-88A6-6EBB8AF19000}]
2005-07-12 18:02 262236 --a------ c:\program files\mcafee\spamkiller\mcapfbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2004-12-06 01:05 118842 --a------ C:\WINDOWS\system32\dla\tfswshx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5E028439-81C7-4B82-BC74-25156306F532}]
2007-06-14 09:10 258048 --a------ C:\Program Files\BayScribe\bayscribe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-08-31 20:33 322368 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-06-20 22:05 2403392 -ra------ c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-07-04 23:08 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-02-20 12:29]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 15:30]
"Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [2005-12-07 16:05]
"@"="" []
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-07-01 19:22]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2005-08-26 14:26]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-07-12 19:05]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-07-12 18:06]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 12:49]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-08-18 17:52]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2004-12-20 13:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 02:24]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-04 23:08]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-06-20 18:42:51]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{827D3881-317C-442A-B4ED-F576CBA700BB}"="C:\WINDOWS\SYSTEM32\GWSEH.dll" [2004-09-23 07:21]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]


Contents of the 'Scheduled Tasks' folder
2007-07-16 18:10:09 C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (OSTLUND-Jarrod).job

**************************************************************************

catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-18 11:36:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-18 11:36:41
C:\ComboFix-quarantined-files.txt ... 2007-07-18 11:36
C:\ComboFix2.txt ... 2007-07-18 11:22
C:\ComboFix3.txt ... 2007-07-17 22:18

--- E O F ---
danster64 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-18-2007, 01:44 PM   #6 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 43
OS: XP


Re: Help with numerous pop ups
Here is Kapersky in zip file as attachment. Did I do something wrong?

Thanks, Dan
Attached Files
File Type: zip Kaspersky report.zip (245.4 KB, 1 views)
danster64 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-18-2007, 01:47 PM   #7 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,463
OS: N/A


Re: Help with numerous pop ups
You ran ComboFix twice. I would like to see the log that was produced earlier.

C:\ComboFix2.txt ... 2007-07-18 11:22
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-18-2007, 05:57 PM   #8 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 43
OS: XP


Re: Help with numerous pop ups
Hi, Yes I did, sorry about the confusion. My machine was saving the files under my documents and I was looking for them in the Combofix directory.

Anyway, here is the earlier one I ran.

Thanks, Dan

"Mom" - 2007-07-18 11:19:50 - ComboFix 07-07-17.8 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Mom\Desktop\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Mom\APPLIC~1\Viewpoint
C:\DOCUME~1\Mom\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini
C:\DOCUME~1\Mom\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini
C:\DOCUME~1\Mom\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini
C:\DOCUME~1\Mom\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini
C:\Temp
C:\Temp\0c2
C:\Temp\0c2\tmpFF.log
C:\Temp\brr\tmpZTF.log
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\b02FdUe\b02FdUe1065.exe
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\drivers\bigwvxwkfbgk.sys
C:\WINDOWS\system32\drivers\dyliccwcpjrt.sys
C:\WINDOWS\system32\drivers\ojhbtmlmxujf.sys
C:\WINDOWS\system32\drivers\pbcmdqamwenb.sys
C:\WINDOWS\system32\pwinsndt.exe
C:\WINDOWS\system32\Z11
C:\WINDOWS\vjcwogxA.exe


((((((((((((((((((((((((( Files Created from 2007-06-18 to 2007-07-18 )))))))))))))))))))))))))))))))


2007-07-17 22:07 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-17 13:21 <DIR> d-------- C:\Deckard
2007-07-17 12:23 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-07-17 12:23 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-07-16 23:18 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-07-16 19:57 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-16 19:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-16 19:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-14 17:41 552 --a------ C:\WINDOWS\eReg.dat
2007-07-14 17:29 <DIR> d-------- C:\Program Files\EA GAMES
2007-07-13 14:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-07-13 14:56 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-07-09 15:05 <DIR> d-------- C:\Program Files\SmartFTP Client
2007-07-08 20:59 <DIR> d-------- C:\DOCUME~1\James\APPLIC~1\acccore
2007-07-01 17:29 <DIR> d-------- C:\Program Files\QuickTime
2007-07-01 17:29 <DIR> d-------- C:\Program Files\iTunes
2007-07-01 17:29 <DIR> d-------- C:\Program Files\iPod
2007-07-01 17:28 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-01 17:28 <DIR> d-------- C:\Program Files\Apple Software Update
2007-07-01 17:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-01 17:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-07-01 17:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-07-01 17:09 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-07-01 17:07 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-07-01 16:20 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-07-01 16:20 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-07-01 16:20 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-06-30 18:30 <DIR> d-------- C:\DOCUME~1\James\APPLIC~1\Sonic
2007-06-30 18:12 <DIR> d-------- C:\DOCUME~1\James\APPLIC~1\Skype
2007-06-30 16:47 <DIR> d-------- C:\DOCUME~1\Mom\APPLIC~1\Skype
2007-06-30 10:02 <DIR> d-------- C:\DOCUME~1\Jill\APPLIC~1\Skype
2007-06-29 12:44 <DIR> d-------- C:\DOCUME~1\James\APPLIC~1\Corel Photo Album
2007-06-28 17:15 <DIR> d-------- C:\Program Files\Winamp
2007-06-28 16:54 <DIR> d-------- C:\Program Files\Skype
2007-06-28 16:54 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-06-28 16:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-06-27 10:25 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-06-26 16:27 <DIR> d-------- C:\DOCUME~1\Mom\APPLIC~1\Corel Photo Album
2007-06-25 17:10 <DIR> d-------- C:\DOCUME~1\Mom\Contacts
2007-06-25 09:43 <DIR> d-------- C:\DOCUME~1\Mom\APPLIC~1\AdobeUM
2007-06-24 16:25 <DIR> d-------- C:\DOCUME~1\Jill\APPLIC~1\CyberLink
2007-06-24 15:48 <DIR> d-------- C:\DOCUME~1\Jill\APPLIC~1\Corel Photo Album
2007-06-23 22:54 <DIR> d-------- C:\DOCUME~1\James\Contacts
2007-06-23 22:47 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-23 22:43 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-23 19:56 <DIR> d---s---- C:\DOCUME~1\Jill\UserData
2007-06-23 18:15 <DIR> d-------- C:\DOCUME~1\Jill\APPLIC~1\AdobeUM
2007-06-23 16:35 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-06-23 16:35 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-06-23 16:04 <DIR> d-------- C:\DOCUME~1\Jill\Contacts
2007-06-23 16:02 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-06-23 16:02 208,248 --a------ C:\WINDOWS\system32\muweb.dll
2007-06-23 16:01 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-06-23 16:01 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-23 16:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
2007-06-23 16:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-06-23 16:00 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-06-23 15:59 <DIR> d-------- C:\Program Files\MSN Messenger
2007-06-23 13:38 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2007-06-23 10:48 <DIR> d-------- C:\DOCUME~1\Jill\APPLIC~1\Google
2007-06-23 10:48 <DIR> d-------- C:\DOCUME~1\Jill\APPLIC~1\BayScribe
2007-06-23 10:44 3,145,728 --ah----- C:\DOCUME~1\Jill\NTUSER.DAT
2007-06-23 10:44 <DIR> d-------- C:\DOCUME~1\Jill\APPLIC~1\Symantec
2007-06-23 10:44 <DIR> d-------- C:\DOCUME~1\Jill\APPLIC~1\McAfee.com Personal Firewall
2007-06-23 10:44 <DIR> d-------- C:\DOCUME~1\Jill\APPLIC~1\InstallShield
2007-06-23 10:44 <DIR> d-------- C:\DOCUME~1\Jill\APPLIC~1\GTek
2007-06-22 14:42 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-06-22 14:42 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-06-22 13:52 <DIR> d-------- C:\DOCUME~1\James\APPLIC~1\Google
2007-06-22 13:52 <DIR> d-------- C:\DOCUME~1\James\APPLIC~1\BayScribe
2007-06-22 13:17 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-06-22 13:17 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-06-22 13:17 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-06-22 13:15 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-06-22 13:15 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-06-22 13:15 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-06-22 13:15 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-06-22 13:12 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-06-22 13:12 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-06-22 13:12 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-06-22 13:11 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-06-22 13:11 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-06-22 13:11 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-06-22 13:11 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-06-22 13:08 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-06-22 13:08 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-06-22 13:07 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-06-22 13:07 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-06-22 13:07 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-06-22 13:07 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-06-22 13:07 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-06-22 11:52 <DIR> d-------- C:\Program Files\AIM6
2007-06-22 11:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-06-22 11:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-06-21 23:30 88 -r-hs---- C:\WINDOWS\system32\94F63881E8.sys
2007-06-21 23:30 3,766 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-06-21 13:11 1,572,864 --ah----- C:\DOCUME~1\James\NTUSER.DAT
2007-06-21 13:11 <DIR> d-------- C:\DOCUME~1\James\APPLIC~1\Symantec
2007-06-21 13:11 <DIR> d-------- C:\DOCUME~1\James\APPLIC~1\McAfee.com Personal Firewall
2007-06-21 13:11 <DIR> d-------- C:\DOCUME~1\James\APPLIC~1\InstallShield


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-18 03:12:37 -------- d-----w C:\Program Files\Windows NT
2007-07-18 03:02:44 246 ----a-w C:\Program Files\Common Files\zyliv
2007-07-17 16:37:58 -------- d-----w C:\Program Files\Messenger
2007-07-14 22:41:39 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-27 14:04:14 -------- d-----w C:\Program Files\Online Services
2007-06-20 01:47:50 6,171 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_INS_I6400.mrk
2007-06-04 20:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 20:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 20:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2003-11-03 14:17 54248 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41D68ED8-4CFF-4115-88A6-6EBB8AF19000}]
2005-07-12 18:02 262236 --a------ c:\program files\mcafee\spamkiller\mcapfbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2004-12-06 01:05 118842 --a------ C:\WINDOWS\system32\dla\tfswshx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5E028439-81C7-4B82-BC74-25156306F532}]
2007-06-14 09:10 258048 --a------ C:\Program Files\BayScribe\bayscribe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-08-31 20:33 322368 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-06-20 22:05 2403392 -ra------ c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-07-04 23:08 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-02-20 12:29]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 15:30]
"Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [2005-12-07 16:05]
"@"="" []
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-07-01 19:22]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2005-08-26 14:26]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-07-12 19:05]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-07-12 18:06]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 12:49]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-08-18 17:52]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2004-12-20 13:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 02:24]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-04 23:08]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-06-20 18:42:51]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{827D3881-317C-442A-B4ED-F576CBA700BB}"="C:\WINDOWS\SYSTEM32\GWSEH.dll" [2004-09-23 07:21]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]


Contents of the 'Scheduled Tasks' folder
2007-07-16 18:10:09 C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (OSTLUND-Jarrod).job

**************************************************************************

catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-18 11:22:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-18 11:22:35
C:\ComboFix-quarantined-files.txt ... 2007-07-18 11:22
C:\ComboFix2.txt ... 2007-07-17 22:18

--- E O F ---
danster64 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-18-2007, 08:48 PM   #9 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,463
OS: N/A


Re: Help with numerous pop ups
Open notepad and copy/paste the text in the quotebox below into it:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (
"C:\Program Files\Common Files\zyliv"
"C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\IVEXAN0V\ZwinkyInitialSetup1.0.0.15-3[1].cab"
) do (
del /a/f %%g >nul 2>&1
if exist %%g echo.%%g>>"%temp%\log.txt"
)

for %%g in (
%systemdrive%\Qoobox
) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!
nircmd wait 7000
del %0
Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat & allow it to run

Post back to tell me what it says
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-18-2007, 10:23 PM   #10 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 43
OS: XP


Re: Help with numerous pop ups
Hello,

It said "deleted successfully"

Thanks, Dan
danster64 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-18-2007, 10:37 PM   #11 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,463
OS: N/A


Re: Help with numerous pop ups
Of the stuff Kaspersky found earlier, C:\System Volume Information\ is where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore. Nevertheless, we shall be reseting/clearing the cache in a little while


----------------------


Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

  1. CLEAR & RESET SYSTEM RESTORE'S CACHE - (System Volume Information folder)
    Go to Start → Run → type control sysdm.cpl,,4 & press Enter
    • Tick on the checkbox - Turn off System Restore on all drives
    • Click Apply
    Turn it back 'On' by unticking the same checkbox & click OK


  2. DISABLE THE VIEWING OF SYSTEM FILES
    From Windows Explorer, go to Tools>Folder Options> View tab.
    • Untick - Show hidden files and folder
    • Tick - Hide file extensions for known types
    • Tick - Hide protected operating system files
    Click Yes to confirm & then click OK


  3. SECURING INTERNET EXPLORER
    From within Internet Explorer click on the Tools menu and then click on Internet Options.
    • Select the Security tab
      • Click once on the Internet icon so it becomes highlighted.
      • Select Custom Level .
        • Change 'Download signed ActiveX controls' to Prompt
        • Change 'Download unsigned ActiveX controls' to Disable
        • Change 'Initialize and script ActiveX controls not marked as safe' to Disable
        • Change 'Installation of desktop items' to Prompt
        • Change 'Launching programs and files in an IFRAME' to Prompt
        • Change 'Navigate sub-frames across different domains' to Prompt
        • When all these changes have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Select OK to exit the Internet Properties page.


  4. ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources → http://www.bleepingcomputer.com/forums/topict405.html

    It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


  5. FIREWALL
    Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here → http://www.bleepingcomputer.com/forums/tutorial60.html


  6. Microsoft Windows Updatehttp://www.windowsupdate.com
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


  7. SPYBOT - SEARCH & DESTROY
    Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial43.html

  8. AD-AWARE
    Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial48.html


  9. SPYWAREBLASTER
    SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.

    Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial49.html


  10. IE-SPYAD
    IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here http://www.spywarewarrior.com/uiuc/resource.htm

Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.
  • http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

  • http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.

  • http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.

  • http://toolbar.google.com/ - Google Toolbar - Get the free google toolbar to help stop pop up windows.

  • http://cleanup.stevengould.org/ - CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

  • http://www.winpatrol.com/ -Winpatrol - Download and install the free version of Winpatrol.
    A tutorial for this product is located here: http://www.winpatrol.com/features.html

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.html

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-26-2007, 08:53 AM   #12 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 43
OS: XP


Re: Help with numerous pop ups
Thank you for all your help. I believe my computer is back on track!

Thanks, Danster64
danster64 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 03:54 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85