Malware-systemerrorfixer-my log from PandaSoftware

SonjaM7312 · 11-25-2007, 12:12 PM

I sure hope I'm doing this correctly. I ran the on-line scan from Panda. This is the report I received after running the scan.
I have Norton installed on my laptop, I can't believe it let all of this thru and didn't detect any of it!!

Incident Status Location

Dialer:Dialer.KPT Not disinfected c:\windows\system32\lnaccess.exe
Adware:adware/eshopper Not disinfected c:\windows\system32\eshopcamp.xml
Adware:adware/gator Not disinfected c:\windows\GatorFDDLI.log
Dialer:dialer.b Not disinfected hkey_current_user\software\egdhtml
Adware:adware/sbsoft Not disinfected Windows Registry
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[servedby.advertising.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.zedo.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.go.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.overture.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[server.iad.liveperson.net/hc/48956112]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[server.iad.liveperson.net/hc/12021449]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[server.iad.liveperson.net/hc/32580440]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.did-it.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.com.com/]
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.linksynergy.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[server.iad.liveperson.net/hc/33069911]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.www.myaffiliateprogram.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\MENDY\Cookies\mendy@ad.yieldmanager[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\MENDY\Cookies\mendy@adrevolver[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\MENDY\Cookies\mendy@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\MENDY\Cookies\mendy@apmebf[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\MENDY\Cookies\mendy@atdmt[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\MENDY\Cookies\mendy@bluestreak[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\MENDY\Cookies\mendy@cgi-bin[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\MENDY\Cookies\mendy@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\MENDY\Cookies\mendy@fastclick[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\MENDY\Cookies\mendy@realmedia[1].txt
Spyware:Cookie/Smartadserver Not disinfected C:\Documents and Settings\MENDY\Cookies\mendy@smartadserver[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\MENDY\Cookies\mendy@statcounter[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\MENDY\Cookies\mendy@target[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\MENDY\Cookies\mendy@tribalfusion[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\MENDY\Local Settings\Temp\Cookies\mendy@advertising[2].txt
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\MENDY\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
Virus:Trj/Downloader.PUT Disinfected C:\Program Files\poolsv\k11u72.exe
Potentially unwanted tool:Application/InternetGameBox Not disinfected C:\WINDOWS\Temp\NSIS_Install_igb.exe

tetonbob · 11-28-2007, 01:56 PM

Hi SonjaM7312 -

The Panda scan is part of the process, but not all of it.

Many of those finds are cookies, easily removed, and a constant with internet connected machines.

Cookies are nothing to be worried about. They get installed on your computer everytime you visit any webpage. Now some of those are good cookies that get installed for ease of use for next time you visit the same page, but some cookies are spyware used for tracking users surfing habits.

Most of those cookies are third party cookies that can be blocked:

In Firefox go to Tools > Options > Privacy > Cookies

Click Exceptions, identify the site you want to block, and click on Block.

In IE go to Tools > Internet Options > Privacy and click on Advanced in the Privacy tab

Now put a check next to "Override automatic cookie handling"

Set first party cookies to Accept and third party cookies to Block

Also put a check to "Always allow session cookies" OK your way out.

This won't prevent all bad cookies from being installed, but will reduce the amount.

Also there is another program you can use.

Spywareblaster Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restricts the actions of potentially unwanted sites in Internet Explorer.

You can read more about cookies at the Cookie Concept

You can tidy up with this tool:

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------

Step 5 would have you do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.

To attach a file to a new post, simply

Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:
C:\Deckard\System Scanner\extra.txt
Click Upload.

What DSS will do:

create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------

SonjaM7312 · 11-28-2007, 02:16 PM

I set the IE properties as you instructed. I deleted the Mozilla yesterday because it had so many cookies that said spyware also, I never use that browser. I also ran the ATF and it seems to be stuck with a clear screen after I selected and deleted all. When I finish these steps, will the Malware be gone. This systemerrorfixer.com is driving me nuts and it looks just like the Windows security center. I read more on your site and downloaded the hijackthis log and ran the log. I will paste it below. Thank you so much!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:19:39 PM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\BellSouth Accelerator Technology\propelac.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\BellSouth® Internet Services\Dialer\DartDialer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\MENDY\Local Settings\Temporary Internet Files\Content.IE5\6Z6B85QT\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=0&o=0&l=dir
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.321search.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by BellSouth® Dial Internet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\BellSouth Accelerator Technology\prpl_IePopupBlocker.dll
O2 - BHO: (no name) - {69B2CAAF-7749-4E1B-BE06-4F64222E18B7} - C:\WINDOWS\system32\ssqrp.dll (file missing)
O2 - BHO: ADefaultSearch Class - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\BellSouth Accelerator Technology\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\lnaccess.exe /res
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\BellSouth Accelerator Technology\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\BellSouth Accelerator Technology\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www1.snapfish.com/SnapfishOutlookImport.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://us2-scripts.dlv4.com/binaries...1073_em_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{85653724-D20B-4F9D-A6CA-0E45C2429A42}: NameServer = 205.152.37.23 205.152.132.23
O20 - Winlogon Notify: cbxurpo - cbxurpo.dll (file missing)
O20 - Winlogon Notify: ssqrp - C:\WINDOWS\system32\ssqrp.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11806 bytes

tetonbob · 11-28-2007, 02:18 PM

What I really want is a set of logs from Deckard's System Scanner, though, as outlined in my last post. It is more comprehensive.

Thanks.

SonjaM7312 · 11-29-2007, 06:34 AM

I've downloaded 3 programs so far to resolve this issue. 2 of these programs have no publisher or digital signature. I'm getting lots of warnings to not download programs w/o those. I did download the Deckards. Here is the log and attachment. Thank you for your patience, this is all very new to me.

p.s. If it helps any, this malware got into my pc on 11-20-07 give a day or 2each way.

Deckard's System Scanner v20071014.68
Run by MENDY on 2007-11-29 06:51:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
49: 2007-11-29 12:51:25 UTC - RP576 - Deckard's System Scanner Restore Point
48: 2007-11-29 12:22:23 UTC - RP575 - Installed Rhapsody Player Engine
47: 2007-11-28 00:17:31 UTC - RP574 - System Checkpoint
46: 2007-11-26 06:18:40 UTC - RP573 - System Checkpoint
45: 2007-11-25 06:04:42 UTC - RP572 - Removed MyWay Search Assistant

-- First Restore Point --
1: 2007-09-19 18:37:33 UTC - RP528 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).

-- HijackThis (run as MENDY.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:52:51 AM, on 11/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\BellSouth Accelerator Technology\propelac.exe
C:\Program Files\BellSouth® Internet Services\Dialer\DartDialer.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\MENDY\Desktop\dss.exe
C:\PROGRA~1\ABC\MENDY.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=0&o=0&l=dir
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.321search.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by BellSouth® Dial Internet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\BellSouth Accelerator Technology\prpl_IePopupBlocker.dll
O2 - BHO: (no name) - {69B2CAAF-7749-4E1B-BE06-4F64222E18B7} - C:\WINDOWS\system32\ssqrp.dll (file missing)
O2 - BHO: ADefaultSearch Class - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\BellSouth Accelerator Technology\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\lnaccess.exe /res
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\BellSouth Accelerator Technology\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\BellSouth Accelerator Technology\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www1.snapfish.com/SnapfishOutlookImport.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://us2-scripts.dlv4.com/binaries...1073_em_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{85653724-D20B-4F9D-A6CA-0E45C2429A42}: NameServer = 205.152.37.23 205.152.132.23
O20 - Winlogon Notify: cbxurpo - cbxurpo.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: ssqrp - C:\WINDOWS\system32\ssqrp.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>

S3 BCM42RLY - c:\windows\system32\bcm42rly.sys (file missing)
S3 CBTNDIS5 (CBTNDIS5 NDIS Protocol Driver) - c:\windows\system32\cbtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 WUSB54GPV4SRV (Linksys Home Wireless-G USB Adaptor Driver) - c:\windows\system32\drivers\rt2500usb.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 WLANKEEPER (Intel(R) PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel(R) Corporation; SSO Service>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01C91028&REV_02\4&2FA23535&0&00F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01C91028&REV_02\4&2FA23535&0&00F0
Service: bcm4sbxp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/Wireless 2915ABG Network Connection
Device ID: PCI\VEN_8086&DEV_4223&SUBSYS_10208086&REV_05\4&2FA23535&0&18F0
Manufacturer: Intel Corporation
Name: Intel(R) PRO/Wireless 2915ABG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4223&SUBSYS_10208086&REV_05\4&2FA23535&0&18F0
Service: w29n51

-- Scheduled Tasks -------------------------------------------------------------

2007-11-29 03:30:00 426 --a------ C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job
2007-11-23 22:10:36 530 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - MENDY.job

-- Files created between 2007-10-29 and 2007-11-29 -----------------------------

2007-11-29 06:22:25 0 d-------- C:\Program Files\Real
2007-11-28 23:28:16 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2007-11-28 14:10:49 0 d-------- C:\Program Files\ABC
2007-11-28 10:55:05 0 d-------- C:\VundoFix Backups
2007-11-28 10:50:24 0 d-------- C:\WINDOWS\system32\Copy of xircom
2007-11-28 10:50:24 0 d-------- C:\WINDOWS\system32\Copy of wins
2007-11-28 10:50:24 0 d-------- C:\WINDOWS\system32\Copy of NewmsrdkForKey
2007-11-28 10:50:24 0 d---s---- C:\WINDOWS\system32\Copy of Microsoft
2007-11-28 10:50:24 0 d-------- C:\WINDOWS\system32\Copy of inetsrv
2007-11-28 10:50:24 0 d-------- C:\WINDOWS\system32\Copy of export
2007-11-28 10:50:24 0 d-------- C:\WINDOWS\system32\Copy of dhcp
2007-11-28 10:50:24 0 d-------- C:\WINDOWS\system32\Copy of 3com_dmi
2007-11-28 10:50:24 0 d-------- C:\WINDOWS\system32\Copy of 3076
2007-11-28 10:50:24 0 d-------- C:\WINDOWS\system32\Copy of 2052
2007-11-28 10:50:24 0 d-------- C:\WINDOWS\system32\Copy of 1054
2007-11-28 10:50:24 0 d-------- C:\WINDOWS\system32\Copy of 1042
2007-11-28 10:50:24 0 d-------- C:\WINDOWS\system32\Copy of 1041
2007-11-28 10:50:24 0 d-------- C:\WINDOWS\system32\Copy of 1037
2007-11-28 10:50:24 0 d-------- C:\WINDOWS\system32\Copy of 1031
2007-11-28 10:50:24 0 d-------- C:\WINDOWS\system32\Copy of 1028
2007-11-28 10:50:24 0 d-------- C:\WINDOWS\system32\Copy of 1025
2007-11-25 00:50:12 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-24 19:38:43 0 d-------- C:\Program Files\directx
2007-11-24 19:38:41 0 d-------- C:\Documents and Settings\LocalService\Desktop
2007-11-18 23:29:19 0 d-------- C:\Program Files\Instant Access
2007-11-18 15:12:24 0 d-------- C:\Program Files\Strategy First
2007-11-06 19:23:24 0 d-------- C:\WINDOWS\Profiles
2007-11-06 19:23:20 0 d-------- C:\WINDOWS\system32\Adobe
2007-11-06 19:23:20 0 d-------- C:\Documents and Settings\MENDY\Application Data\InterTrust

-- Find3M Report ---------------------------------------------------------------

2007-11-25 23:25:01 0 d-------- C:\Program Files\QuickTime
2007-11-25 23:17:15 0 d-------- C:\Program Files\Norton AntiVirus
2007-11-25 23:13:42 0 d-------- C:\Program Files\Messenger
2007-11-25 23:13:10 0 d-------- C:\Program Files\Lexmark Toolbar
2007-11-25 23:09:19 0 d-------- C:\Program Files\Google
2007-11-25 23:09:13 0 d-------- C:\Program Files\DellSupport
2007-11-25 23:07:13 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-25 23:05:30 0 d-------- C:\Program Files\BellSouth Accelerator Technology
2007-11-25 11:53:32 0 d-------- C:\Program Files\poolsv
2007-11-24 20:54:09 0 d-------- C:\Program Files\Dell Games
2007-11-24 20:40:11 0 d-------- C:\Program Files\Selectsoft
2007-11-06 19:24:39 0 d-------- C:\Program Files\Microsoft Games
2007-11-06 19:23:20 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-05 20:35:09 0 d-------- C:\Program Files\Common Files
2007-11-05 09

33 0 d-------- C:\Program Files\Symantec
2007-10-09 10:55:40 0 d-------- C:\Program Files\Common Files\Real
2007-10-01 18:03:41 184320 --a------ C:\WINDOWS\system32\OESICore.dll <Not Verified; Homestead Technologies, Inc.; Homestead.com Turbo/Site Integration Core>
2007-10-01 18:03:41 45056 --a------ C:\WINDOWS\system32\HSSICore.dll <Not Verified; Homestead Technologies, Inc.; Homestead.com Turbo/Site Integration Core>
2007-09-29 11:58:45 91648 --a------ C:\WINDOWS\gzip.exe
2007-09-29 11:58:18 0 d-------- C:\Program Files\Homestead

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69B2CAAF-7749-4E1B-BE06-4F64222E18B7}]
C:\WINDOWS\system32\ssqrp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864A5-3916-46E2-96A9-A2E84F3F1208}]
C:\Program Files\Accoona\ASearchAssist.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/24/2005 06:36 AM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [07/19/2005 10:09 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [07/19/2005 10:06 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [07/19/2005 10:10 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [04/13/2005 02:48 AM]
"SigmatelSysTrayApp"="stsystra.exe" [08/23/2005 11:42 PM C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 04:19 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 01:05 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 10:44 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 10:44 AM]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [09/18/2006 12:46 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [12/05/2005 11:37 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [11/28/2005 10:41 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [08/30/2006 06:56 PM]
"Propel Accelerator"="C:\Program Files\BellSouth Accelerator Technology\trayctl.exe" [06/27/2006 04:12 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 09:59 PM]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [09/05/2006 08:22 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 05:30 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 10:24 AM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/07/2007 09:08 PM]
"Instant Access"="C:\WINDOWS\system32\lnaccess.exe" [09/06/2007 03:32 PM]
"onmsbyafo"="c:\documents and settings\mendy\local settings\application data\onmsbyafo.exe" [11/20/2007 08:53 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 9:05:26 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [6/7/2007 9:08:41 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxurpo]
cbxurpo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrp]
C:\WINDOWS\system32\ssqrp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

-- End of Deckard's System Scanner: finished at 2007-11-29 06:54:27 ------------

tetonbob · 11-29-2007, 08:26 AM

Thanks for providing the logs.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Download ComboFix from one of these locations.
- http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- http://www.techsupportforum.com/sect...s/ComboFix.exe
---------------------------------------------------------------------------------------------

* IMPORTANT !!! Place combofix.exe on your Desktop
Disconnect from the internet. Pull the plug!
Disable your AntiVirus application, usually via a right click on the System Tray icon.
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.321search.com
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: (no name) - {69B2CAAF-7749-4E1B-BE06-4F64222E18B7} - C:\WINDOWS\system32\ssqrp.dll (file missing)
O2 - BHO: ADefaultSearch Class - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\lnaccess.exe /res
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://us2-scripts.dlv4.com/binaries...1073_em_XP.cab
O20 - Winlogon Notify: cbxurpo - cbxurpo.dll (file missing)
O20 - Winlogon Notify: ssqrp - C:\WINDOWS\system32\ssqrp.dll (file missing)

Close HijackThis now.

---------------------------------------------------------------------------------------------
Go to -> Run -> paste in the following single line command & click OK

"%userprofile%\desktop\combofix.exe" /killall
Follow the prompts. Type "1" and press Enter to begin the scan.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus is re-enabled. A reboot should have done this.
Re-establish an internet connection.
Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

SonjaM7312 · 11-29-2007, 03:11 PM

Logfile of HijackThis v1.99.1
Scan saved at 4:05:53 PM, on 11/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\BellSouth Accelerator Technology\propelac.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\BellSouth® Internet Services\Dialer\DartDialer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ABC\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\BellSouth Accelerator Technology\prpl_IePopupBlocker.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\BellSouth Accelerator Technology\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\BellSouth Accelerator Technology\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\BellSouth Accelerator Technology\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www1.snapfish.com/SnapfishOutlookImport.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{85653724-D20B-4F9D-A6CA-0E45C2429A42}: NameServer = 205.152.37.23 205.152.132.23
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

ComboFix log

ComboFix 07-11-19.4C - MENDY 2007-11-29 14:55:12.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.154 [GMT -6:00]
Running from: C:\Documents and Settings\MENDY\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\Documents and Settings\MENDY\Local Settings\Application Data\onmsbyafo.dat
C:\Documents and Settings\MENDY\Local Settings\Application Data\onmsbyafo.exe
c:\Documents and Settings\MENDY\Local Settings\Application Data\onmsbyafo_nav.dat
C:\Documents and Settings\MENDY\Local Settings\Application Data\onmsbyafo_navps.dat
C:\Program Files\instant access
C:\Program Files\instant access\Center\Crazy Girls.upd
C:\Program Files\instant access\Center\Fun-Games.upd
C:\Program Files\instant access\Center\GAMES-DESKTOP.COM.upd
C:\Program Files\instant access\Center\SERIALPLAYERS.upd
C:\Program Files\instant access\Center\tray1.ico
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\EN\txt1.gif
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\EN\txt2.gif
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\h1.gif
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\h2.gif
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\h3.gif
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\l1.gif
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\l2.gif
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\l3.gif
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\l4.gif
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\l5.gif
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\logo.gif
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\pic1.jpg
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\pic2.jpg
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\pic3.jpg
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\vid1.jpg
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\vid2.jpg
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\vid3.jpg
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\5219345df144faaacbda30660f07a0fc.html
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\5219345df144faaacbda30660f07a0fc.html_0.loginvis
C:\Program Files\instant access\Dialer\1033802053\us2-external-api.dlv4.com\js\a2fb689eb0a5542939b0d2ab10208e4d
C:\Program Files\instant access\Dialer\1033802053\us2-www.0texkax7c6hzuidk.com\Common\5e698d7dcf6ba8b62992173e4d5cb59f.html
C:\Program Files\instant access\Dialer\1033802053\us2-www.0texkax7c6hzuidk.com\custom\4256\EN\button1.gif
C:\Program Files\instant access\Dialer\1033802053\us2-www.0texkax7c6hzuidk.com\custom\4256\EN\button2.gif
C:\Program Files\instant access\Dialer\1033802053\us2-www.0texkax7c6hzuidk.com\custom\4256\EN\button3.gif
C:\Program Files\instant access\Dialer\1033802053\us2-www.0texkax7c6hzuidk.com\custom\4256\EN\button4.gif
C:\Program Files\instant access\Dialer\1077506764\Crazy Girls.lnk
C:\Program Files\instant access\Dialer\1077506764\fp.pc-on-internet.com\2e6b0c9d5c70305d9b124f8d3a98680e.html
C:\Program Files\instant access\Dialer\1077506764\fp.pc-on-internet.com\2e6b0c9d5c70305d9b124f8d3a98680e.html_0.loginvis
C:\Program Files\instant access\Dialer\1077506764\fp.pc-on-internet.com\50281\images\EN\index_01.gif
C:\Program Files\instant access\Dialer\1077506764\fp.pc-on-internet.com\50281\images\EN\index_02.gif
C:\Program Files\instant access\Dialer\1077506764\fp.pc-on-internet.com\50281\images\index_04.jpg
C:\Program Files\instant access\Dialer\1077506764\us2-external-api.dlv4.com\js\0df1a4daf3f8c6cbd463d7b3a352af7d
C:\Program Files\instant access\Dialer\1077506764\us2-www.0texkax7c6hzuidk.com\Common\049152f555a67f56432c7916d52c234e.html
C:\Program Files\instant access\Dialer\1077506764\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button1.gif
C:\Program Files\instant access\Dialer\1077506764\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button2.gif
C:\Program Files\instant access\Dialer\1077506764\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button3.gif
C:\Program Files\instant access\Dialer\1077506764\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button4.gif
C:\Program Files\instant access\Dialer\133202765\fp.gad-network.com\50110\images\bckg.gif
C:\Program Files\instant access\Dialer\133202765\fp.pc-on-internet.com\50110\images\EN\index_01.jpg
C:\Program Files\instant access\Dialer\133202765\fp.pc-on-internet.com\50110\images\index_03.jpg
C:\Program Files\instant access\Dialer\133202765\fp.pc-on-internet.com\a3d663faf6f3ce6fd17c6e8185347345.html
C:\Program Files\instant access\Dialer\133202765\fp.pc-on-internet.com\a3d663faf6f3ce6fd17c6e8185347345.html_0.loginvis
C:\Program Files\instant access\Dialer\133202765\us2-external-api.dlv4.com\js\3e84b5ebe4105b22b65ad28a9c76a162
C:\Program Files\instant access\Dialer\133202765\us2-www.0texkax7c6hzuidk.com\Common\cd07c400182e332dbcd9b05992b0de66.html
C:\Program Files\instant access\Dialer\133202765\us2-www.0texkax7c6hzuidk.com\custom\4339\EN\button1.gif
C:\Program Files\instant access\Dialer\133202765\us2-www.0texkax7c6hzuidk.com\custom\4339\EN\button2.gif
C:\Program Files\instant access\Dialer\133202765\us2-www.0texkax7c6hzuidk.com\custom\4339\EN\button3.gif
C:\Program Files\instant access\Dialer\133202765\us2-www.0texkax7c6hzuidk.com\custom\4339\EN\button4.gif
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\00.gif
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\bando.jpg
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\bando_bas.jpg
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\bando_haut.jpg
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\bas.gif
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\d.gif
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\EN\fun1.gif
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\EN\fun2.gif
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\EN\fun3.gif
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\EN\fun4.gif
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\EN\jeu1.gif
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\EN\jeu2.gif
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\EN\jeu3.gif
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\EN\titre.gif
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\g.gif
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\a2acac7e866026f04ce03b40443a9ada.html
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\a2acac7e866026f04ce03b40443a9ada.html_0.loginvis
C:\Program Files\instant access\Dialer\150607247\GAMES-DESKTOP.COM.lnk
C:\Program Files\instant access\Dialer\150607247\us2-external-api.dlv4.com\js\7a655120da9b9d8fe96043ef5ce9e056
C:\Program Files\instant access\Dialer\150607247\us2-www.0texkax7c6hzuidk.com\Common\fac93cde7939314bb04c4046fe63af8d.html
C:\Program Files\instant access\Dialer\150607247\us2-www.0texkax7c6hzuidk.com\custom\4160\4160_dialer.ico
C:\Program Files\instant access\Dialer\150607247\us2-www.0texkax7c6hzuidk.com\custom\4160\EN\button1.gif
C:\Program Files\instant access\Dialer\150607247\us2-www.0texkax7c6hzuidk.com\custom\4160\EN\button2.gif
C:\Program Files\instant access\Dialer\150607247\us2-www.0texkax7c6hzuidk.com\custom\4160\EN\button3.gif
C:\Program Files\instant access\Dialer\150607247\us2-www.0texkax7c6hzuidk.com\custom\4160\EN\button4.gif
C:\Program Files\instant access\Dialer\150607247\http://www.rapid-pass.net\789e4360fd...43989e6f6210b1
C:\Program Files\instant access\Dialer\362074402\fp.pc-on-internet.com\274d9db5fe3a5ca3999f58be5eebba57.html
C:\Program Files\instant access\Dialer\362074402\fp.pc-on-internet.com\274d9db5fe3a5ca3999f58be5eebba57.html_0.loginvis
C:\Program Files\instant access\Dialer\362074402\fp.pc-on-internet.com\50282\images\EN\index_01.gif
C:\Program Files\instant access\Dialer\362074402\fp.pc-on-internet.com\50282\images\EN\index_02.gif
C:\Program Files\instant access\Dialer\362074402\fp.pc-on-internet.com\50282\images\index_03.jpg
C:\Program Files\instant access\Dialer\362074402\us2-external-api.dlv4.com\js\55f404d95a022643d8257aa8895fb236
C:\Program Files\instant access\Dialer\362074402\us2-www.0texkax7c6hzuidk.com\Common\058afa0363434457539746c687645f15.html
C:\Program Files\instant access\Dialer\362074402\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button1.gif
C:\Program Files\instant access\Dialer\362074402\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button2.gif
C:\Program Files\instant access\Dialer\362074402\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button3.gif
C:\Program Files\instant access\Dialer\362074402\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button4.gif
C:\Program Files\instant access\Dialer\384097938\us2-external-api.dlv4.com\js\1917347171ef733d49bc90c7a0e96822
C:\Program Files\instant access\Dialer\384097938\us2-www.0texkax7c6hzuidk.com\Common\d734fcbd2875cb2cee95f3d403755bc5.html
C:\Program Files\instant access\Dialer\384097938\us2-www.0texkax7c6hzuidk.com\Common\d734fcbd2875cb2cee95f3d403755bc5.html_0.loginvis
C:\Program Files\instant access\Dialer\384097938\us2-www.0texkax7c6hzuidk.com\custom\4160\EN\button1.gif
C:\Program Files\instant access\Dialer\384097938\us2-www.0texkax7c6hzuidk.com\custom\4160\EN\button2.gif
C:\Program Files\instant access\Dialer\384097938\us2-www.0texkax7c6hzuidk.com\custom\4160\EN\button3.gif
C:\Program Files\instant access\Dialer\384097938\us2-www.0texkax7c6hzuidk.com\custom\4160\EN\button4.gif
C:\Program Files\instant access\Dialer\395004339\es6-external-api.dlv4.com\js\08746d00e1fa6e83368b2bc62d212eef
C:\Program Files\instant access\Dialer\395004339\es6-scripts.nccgateway.com\Common\358d75fffc2b04ed7bdcc84788642627.html
C:\Program Files\instant access\Dialer\395004339\Fun-Games.lnk
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\09ad72aa7cf1f177e7fa6f76390459ac.html
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\09ad72aa7cf1f177e7fa6f76390459ac.html_0.loginvis
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_01.jpg
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_02.jpg
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_03.gif
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_04.jpg
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_05.jpg
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_06.jpg
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_07.jpg
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_09.jpg
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_10.jpg
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_11.jpg
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_12.jpg
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_13.jpg
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_16.jpg
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_17.jpg
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_18.jpg
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\flash-1.swf
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\flash-2.swf
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\flash-3.swf
C:\Program Files\instant access\Dialer\395004339\http://www.waypointcash.com\conversi...7e66ae9b3f9905
C:\Program Files\instant access\Dialer\406769774\fp.pc-on-internet.com\235efb54ac074e29b6e3cc6cba1b8f66.html
C:\Program Files\instant access\Dialer\406769774\fp.pc-on-internet.com\235efb54ac074e29b6e3cc6cba1b8f66.html_0.loginvis
C:\Program Files\instant access\Dialer\406769774\fp.pc-on-internet.com\50214\images\EN\index_01.jpg
C:\Program Files\instant access\Dialer\406769774\fp.pc-on-internet.com\50214\images\index_02.jpg
C:\Program Files\instant access\Dialer\406769774\fp.pc-on-internet.com\50214\images\index_04.jpg
C:\Program Files\instant access\Dialer\406769774\SERIALPLAYERS.lnk
C:\Program Files\instant access\Dialer\406769774\us2-external-api.dlv4.com\js\25b3f6c025f3269d99e2e48eed0c9974
C:\Program Files\instant access\Dialer\406769774\us2-www.0texkax7c6hzuidk.com\Common\8227a52656381d1f87545f21d6dd8487.html
C:\Program Files\instant access\Dialer\406769774\us2-www.0texkax7c6hzuidk.com\custom\4282\4282_dialer.ico
C:\Program Files\instant access\Dialer\406769774\us2-www.0texkax7c6hzuidk.com\custom\4282\EN\button1.gif
C:\Program Files\instant access\Dialer\406769774\us2-www.0texkax7c6hzuidk.com\custom\4282\EN\button2.gif
C:\Program Files\instant access\Dialer\406769774\us2-www.0texkax7c6hzuidk.com\custom\4282\EN\button3.gif
C:\Program Files\instant access\Dialer\406769774\us2-www.0texkax7c6hzuidk.com\custom\4282\EN\button4.gif
C:\Program Files\instant access\Dialer\406769774\http://www.rapid-pass.net\f494cc8f64...c38cc689a3e6b9
C:\Program Files\instant access\Dialer\528888614\fp.pc-on-internet.com\50274\images\EN\index_01.jpg
C:\Program Files\instant access\Dialer\528888614\fp.pc-on-internet.com\50274\images\EN\index_02.jpg
C:\Program Files\instant access\Dialer\528888614\fp.pc-on-internet.com\50274\images\EN\index_05.jpg
C:\Program Files\instant access\Dialer\528888614\fp.pc-on-internet.com\50274\images\index_03.jpg
C:\Program Files\instant access\Dialer\528888614\fp.pc-on-internet.com\d90faf27639e8db579b5f82fbce64960.html
C:\Program Files\instant access\Dialer\528888614\fp.pc-on-internet.com\d90faf27639e8db579b5f82fbce64960.html_0.loginvis
C:\Program Files\instant access\Dialer\528888614\us2-external-api.dlv4.com\js\15d50c6922c465feb4d79925e06f0533
C:\Program Files\instant access\Dialer\528888614\us2-www.0texkax7c6hzuidk.com\Common\6249cd562d66a32c9421ea49e8b5d4b5.html
C:\Program Files\instant access\Dialer\528888614\us2-www.0texkax7c6hzuidk.com\custom\4279\EN\button1.gif
C:\Program Files\instant access\Dialer\528888614\us2-www.0texkax7c6hzuidk.com\custom\4279\EN\button2.gif
C:\Program Files\instant access\Dialer\528888614\us2-www.0texkax7c6hzuidk.com\custom\4279\EN\button3.gif
C:\Program Files\instant access\Dialer\528888614\us2-www.0texkax7c6hzuidk.com\custom\4279\EN\button4.gif
C:\Program Files\instant access\Dialer\579185367\fp.pc-on-internet.com\50282\images\EN\index_01.gif
C:\Program Files\instant access\Dialer\579185367\fp.pc-on-internet.com\50282\images\EN\index_02.gif
C:\Program Files\instant access\Dialer\579185367\fp.pc-on-internet.com\50282\images\index_03.jpg
C:\Program Files\instant access\Dialer\579185367\fp.pc-on-internet.com\d61e362f21061102c871cdac7253c049.html
C:\Program Files\instant access\Dialer\579185367\fp.pc-on-internet.com\d61e362f21061102c871cdac7253c049.html_0.loginvis
C:\Program Files\instant access\Dialer\579185367\us2-external-api.dlv4.com\js\562dd916f2cbfe23eec3fea7135201c1
C:\Program Files\instant access\Dialer\579185367\us2-www.0texkax7c6hzuidk.com\Common\aeaf40dccb2922aaebee9977a82e070e.html
C:\Program Files\instant access\Dialer\579185367\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button1.gif
C:\Program Files\instant access\Dialer\579185367\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button2.gif
C:\Program Files\instant access\Dialer\579185367\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button3.gif
C:\Program Files\instant access\Dialer\579185367\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button4.gif
C:\Program Files\instant access\Dialer\586223745\es6-external-api.dlv4.com\js\08746d00e1fa6e83368b2bc62d212eef
C:\Program Files\instant access\Dialer\586223745\es6-scripts.nccgateway.com\Common\358d75fffc2b04ed7bdcc84788642627.html
C:\Program Files\instant access\Dialer\586223745\es6-scripts.nccgateway.com\custom\3020\EN\button1.gif
C:\Program Files\instant access\Dialer\586223745\es6-scripts.nccgateway.com\custom\3020\EN\button2.gif
C:\Program Files\instant access\Dialer\586223745\es6-scripts.nccgateway.com\custom\3020\EN\button3.gif
C:\Program Files\instant access\Dialer\586223745\es6-scripts.nccgateway.com\custom\3020\EN\button4.gif
C:\Program Files\instant access\Dialer\586223745\Fun-Games.lnk
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\09ad72aa7cf1f177e7fa6f76390459ac.html
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\09ad72aa7cf1f177e7fa6f76390459ac.html_0.loginvis
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_01.jpg
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_02.jpg
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_03.gif
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_04.jpg
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_05.jpg
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_06.jpg
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_07.jpg
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_09.jpg
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_10.jpg
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_11.jpg
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_12.jpg
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_13.jpg
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_16.jpg
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_17.jpg
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_18.jpg
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\flash-1.swf
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\flash-2.swf
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\flash-3.swf
C:\Program Files\instant access\Dialer\586223745\http://www.waypointcash.com\conversi...7e66ae9b3f9905
C:\Program Files\instant access\Dialer\683255145\es6-external-api.dlv4.com\js\08746d00e1fa6e83368b2bc62d212eef
C:\Program Files\instant access\Dialer\683255145\es6-scripts.nccgateway.com\Common\86cebfec6a47389f820ef1ff27e1bd2f.html
C:\Program Files\instant access\Dialer\683255145\es6-scripts.nccgateway.com\Common\86cebfec6a47389f820ef1ff27e1bd2f.html_0.loginvis
C:\Program Files\instant access\Dialer\683255145\es6-scripts.nccgateway.com\custom\3020\EN\button1.gif
C:\Program Files\instant access\Dialer\683255145\es6-scripts.nccgateway.com\custom\3020\EN\button2.gif
C:\Program Files\instant access\Dialer\683255145\es6-scripts.nccgateway.com\custom\3020\EN\button3.gif
C:\Program Files\instant access\Dialer\683255145\es6-scripts.nccgateway.com\custom\3020\EN\button4.gif
C:\Program Files\instant access\Dialer\719965770\fp.gad-network.com\50110\images\bckg.gif
C:\Program Files\instant access\Dialer\719965770\fp.pc-on-internet.com\50110\images\EN\index_01.jpg
C:\Program Files\instant access\Dialer\719965770\fp.pc-on-internet.com\50110\images\index_03.jpg
C:\Program Files\instant access\Dialer\719965770\fp.pc-on-internet.com\a3d663faf6f3ce6fd17c6e8185347345.html
C:\Program Files\instant access\Dialer\719965770\fp.pc-on-internet.com\a3d663faf6f3ce6fd17c6e8185347345.html_0.loginvis
C:\Program Files\instant access\Dialer\719965770\us2-external-api.dlv4.com\js\3e84b5ebe4105b22b65ad28a9c76a162
C:\Program Files\instant access\Dialer\719965770\us2-www.0texkax7c6hzuidk.com\Common\cd07c400182e332dbcd9b05992b0de66.html
C:\Program Files\instant access\Dialer\719965770\us2-www.0texkax7c6hzuidk.com\custom\4339\EN\button1.gif
C:\Program Files\instant access\Dialer\719965770\us2-www.0texkax7c6hzuidk.com\custom\4339\EN\button2.gif
C:\Program Files\instant access\Dialer\719965770\us2-www.0texkax7c6hzuidk.com\custom\4339\EN\button3.gif
C:\Program Files\instant access\Dialer\719965770\us2-www.0texkax7c6hzuidk.com\custom\4339\EN\button4.gif
C:\Program Files\instant access\Dialer\736826486\fp.pc-on-internet.com\50281\images\EN\index_01.gif
C:\Program Files\instant access\Dialer\736826486\fp.pc-on-internet.com\50281\images\EN\index_02.gif
C:\Program Files\instant access\Dialer\736826486\fp.pc-on-internet.com\50281\images\index_04.jpg
C:\Program Files\instant access\Dialer\736826486\fp.pc-on-internet.com\691dda679a5aecc4254e75a12e61b137.html
C:\Program Files\instant access\Dialer\736826486\fp.pc-on-internet.com\691dda679a5aecc4254e75a12e61b137.html_0.loginvis
C:\Program Files\instant access\Dialer\736826486\us2-external-api.dlv4.com\js\b0f039ba7d1d4348e580f96febf05f8f
C:\Program Files\instant access\Dialer\736826486\us2-www.0texkax7c6hzuidk.com\Common\81c48f57a1ee951ce62f657872c9142b.html
C:\Program Files\instant access\Dialer\736826486\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button1.gif
C:\Program Files\instant access\Dialer\736826486\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button2.gif
C:\Program Files\instant access\Dialer\736826486\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button3.gif
C:\Program Files\instant access\Dialer\736826486\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button4.gif
C:\Program Files\instant access\Dialer\985715611\us2-external-api.dlv4.com\js\4b0b57cf462bba1711a290f60b02961e
C:\Program Files\instant access\Dialer\985715611\us2-www.0texkax7c6hzuidk.com\Common\5337388825079376b0f998654615846a.html
C:\Program Files\instant access\Dialer\985715611\us2-www.0texkax7c6hzuidk.com\Common\5337388825079376b0f998654615846a.html_0.loginvis
C:\Program Files\instant access\Dialer\985715611\us2-www.0texkax7c6hzuidk.com\custom\4282\EN\button1.gif
C:\Program Files\instant access\Dialer\985715611\us2-www.0texkax7c6hzuidk.com\custom\4282\EN\button2.gif
C:\Program Files\instant access\Dialer\985715611\us2-www.0texkax7c6hzuidk.com\custom\4282\EN\button3.gif
C:\Program Files\instant access\Dialer\985715611\us2-www.0texkax7c6hzuidk.com\custom\4282\EN\button4.gif
C:\Program Files\instant access\Dialer\99123178\fp.pc-on-internet.com\055d23083302114e577e443e9c3493d0.html
C:\Program Files\instant access\Dialer\99123178\fp.pc-on-internet.com\055d23083302114e577e443e9c3493d0.html_0.loginvis
C:\Program Files\instant access\Dialer\99123178\fp.pc-on-internet.com\50274\images\EN\index_01.jpg
C:\Program Files\instant access\Dialer\99123178\fp.pc-on-internet.com\50274\images\EN\index_02.jpg
C:\Program Files\instant access\Dialer\99123178\fp.pc-on-internet.com\50274\images\EN\index_05.jpg
C:\Program Files\instant access\Dialer\99123178\fp.pc-on-internet.com\50274\images\index_03.jpg
C:\Program Files\instant access\Dialer\99123178\us2-external-api.dlv4.com\js\559e3f66eb948f584ca31a3483e8fe5c
C:\Program Files\instant access\Dialer\99123178\us2-www.0texkax7c6hzuidk.com\Common\5be931d351cac44ba9a5bafc984cdba0.html
C:\Program Files\instant access\Dialer\99123178\us2-www.0texkax7c6hzuidk.com\custom\4279\EN\button1.gif
C:\Program Files\instant access\Dialer\99123178\us2-www.0texkax7c6hzuidk.com\custom\4279\EN\button2.gif
C:\Program Files\instant access\Dialer\99123178\us2-www.0texkax7c6hzuidk.com\custom\4279\EN\button3.gif
C:\Program Files\instant access\Dialer\99123178\us2-www.0texkax7c6hzuidk.com\custom\4279\EN\button4.gif
C:\Program Files\poolsv
C:\Program Files\svhost
C:\WINDOWS\system32\nvs2.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_IPRIP
-------\Iprip
-------\nm

((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))
.

2007-11-29 06:50 <DIR> d-------- C:\Deckard
2007-11-29 06:22 <DIR> d-------- C:\Program Files\Real
2007-11-28 23:28 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-11-28 14:10 <DIR> d-------- C:\Program Files\ABC
2007-11-28 10:55 <DIR> d-------- C:\VundoFix Backups
2007-11-25 00:50 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-25 00:50 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-24 19:38 <DIR> d-------- C:\Program Files\directx
2007-11-18 15:12 <DIR> d-------- C:\Program Files\Strategy First
2007-11-06 19:23 <DIR> d-------- C:\WINDOWS\system32\Adobe
2007-11-06 19:23 <DIR> d-------- C:\WINDOWS\Profiles
2007-11-06 19:23 <DIR> d-------- C:\Documents and Settings\MENDY\Application Data\InterTrust
2007-10-30 19:55 145,968 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2007-10-30 19:55 39,856 --a------ C:\WINDOWS\system32\drivers\symids.sys
2007-10-30 19:55 37,936 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
2007-10-30 19:55 35,120 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2007-10-30 19:55 12,848 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2007-10-30 19:24 12,963 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat
2007-10-30 19:24 1,358 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-28 20:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-26 05:25 --------- d-----w C:\Program Files\QuickTime
2007-11-26 05:17 --------- d-----w C:\Program Files\Norton AntiVirus
2007-11-26 05:13 --------- d-----w C:\Program Files\Lexmark Toolbar
2007-11-26 05:09 --------- d-----w C:\Program Files\Google
2007-11-26 05:09 --------- d-----w C:\Program Files\DellSupport
2007-11-26 05:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-26 05:05 --------- d-----w C:\Program Files\BellSouth Accelerator Technology
2007-11-25 06:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-25 02:54 --------- d-----w C:\Program Files\Dell Games
2007-11-25 02:40 --------- d-----w C:\Program Files\Selectsoft
2007-11-07 01:24 --------- d-----w C:\Program Files\Microsoft Games
2007-11-07 01:23 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-05 15:06 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-11-05 15:06 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-11-05 15:06 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-05 15:06 --------- d-----w C:\Program Files\Symantec
2007-10-31 01:55 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-10-31 01:55 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-10-29 04:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2007-10-09 16:55 --------- d-----w C:\Program Files\Common Files\Real
2007-09-29 17:58 91,648 ----a-w C:\WINDOWS\gzip.exe
2007-09-29 17:58 --------- d-----w C:\Program Files\Homestead
2007-06-22 00:25 225,776 -c--a-w C:\Documents and Settings\MENDY\Application Data\GDIPFONTCACHEV1.DAT
2007-05-21 18:27 67,819 -c--a-w C:\Program Files\INSTALL.LOG
2006-01-22 15:50 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2005-12-26 04:04 2,002,069 -c--a-w C:\Program Files\yahoo_texttwist_tm1-1.exe
2005-12-24 23:20 3,411,891 -c--a-w C:\Program Files\yahoo_spsolitaire_tm1-1.exe
1997-01-03 15:25 361,984 -c--a-w C:\Program Files\EyeCand3.dll
1997-01-03 04:59 375,296 -c--a-w C:\Program Files\EC3-ENG.8BF
1997-01-03 01:24 720,690 -c--a-w C:\Program Files\EC3-ENG.PDF
1996-10-24 23:45 59,952 -c--a-w C:\Program Files\UNWISE.EXE
2006-12-14 03:36 56 --sh--r C:\WINDOWS\system32\208BE54AEB.sys
2005-12-24 13:26 56 --sh--r C:\WINDOWS\system32\99C26D7B5C.sys
2006-12-14 04:04 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 21:08]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-24 06:36]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 10:09]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 10:06]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 10:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48]
"SigmatelSysTrayApp"="stsystra.exe" [2005-08-23 23:42 C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 12:46]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 11:37]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 10:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-30 18:56]
"Propel Accelerator"="C:\Program Files\BellSouth Accelerator Technology\trayctl.exe" [2006-06-27 16:12]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 20:22]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-03-06 23:06]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-07 21:08:41]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\CBTNDIS5.SYS
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 winusb;WinUSB Service;C:\WINDOWS\system32\DRIVERS\WinUSB.SYS
S3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

.
Contents of the 'Scheduled Tasks' folder
"2007-11-24 04:10:36 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - MENDY.job"
- C:\PROGRA~1\NORTON~1\Navw32.exe
"2007-11-29 09:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 15:05:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-29 15:09:04 - machine was rebooted
.
--- E O F ---

tetonbob · 11-29-2007, 03:49 PM

That looks much better.

Delete this folder:

C:\VundoFix Backups

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 u3 and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u3-windowsi586-p.exe to install the newest version.

After the install is complete, go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
  - Applications and Applets
    Trace and Log Files
- Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
- Click OK to leave the Temporary Files Window
- Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

Please run this online scan to help look for remnants.

First, Go to Start>Control Panel>Add/Remove Programs and remove Kaspersky online scanner if present prior to downloading the most up-to-date one.

Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------------------------------------------------------------------------------------

Also post a new HijackThis log, and tell me how your system is behaving.

SonjaM7312 · 11-30-2007, 08:23 PM

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, November 30, 2007 9:19:09 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/12/2007
Kaspersky Anti-Virus database records: 469631
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 117191
Number of viruses found: 2
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 01:54:06

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-11-30_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\41EE9F4E.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\All Users\Documents\ACT\ACT for Windows\Email\ActEmailMessageStore.mdf Object is locked skipped
C:\Documents and Settings\All Users\Documents\ACT\ACT for Windows\Email\ActEmailMessageStoreLog.LDF Object is locked skipped
C:\Documents and Settings\All Users\Documents\ccErrDspLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Documents\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\ESBK.mb Object is locked skipped
C:\Documents and Settings\All Users\Documents\ESBK.mbb Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\000331EE\01_Music_auto_rated_at_5_stars.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\000331EE\02_Music_added_in_the_last_month.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\000331EE\03_Music_rated_at_4_or_5_stars.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\000331EE\04_Music_played_in_the_last_month.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\000331EE\05_Pictures_taken_in_the_last_month.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\000331EE\06_Pictures_rated_4_or_5_stars.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\000331EE\07_TV_recorded_in_the_last_week.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\000331EE\08_Video_rated_at_4_or_5_stars.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\000331EE\09_Music_played_the_most.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\000331EE\10_All_Music.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\000331EE\11_All_Pictures.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\000331EE\12_All_Video.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-02\100_0239.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-02\100_0240.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-02\100_0241.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-02\100_0242.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-02\100_0243.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-02\100_0244.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-02\100_0245.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-02\100_0246.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-02\100_0247.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-02\100_0248.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-02\100_0249.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-02\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-04\100_0250.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-04\100_0251.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-04\100_0252.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-04\100_0253.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-04\100_0254.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-04\100_0255.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-04\100_0256.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-04\100_0257.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-04\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-22\100_0258.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-22\100_0259.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-22\100_0260.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-22\100_0261.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-22\100_0262.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-22\100_0263.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-22\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0264.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0265.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0266.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0267.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0268.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0269.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0270.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0271.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0272.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0273.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0274.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0275.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0276.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0277.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0278.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0279.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0280.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0281.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0282.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0283.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0284.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0285.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0286.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0287.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0288.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0289.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0290.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0291.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0292.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0293.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0294.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0295.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0296.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0297.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0298.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0299.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0300.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0301.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0302.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0303.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0304.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0305.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0306.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0307.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0308.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0309.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0310.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0311.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0312.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0313.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0314.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0315.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0316.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0317.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0319.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0320.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0321.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0323.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0324.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0325.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0326.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0327.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0329.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0330.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0332.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\100_0333.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-10-28\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-18\100_0334.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-18\100_0335.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-18\100_0336.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-18\100_0337.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-18\100_0338.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-18\100_0339.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-18\100_0340.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-18\100_0341.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-18\100_0342.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-18\100_0343.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-18\100_0344.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-18\100_0345.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-18\100_0346.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-18\100_0347.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-18\100_0348.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-18\100_0349.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-18\100_0350.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-18\100_0351.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-18\100_0352.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-18\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-23\100_0353.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-23\100_0354.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-23\100_0355.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-23\100_0356.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-23\100_0357.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-23\100_0358.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-23\100_0359.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-23\100_0360.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-23\100_0361.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-23\100_0362.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-23\100_0363.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-23\100_0364.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-23\100_0365.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-23\100_0366.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-23\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-26\100_0367.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-26\100_0368.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-26\100_0369.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-26\100_0370.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-26\100_0371.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-26\100_0372.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-26\100_0373.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-26\100_0374.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-26\100_0375.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-26\100_0376.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-26\100_0377.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-26\100_0378.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-26\100_0379.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-26\100_0380.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-26\100_0381.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-26\100_0382.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-26\100_0383.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-26\100_0384.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-26\100_0385.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-26\100_0386.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-26\100_0387.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-26\100_0388.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-26\100_0389.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-26\100_0390.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-26\100_0391.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-11-26\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-08\100_0392.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-08\100_0393.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-08\100_0394.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-08\100_0395.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-08\100_0396.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-08\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-09\100_0397.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-09\100_0398.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-09\100_0399.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-09\100_0400.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-09\100_0401.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-09\100_0402.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-09\100_0403.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-09\100_0404.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-09\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-17\100_0405.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-17\100_0406.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-17\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0407.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0408.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0409.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0410.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0411.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0412.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0413.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0414.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0415.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0416.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0417.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0418.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0419.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0420.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0421.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0422.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0423.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0424.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0425.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0426.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0427.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0428.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0429.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0430.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0431.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0432.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0433.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0434.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0435.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0436.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0437.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0438.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0439.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\100_0440.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\Christmas 18.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\Christmas 18_00.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\Christmas 19.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\Picture 001.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\Picture 002.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\sss.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2006-12-23\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-01\100_0441.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-01\100_0442.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-01\100_0443.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-01\100_0444.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-01\100_0445.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-01\100_0446.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-01\100_0447.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-01\100_0448.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-01\100_0449.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-01\100_0450.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-01\100_0451.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-01\100_0452.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-01\100_0453.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-01\100_0454.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-01\100_0455.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-01\100_0456.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-01\100_0457.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-01\100_0458.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-01\100_0459.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-01\100_0460.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-01\100_0461.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-01\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-05\100_0462.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-05\100_0463.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-05\100_0464.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-05\100_0465.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-05\100_0466.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-05\100_0467.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-05\100_0468.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-05\100_0469.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-05\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-13\100_0470.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-13\100_0471.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-13\100_0472.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-13\100_0473.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-13\100_0474.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-13\100_0475.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-13\100_0476.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-13\100_0477.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-13\100_0478.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-13\100_0479.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-13\100_0480.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-13\100_0481.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-13\100_0482.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-13\100_0483.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-13\100_0484.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-13\100_0485.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-13\100_0486.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-13\100_0487.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-13\100_0488.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-13\100_0489.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-13\100_0490.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-13\100_0491.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-13\100_0492.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-13\100_0493.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-13\100_0494.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-13\100_0495.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-13\100_0496.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-13\100_0497.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-13\100_0498.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-01-13\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Videos\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\MENDY\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\MENDY\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\MENDY\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\MENDY\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\MENDY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\MENDY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\MENDY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\MENDY\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\MENDY\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\MENDY\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\MENDY\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\MENDY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\MENDY\Local Settings\Temp\JET4A7C.tmp Object is locked skipped
C:\Documents and Settings\MENDY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\MENDY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\MENDY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\BellSouth Accelerator Technology\logs\output_MENDY.log Object is locked skipped
C:\Program Files\BellSouth Accelerator Technology\temp\benchmark.dat Object is locked skipped
C:\Program Files\BellSouth Accelerator Technology\temp\codescache\13\8d13 Object is locked skipped
C:\Program Files\BellSouth Accelerator Technology\temp\codescache\20\fe20 Object is locked skipped
C:\Program Files\BellSouth Accelerator Technology\temp\codescache\67\7467 Object is locked skipped
C:\Program Files\BellSouth Accelerator Technology\temp\codescache\78\5878 Object is locked skipped
C:\Program Files\BellSouth Accelerator Technology\temp\codescache\aa\e4aa Object is locked skipped
C:\Program Files\BellSouth Accelerator Technology\temp\codescache\activeDomains Object is locked skipped
C:\Program Files\BellSouth Accelerator Technology\temp\codescache\nonactiveDomains Object is locked skipped
C:\Program Files\BellSouth Accelerator Technology\temp\http_cache\headers\_0000_1 Object is locked skipped
C:\Program Files\BellSouth Accelerator Technology\temp\http_cache\headers\_0000_2 Object is locked skipped
C:\Program Files\BellSouth Accelerator Technology\temp\http_cache\_0000_1 Object is locked skipped
C:\Program Files\BellSouth Accelerator Technology\temp\http_cache\_0000_2 Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Give4Free Plugin\uninstall.exe Infected: not-a-virus:AdWare.Win32.Chiem.c skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP580\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{47E0AE26-0374-4F60-BD32-2CB639C39A6A}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\lnaccess.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.az skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_1dc.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

tetonbob · 11-30-2007, 08:31 PM

Hi, we cross posted.
Create an uninstall list:

Open HiJackThis
Click on the button " Open the Misc Tools section"
Click on the Box that says "Open Uninstall Manager"
Click on the button "Save list"
Copy and past the List from the notepad file into your post

I'll have new instructions for you after that.

SonjaM7312 · 11-30-2007, 08:31 PM

Logfile of HijackThis v1.99.1
Scan saved at 9:29:20 PM, on 11/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BellSouth Accelerator Technology\propelac.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\BellSouth® Internet Services\Dialer\DartDialer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ABC\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\BellSouth Accelerator Technology\prpl_IePopupBlocker.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\BellSouth Accelerator Technology\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\BellSouth Accelerator Technology\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\BellSouth Accelerator Technology\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www1.snapfish.com/SnapfishOutlookImport.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{85653724-D20B-4F9D-A6CA-0E45C2429A42}: NameServer = 205.152.37.23 205.152.132.23
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

tetonbob · 11-30-2007, 08:33 PM

Hi, we cross posted.

In case you didn't see my last post....

Create an uninstall list:

Open HiJackThis
Click on the button " Open the Misc Tools section"
Click on the Box that says "Open Uninstall Manager"
Click on the button "Save list"
Copy and past the List from the notepad file into your post

SonjaM7312 · 11-30-2007, 08:47 PM

Talk about a quick response. HA!!! I've attached the uninstall file. Thanks!

tetonbob · 11-30-2007, 08:49 PM

LOL, I like to work fast when I can.

Give4Free Plugin is listed as Adware.

http://research.sunbelt-software.com...threatid=15141

Have you intentionally installed it?

SonjaM7312 · 11-30-2007, 08:57 PM

I wish I could work that fast. DSL hasn't found it's way out this far yet.=)

No, I don't remember installing that. The only plug-ins I have is printer and card reader. But everytime I hook up the card reader, MusicMatch Jukebox opens. (that's probably a separate issue, huh?)

SonjaM7312 · 11-30-2007, 09:00 PM

Sorry, I should've looked at the link you sent first. I obviously don't know what a plug-in is. No, I didn't install it intentionally.

tetonbob · 11-30-2007, 09:01 PM

OK, I didn't think so....

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Give4Free Plugin

---------------------------------------------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

http://www.techsupportforum.com/security-center/hijackthis-log-help/197500-malware-systemerrorfixer-my-log-pandasoftware.html#post1190587

Folder::
C:\Program Files\Give4Free Plugin

Collect::
C:\WINDOWS\system32\lnaccess.exe

Save this as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file.

---------------------------------------------------------------------------------------------

SonjaM7312 · 11-30-2007, 09:23 PM

I submitted the file.

ComboFix 07-11-19.4C - MENDY 2007-11-30 22:14:44.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.143 [GMT -6:00]
Running from: C:\Documents and Settings\MENDY\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\MENDY\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Give4Free Plugin
C:\Program Files\Give4Free Plugin\~data
C:\Program Files\Give4Free Plugin\data
C:\Program Files\Give4Free Plugin\uninstall.exe
C:\WINDOWS\system32\lnaccess.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-01 to 2007-12-01 )))))))))))))))))))))))))))))))
.

2007-11-30 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-30 14:07 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-30 12:28 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-30 12:27 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-29 06:50 <DIR> d-------- C:\Deckard
2007-11-29 06:22 <DIR> d-------- C:\Program Files\Real
2007-11-28 23:28 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-11-28 14:10 <DIR> d-------- C:\Program Files\ABC
2007-11-25 00:50 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-25 00:50 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-11-25 00:50 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-25 00:50 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-24 19:38 <DIR> d-------- C:\Program Files\directx
2007-11-18 15:12 <DIR> d-------- C:\Program Files\Strategy First
2007-11-06 19:23 <DIR> d-------- C:\WINDOWS\system32\Adobe
2007-11-06 19:23 <DIR> d-------- C:\WINDOWS\Profiles
2007-11-06 19:23 <DIR> d-------- C:\Documents and Settings\MENDY\Application Data\InterTrust

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 23:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-30 23:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-30 22:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-30 18:28 --------- d-----w C:\Program Files\Java
2007-11-26 05:25 --------- d-----w C:\Program Files\QuickTime
2007-11-26 05:17 --------- d-----w C:\Program Files\Norton AntiVirus
2007-11-26 05:13 --------- d-----w C:\Program Files\Lexmark Toolbar
2007-11-26 05:09 --------- d-----w C:\Program Files\Google
2007-11-26 05:09 --------- d-----w C:\Program Files\DellSupport
2007-11-26 05:05 --------- d-----w C:\Program Files\BellSouth Accelerator Technology
2007-11-25 06:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-25 02:54 --------- d-----w C:\Program Files\Dell Games
2007-11-25 02:40 --------- d-----w C:\Program Files\Selectsoft
2007-11-07 01:24 --------- d-----w C:\Program Files\Microsoft Games
2007-11-07 01:23 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-05 15:06 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-11-05 15:06 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-11-05 15:06 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-11-05 15:06 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-05 15:06 --------- d-----w C:\Program Files\Symantec
2007-10-31 19:03 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2007-10-31 01:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-31 01:55 39,856 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-10-31 01:55 37,936 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2007-10-31 01:55 35,120 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-10-31 01:55 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-10-31 01:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-31 01:55 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-10-31 01:55 145,968 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-10-31 01:55 12,848 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-10-31 01:24 12,963 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2007-10-31 01:24 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2007-10-29 04:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-09 16:55 --------- d-----w C:\Program Files\Common Files\Real
2007-10-02 00:03 45,056 ----a-w C:\WINDOWS\system32\HSSICore.dll
2007-10-02 00:03 184,320 ----a-w C:\WINDOWS\system32\OESICore.dll
2007-09-29 17:58 91,648 ----a-w C:\WINDOWS\gzip.exe
2007-06-22 00:25 225,776 -c--a-w C:\Documents and Settings\MENDY\Application Data\GDIPFONTCACHEV1.DAT
2007-05-21 18:27 67,819 -c--a-w C:\Program Files\INSTALL.LOG
2006-01-22 15:50 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2005-12-26 04:04 2,002,069 -c--a-w C:\Program Files\yahoo_texttwist_tm1-1.exe
2005-12-24 23:20 3,411,891 -c--a-w C:\Program Files\yahoo_spsolitaire_tm1-1.exe
1997-01-03 15:25 361,984 -c--a-w C:\Program Files\EyeCand3.dll
1997-01-03 04:59 375,296 -c--a-w C:\Program Files\EC3-ENG.8BF
1997-01-03 01:24 720,690 -c--a-w C:\Program Files\EC3-ENG.PDF
1996-10-24 23:45 59,952 -c--a-w C:\Program Files\UNWISE.EXE
2006-12-14 03:36 56 --sh--r C:\WINDOWS\system32\208BE54AEB.sys
2005-12-24 13:26 56 --sh--r C:\WINDOWS\system32\99C26D7B5C.sys
2006-12-14 04:04 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2007-11-29_15.07.07.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-04-13 07:19:56 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-25 04:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2005-04-13 07:20:04 49,250 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-25 04:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2005-04-13 08:48:54 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-09-25 05:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2005-05-24 18:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 21:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 21:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2007-11-30 21:24:49 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_1dc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 21:08]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-24 06:36]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 10:09]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 10:06]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 10:10]
"SigmatelSysTrayApp"="stsystra.exe" [2005-08-23 23:42 C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 12:46]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 11:37]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 10:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-30 18:56]
"Propel Accelerator"="C:\Program Files\BellSouth Accelerator Technology\trayctl.exe" [2006-06-27 16:12]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 20:22]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Give4Free Uninstall"="C:\DOCUME~1\MENDY\LOCALS~1\Temp\uninstall.exe" [2006-01-29 16:38]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-03-06 23:06]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-07 21:08:41]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\CBTNDIS5.SYS
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 winusb;WinUSB Service;C:\WINDOWS\system32\DRIVERS\WinUSB.SYS
S3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

*Newly Created Service* - LIVEUPDATE_NOTICE_EX
*Newly Created Service* - LIVEUPDATE_NOTICE_SERVICE
.
Contents of the 'Scheduled Tasks' folder
"2007-12-01 02:46:42 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - MENDY.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
"2007-11-29 09:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-30 22:18:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-30 22:19:54
C:\ComboFix2.txt ... 2007-11-29 15:09
.
--- E O F ---

tetonbob · 11-30-2007, 09:27 PM

Hi SonjaM7312 -

What got uploaded was the ComboFix.txt

There should be on your desktop a file called CF-Submit.htm

It may look like either an Internet Explorer, or Firefox icon.

Double click on it, and it should open a browser window.

In that window will be a file path to copy and paste into the submit window.

Alternatively, on your desktop should be a zip file, with a name similar to

[4]-Submit_2007-11-30@22:14.zip

If you can upload it here, that would be great:

http://www.bleepingcomputer.com/subm....php?channel=4

SonjaM7312 · 12-01-2007, 11:58 AM

File uploaded. Sure hope it's the right one.

11-25-2007, 12:12 PM	#1 (permalink)
SonjaM7312 Registered User Join Date: Nov 2007 Location: Tennessee Posts: 25 OS: Windows Vista, Home basic	Malware-systemerrorfixer-my log from PandaSoftware I sure hope I'm doing this correctly. I ran the on-line scan from Panda. This is the report I received after running the scan. I have Norton installed on my laptop, I can't believe it let all of this thru and didn't detect any of it!! Incident Status Location Dialer:Dialer.KPT Not disinfected c:\windows\system32\lnaccess.exe Adware:adware/eshopper Not disinfected c:\windows\system32\eshopcamp.xml Adware:adware/gator Not disinfected c:\windows\GatorFDDLI.log Dialer:dialer.b Not disinfected hkey_current_user\software\egdhtml Adware:adware/sbsoft Not disinfected Windows Registry Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.maxserving.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.advertising.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[servedby.advertising.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.zedo.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.fastclick.net/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.atdmt.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.go.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.overture.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[server.iad.liveperson.net/hc/48956112] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[server.iad.liveperson.net/] Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.as-eu.falkag.net/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.qksrv.net/] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[server.iad.liveperson.net/hc/12021449] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.apmebf.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[server.iad.liveperson.net/hc/32580440] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.perf.overture.com/] Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.did-it.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.com.com/] Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.linksynergy.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.247realmedia.com/] Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[counter.hitslink.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.atwola.com/] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[server.iad.liveperson.net/hc/33069911] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.burstnet.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.ads.addynamix.com/] Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.tradedoubler.com/] Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.valueclick.com/] Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.bravenet.com/] Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\MENDY\Application Data\Mozilla\Firefox\Profiles\ijfcpiqi.default\cookies.txt[.www.myaffiliateprogram.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\MENDY\Cookies\mendy@ad.yieldmanager[1].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\MENDY\Cookies\mendy@adrevolver[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\MENDY\Cookies\mendy@advertising[2].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\MENDY\Cookies\mendy@apmebf[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\MENDY\Cookies\mendy@atdmt[2].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\MENDY\Cookies\mendy@bluestreak[1].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\MENDY\Cookies\mendy@cgi-bin[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\MENDY\Cookies\mendy@doubleclick[1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\MENDY\Cookies\mendy@fastclick[2].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\MENDY\Cookies\mendy@realmedia[1].txt Spyware:Cookie/Smartadserver Not disinfected C:\Documents and Settings\MENDY\Cookies\mendy@smartadserver[1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\MENDY\Cookies\mendy@statcounter[1].txt Spyware:Cookie/Target Not disinfected C:\Documents and Settings\MENDY\Cookies\mendy@target[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\MENDY\Cookies\mendy@tribalfusion[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\MENDY\Local Settings\Temp\Cookies\mendy@advertising[2].txt Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\MENDY\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe Virus:Trj/Downloader.PUT Disinfected C:\Program Files\poolsv\k11u72.exe Potentially unwanted tool:Application/InternetGameBox Not disinfected C:\WINDOWS\Temp\NSIS_Install_igb.exe

11-28-2007, 01:56 PM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,196 OS: 2000 Pro; XP Pro; XP Home	Re: Malware-systemerrorfixer-my log from PandaSoftware Hi SonjaM7312 - The Panda scan is part of the process, but not all of it. Many of those finds are cookies, easily removed, and a constant with internet connected machines. Cookies are nothing to be worried about. They get installed on your computer everytime you visit any webpage. Now some of those are good cookies that get installed for ease of use for next time you visit the same page, but some cookies are spyware used for tracking users surfing habits. Most of those cookies are third party cookies that can be blocked: In Firefox go to Tools > Options > Privacy > Cookies Click Exceptions, identify the site you want to block, and click on Block. In IE go to Tools > Internet Options > Privacy and click on Advanced in the Privacy tab Now put a check next to "Override automatic cookie handling" Set first party cookies to Accept and third party cookies to Block Also put a check to "Always allow session cookies" OK your way out. This won't prevent all bad cookies from being installed, but will reduce the amount. Also there is another program you can use. Spywareblaster Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restricts the actions of potentially unwanted sites in Internet Explorer. You can read more about cookies at the Cookie Concept You can tidy up with this tool: Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. --------------------------------------------------------------------------------------------- Step 5 would have you do this: Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges. Close all applications and windows. Double-click on dss.exe to run it, and follow the prompts. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here. Please attach extra.txt to your post. To attach a file to a new post, simply Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and copy and paste the following into the "Upload File from your Computer" box: C:\Deckard\System Scanner\extra.txt Click Upload. What DSS will do: create a new System Restore point in Windows XP and Vista. clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives. check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed. --------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

11-28-2007, 02:16 PM	#3 (permalink)
SonjaM7312 Registered User Join Date: Nov 2007 Location: Tennessee Posts: 25 OS: Windows Vista, Home basic	Re: Malware-systemerrorfixer-my log from PandaSoftware I set the IE properties as you instructed. I deleted the Mozilla yesterday because it had so many cookies that said spyware also, I never use that browser. I also ran the ATF and it seems to be stuck with a clear screen after I selected and deleted all. When I finish these steps, will the Malware be gone. This systemerrorfixer.com is driving me nuts and it looks just like the Windows security center. I read more on your site and downloaded the hijackthis log and ran the log. I will paste it below. Thank you so much!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:19:39 PM, on 11/28/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\BellSouth Accelerator Technology\propelac.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\BellSouth® Internet Services\Dialer\DartDialer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\MENDY\Local Settings\Temporary Internet Files\Content.IE5\6Z6B85QT\HiJackThis[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=0&o=0&l=dir R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.321search.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by BellSouth® Dial Internet Service R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080 R3 - URLSearchHook: (no name) - <default> - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\BellSouth Accelerator Technology\prpl_IePopupBlocker.dll O2 - BHO: (no name) - {69B2CAAF-7749-4E1B-BE06-4F64222E18B7} - C:\WINDOWS\system32\ssqrp.dll (file missing) O2 - BHO: ADefaultSearch Class - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\BellSouth Accelerator Technology\trayctl.exe" /STARTUPLAUNCH O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\lnaccess.exe /res O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\BellSouth Accelerator Technology\pac-page.html O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\BellSouth Accelerator Technology\pac-image.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.att.net O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www1.snapfish.com/SnapfishOutlookImport.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://us2-scripts.dlv4.com/binaries...1073_em_XP.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{85653724-D20B-4F9D-A6CA-0E45C2429A42}: NameServer = 205.152.37.23 205.152.132.23 O20 - Winlogon Notify: cbxurpo - cbxurpo.dll (file missing) O20 - Winlogon Notify: ssqrp - C:\WINDOWS\system32\ssqrp.dll (file missing) O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 11806 bytes

11-28-2007, 02:18 PM	#4 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,196 OS: 2000 Pro; XP Pro; XP Home	Re: Malware-systemerrorfixer-my log from PandaSoftware What I really want is a set of logs from Deckard's System Scanner, though, as outlined in my last post. It is more comprehensive. Thanks. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

11-29-2007, 08:26 AM	#6 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,196 OS: 2000 Pro; XP Pro; XP Home	Re: Malware-systemerrorfixer-my log from PandaSoftware Thanks for providing the logs. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- Download ComboFix from one of these locations. http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.techsupportforum.com/sect...s/ComboFix.exe --------------------------------------------------------------------------------------------- * IMPORTANT !!! Place combofix.exe on your Desktop Disconnect from the internet. Pull the plug! Disable your AntiVirus application, usually via a right click on the System Tray icon. Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.321search.com R3 - URLSearchHook: (no name) - <default> - (no file) O2 - BHO: (no name) - {69B2CAAF-7749-4E1B-BE06-4F64222E18B7} - C:\WINDOWS\system32\ssqrp.dll (file missing) O2 - BHO: ADefaultSearch Class - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing) O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\lnaccess.exe /res O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://us2-scripts.dlv4.com/binaries...1073_em_XP.cab O20 - Winlogon Notify: cbxurpo - cbxurpo.dll (file missing) O20 - Winlogon Notify: ssqrp - C:\WINDOWS\system32\ssqrp.dll (file missing) Close HijackThis now. --------------------------------------------------------------------------------------------- Go to -> Run -> paste in the following single line command & click OK "%userprofile%\desktop\combofix.exe" /killall Follow the prompts. Type "1" and press Enter to begin the scan. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. --------------------------------------------------------------------------------------------- Ensure your AntiVirus is re-enabled. A reboot should have done this. Re-establish an internet connection. Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. --------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

11-29-2007, 03:49 PM	#8 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,196 OS: 2000 Pro; XP Pro; XP Home	Re: Malware-systemerrorfixer-my log from PandaSoftware That looks much better. Delete this folder: C:\VundoFix Backups Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6 u3 and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u3-windowsi586-p.exe to install the newest version. After the install is complete, go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) On the General tab, under Temporary Internet Files, click the Settings button. Next, click on the Delete Files button There are two options in the window to clear the cache - Leave BOTH Checked Applications and Applets Trace and Log Files Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Temporary Files Window Click OK to leave the Java Control Panel. --------------------------------------------------------------------------------------------- Please run this online scan to help look for remnants. First, Go to Start>Control Panel>Add/Remove Programs and remove Kaspersky online scanner if present prior to downloading the most up-to-date one. Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. --------------------------------------------------------------------------------------------- Also post a new HijackThis log, and tell me how your system is behaving. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

11-30-2007, 08:31 PM	#10 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,196 OS: 2000 Pro; XP Pro; XP Home	Re: Malware-systemerrorfixer-my log from PandaSoftware Hi, we cross posted. Create an uninstall list: Open HiJackThis Click on the button " Open the Misc Tools section" Click on the Box that says "Open Uninstall Manager" Click on the button "Save list" Copy and past the List from the notepad file into your post I'll have new instructions for you after that. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009 Last edited by tetonbob; 11-30-2007 at 08:32 PM.

11-30-2007, 08:31 PM	#11 (permalink)
SonjaM7312 Registered User Join Date: Nov 2007 Location: Tennessee Posts: 25 OS: Windows Vista, Home basic	Re: Malware-systemerrorfixer-my log from PandaSoftware Logfile of HijackThis v1.99.1 Scan saved at 9:29:20 PM, on 11/30/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\BellSouth Accelerator Technology\propelac.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\BellSouth® Internet Services\Dialer\DartDialer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\ABC\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\BellSouth Accelerator Technology\prpl_IePopupBlocker.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\BellSouth Accelerator Technology\trayctl.exe" /STARTUPLAUNCH O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\BellSouth Accelerator Technology\pac-page.html O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\BellSouth Accelerator Technology\pac-image.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.att.net O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www1.snapfish.com/SnapfishOutlookImport.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{85653724-D20B-4F9D-A6CA-0E45C2429A42}: NameServer = 205.152.37.23 205.152.132.23 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

11-30-2007, 08:33 PM	#12 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,196 OS: 2000 Pro; XP Pro; XP Home	Re: Malware-systemerrorfixer-my log from PandaSoftware Hi, we cross posted. In case you didn't see my last post.... Create an uninstall list: Open HiJackThis Click on the button " Open the Misc Tools section" Click on the Box that says "Open Uninstall Manager" Click on the button "Save list" Copy and past the List from the notepad file into your post __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

11-30-2007, 08:49 PM	#14 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,196 OS: 2000 Pro; XP Pro; XP Home	Re: Malware-systemerrorfixer-my log from PandaSoftware LOL, I like to work fast when I can. Give4Free Plugin is listed as Adware. http://research.sunbelt-software.com...threatid=15141 Have you intentionally installed it? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

11-30-2007, 08:57 PM	#15 (permalink)
SonjaM7312 Registered User Join Date: Nov 2007 Location: Tennessee Posts: 25 OS: Windows Vista, Home basic	Re: Malware-systemerrorfixer-my log from PandaSoftware I wish I could work that fast. DSL hasn't found it's way out this far yet.=) No, I don't remember installing that. The only plug-ins I have is printer and card reader. But everytime I hook up the card reader, MusicMatch Jukebox opens. (that's probably a separate issue, huh?)

11-30-2007, 09:00 PM	#16 (permalink)
SonjaM7312 Registered User Join Date: Nov 2007 Location: Tennessee Posts: 25 OS: Windows Vista, Home basic	Re: Malware-systemerrorfixer-my log from PandaSoftware Sorry, I should've looked at the link you sent first. I obviously don't know what a plug-in is. No, I didn't install it intentionally.

11-30-2007, 09:23 PM	#18 (permalink)
SonjaM7312 Registered User Join Date: Nov 2007 Location: Tennessee Posts: 25 OS: Windows Vista, Home basic	Re: Malware-systemerrorfixer-my log from PandaSoftware I submitted the file. ComboFix 07-11-19.4C - MENDY 2007-11-30 22:14:44.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.143 [GMT -6:00] Running from: C:\Documents and Settings\MENDY\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\MENDY\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Give4Free Plugin C:\Program Files\Give4Free Plugin\~data C:\Program Files\Give4Free Plugin\data C:\Program Files\Give4Free Plugin\uninstall.exe C:\WINDOWS\system32\lnaccess.exe . ((((((((((((((((((((((((( Files Created from 2007-11-01 to 2007-12-01 ))))))))))))))))))))))))))))))) . 2007-11-30 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-11-30 14:07 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-11-30 12:28 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-11-30 12:27 <DIR> d-------- C:\Program Files\Common Files\Java 2007-11-29 06:50 <DIR> d-------- C:\Deckard 2007-11-29 06:22 <DIR> d-------- C:\Program Files\Real 2007-11-28 23:28 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe 2007-11-28 14:10 <DIR> d-------- C:\Program Files\ABC 2007-11-25 00:50 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-11-25 00:50 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-11-25 00:50 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-11-25 00:50 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-11-24 19:38 <DIR> d-------- C:\Program Files\directx 2007-11-18 15:12 <DIR> d-------- C:\Program Files\Strategy First 2007-11-06 19:23 <DIR> d-------- C:\WINDOWS\system32\Adobe 2007-11-06 19:23 <DIR> d-------- C:\WINDOWS\Profiles 2007-11-06 19:23 <DIR> d-------- C:\Documents and Settings\MENDY\Application Data\InterTrust . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-30 23:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-11-30 23:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-11-30 22:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2007-11-30 18:28 --------- d-----w C:\Program Files\Java 2007-11-26 05:25 --------- d-----w C:\Program Files\QuickTime 2007-11-26 05:17 --------- d-----w C:\Program Files\Norton AntiVirus 2007-11-26 05:13 --------- d-----w C:\Program Files\Lexmark Toolbar 2007-11-26 05:09 --------- d-----w C:\Program Files\Google 2007-11-26 05:09 --------- d-----w C:\Program Files\DellSupport 2007-11-26 05:05 --------- d-----w C:\Program Files\BellSouth Accelerator Technology 2007-11-25 06:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-11-25 02:54 --------- d-----w C:\Program Files\Dell Games 2007-11-25 02:40 --------- d-----w C:\Program Files\Selectsoft 2007-11-07 01:24 --------- d-----w C:\Program Files\Microsoft Games 2007-11-07 01:23 --------- d-----w C:\Program Files\Common Files\Adobe 2007-11-05 15:06 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-11-05 15:06 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-11-05 15:06 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-11-05 15:06 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-11-05 15:06 --------- d-----w C:\Program Files\Symantec 2007-10-31 19:03 245,408 ----a-w C:\WINDOWS\system32\unicows.dll 2007-10-31 01:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll 2007-10-31 01:55 39,856 ----a-w C:\WINDOWS\system32\drivers\symids.sys 2007-10-31 01:55 37,936 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys 2007-10-31 01:55 35,120 ----a-w C:\WINDOWS\system32\drivers\symndis.sys 2007-10-31 01:55 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys 2007-10-31 01:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll 2007-10-31 01:55 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys 2007-10-31 01:55 145,968 ----a-w C:\WINDOWS\system32\drivers\symfw.sys 2007-10-31 01:55 12,848 ----a-w C:\WINDOWS\system32\drivers\symdns.sys 2007-10-31 01:24 12,963 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat 2007-10-31 01:24 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf 2007-10-29 04:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent 2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-09 16:55 --------- d-----w C:\Program Files\Common Files\Real 2007-10-02 00:03 45,056 ----a-w C:\WINDOWS\system32\HSSICore.dll 2007-10-02 00:03 184,320 ----a-w C:\WINDOWS\system32\OESICore.dll 2007-09-29 17:58 91,648 ----a-w C:\WINDOWS\gzip.exe 2007-06-22 00:25 225,776 -c--a-w C:\Documents and Settings\MENDY\Application Data\GDIPFONTCACHEV1.DAT 2007-05-21 18:27 67,819 -c--a-w C:\Program Files\INSTALL.LOG 2006-01-22 15:50 774,144 -c--a-w C:\Program Files\RngInterstitial.dll 2005-12-26 04:04 2,002,069 -c--a-w C:\Program Files\yahoo_texttwist_tm1-1.exe 2005-12-24 23:20 3,411,891 -c--a-w C:\Program Files\yahoo_spsolitaire_tm1-1.exe 1997-01-03 15:25 361,984 -c--a-w C:\Program Files\EyeCand3.dll 1997-01-03 04:59 375,296 -c--a-w C:\Program Files\EC3-ENG.8BF 1997-01-03 01:24 720,690 -c--a-w C:\Program Files\EC3-ENG.PDF 1996-10-24 23:45 59,952 -c--a-w C:\Program Files\UNWISE.EXE 2006-12-14 03:36 56 --sh--r C:\WINDOWS\system32\208BE54AEB.sys 2005-12-24 13:26 56 --sh--r C:\WINDOWS\system32\99C26D7B5C.sys 2006-12-14 04:04 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2007-11-29_15.07.07.98 ))))))))))))))))))))))))))))))))))))))))) . - 2005-04-13 07:19:56 49,248 ----a-w C:\WINDOWS\system32\java.exe + 2007-09-25 04:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2005-04-13 07:20:04 49,250 ----a-w C:\WINDOWS\system32\javaw.exe + 2007-09-25 04:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe - 2005-04-13 08:48:54 127,078 ----a-w C:\WINDOWS\system32\javaws.exe + 2007-09-25 05:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe + 2005-05-24 18:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll + 2007-08-29 21:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe + 2007-08-29 21:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll + 2007-11-30 21:24:49 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_1dc.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 21:08] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-24 06:36] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 10:09] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 10:06] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 10:10] "SigmatelSysTrayApp"="stsystra.exe" [2005-08-23 23:42 C:\WINDOWS\stsystra.exe] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44] "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 12:46] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 11:37] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 10:41] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-30 18:56] "Propel Accelerator"="C:\Program Files\BellSouth Accelerator Technology\trayctl.exe" [2006-06-27 16:12] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59] "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 20:22] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Give4Free Uninstall"="C:\DOCUME~1\MENDY\LOCALS~1\Temp\uninstall.exe" [2006-01-29 16:38] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-03-06 23:06] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-07 21:08:41] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04] S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\CBTNDIS5.SYS S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe -k p2psvc S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe -k p2psvc S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe -k p2psvc S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe -k p2psvc S3 winusb;WinUSB Service;C:\WINDOWS\system32\DRIVERS\WinUSB.SYS S3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc Newly Created Service - LIVEUPDATE_NOTICE_EX Newly Created Service - LIVEUPDATE_NOTICE_SERVICE . Contents of the 'Scheduled Tasks' folder "2007-12-01 02:46:42 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - MENDY.job" - C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK: "2007-11-29 09:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job" - C:\Program Files\RegistrySmart\RegistrySmart.ex - C:\Program Files\RegistrySmart . ************************************************************************ catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-30 22:18:23 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-11-30 22:19:54 C:\ComboFix2.txt ... 2007-11-29 15:09 . --- E O F --- Last edited by tetonbob; 12-01-2007 at 01:27 PM. Reason: posted CombFix log

11-30-2007, 09:27 PM	#19 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,196 OS: 2000 Pro; XP Pro; XP Home	Re: Malware-systemerrorfixer-my log from PandaSoftware Hi SonjaM7312 - What got uploaded was the ComboFix.txt There should be on your desktop a file called CF-Submit.htm It may look like either an Internet Explorer, or Firefox icon. Double click on it, and it should open a browser window. In that window will be a file path to copy and paste into the submit window. Alternatively, on your desktop should be a zip file, with a name similar to [4]-Submit_2007-11-30@22:14.zip If you can upload it here, that would be great: http://www.bleepingcomputer.com/subm....php?channel=4 __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

12-01-2007, 11:58 AM	#20 (permalink)
SonjaM7312 Registered User Join Date: Nov 2007 Location: Tennessee Posts: 25 OS: Windows Vista, Home basic	Re: Malware-systemerrorfixer-my log from PandaSoftware File uploaded. Sure hope it's the right one.