Jump to content

rhschlegel

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I restarted my computer although I did not have a prompt to do so. The problem appears to be fixed because I no longer have the "System Security" icon on the bottom right bar of the monitor screen that was there previously. Your help is VERY MUCH appreciated as it was a major annoyance to deal with the repetative popup windows.
  2. ComboFix 09-02-12.03 - roy 2009-02-14 18:06:55.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1486 [GMT -5:00] Running from: c:\documents and settings\roy\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\roy\Desktop\CFScript.txt AV: Norton 360 *On-access scanning disabled* (Updated) FW: Norton 360 *disabled* * Created a new restore point FILE :: c:\documents and settings\All Users\Application Data\123478687123.dat . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\123478687123.dat c:\documents and settings\All Users\Application Data\129663247\ c:\documents and settings\All Users\Application Data\129663247\\1949337950.exe c:\documents and settings\All Users\Application Data\129663247\\config.udb c:\documents and settings\All Users\Application Data\129663247\\init.udb c:\documents and settings\All Users\Application Data\129663247\\Langs.udb . ((((((((((((((((((((((((( Files Created from 2009-01-14 to 2009-02-14 ))))))))))))))))))))))))))))))) . 2009-02-14 15:40 . 2009-02-14 15:40 <DIR> d-------- c:\program files\Trend Micro 2009-02-14 15:15 . 2009-02-14 15:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-14 15:15 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-14 15:15 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-14 13:41 . 2009-02-14 13:41 <DIR> d-------- c:\documents and settings\roy\Application Data\Malwarebytes 2009-02-14 13:41 . 2009-02-14 13:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-27 13:10 . 2009-01-27 13:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Graboid Inc 2009-01-27 13:08 . 2009-01-27 13:11 <DIR> d-------- c:\documents and settings\michelle\Application Data\MozillaControl 2009-01-24 22:57 . 2009-01-24 22:57 <DIR> d-------- c:\program files\VideoLAN 2009-01-24 22:57 . 2009-01-29 13:56 <DIR> d-------- c:\program files\Graboid 2009-01-17 16:44 . 2009-01-17 16:45 <DIR> d-------- c:\windows\system32\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-14 21:19 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-02-05 01:28 67,504 ----a-w c:\documents and settings\roy\Application Data\GDIPFONTCACHEV1.DAT 2009-02-01 22:08 848 ----a-w c:\documents and settings\roy\Application Data\wklnhst.dat 2009-01-28 20:40 6,580 --sha-w c:\windows\system32\KGyGaAvL.sys 2009-01-17 02:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll 2009-01-14 10:20 --------- d-----w c:\program files\Google 2009-01-06 00:27 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2009-01-06 00:27 60,808 ----a-w c:\windows\system32\S32EVNT1.DLL 2009-01-06 00:27 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS 2009-01-06 00:27 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2009-01-06 00:27 --------- d-----w c:\program files\Symantec 2008-12-26 17:41 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe 2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-12-19 01:11 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-12-19 01:11 --------- d-----w c:\program files\Java 2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys 2006-11-11 12:43 304 ----a-w c:\documents and settings\michelle\Application Data\wklnhst.dat 2008-08-20 21:20 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082020080821\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded] @="{4433A54A-1AC8-432F-90FC-85F045CF383C}" [HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}] 2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending] @="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}" [HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}] 2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected] @="{476D0EA3-80F9-48B5-B70B-05E677C9C148}" [HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}] 2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-02 98304] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8097:TCP"= 8097:TCP:EarthLink UHP Modem Support "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 149352] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-01 99376] S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888] --- Other Services/Drivers In Memory --- *NewlyCreated* - COMHOST . Contents of the 'Scheduled Tasks' folder 2008-12-31 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [] 2008-03-07 c:\windows\Tasks\Uniblue SpeedUpMyPC.job - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm128YYUS&fl=0&ptb=WdMYRe5KSubFVWe1Y8Q46A&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms} uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Search IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000 Trusted Zone: musicmatch.com\online DPF: {66E79B75-F711-4A88-9C6D-10BCA64F3306} - hxxp://www.drivecam.com/videos/DriveCamEvent.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-14 18:08:27 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1164) c:\windows\System32\BCMLogon.dll . Completion time: 2009-02-14 18:11:21 ComboFix-quarantined-files.txt 2009-02-14 23:10:02 ComboFix2.txt 2009-02-14 21:35:20 Pre-Run: 19,311,718,400 bytes free Post-Run: 19,295,989,760 bytes free 161 --- E O F --- 2009-02-12 09:57:24 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:22:03 PM, on 2/14/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Documents and Settings\All Users\Application Data\129663247\1949337950.exe C:\Program Files\NetWaiting\netWaiting.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061002 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab O16 - DPF: {66E79B75-F711-4A88-9C6D-10BCA64F3306} (DriveCamPlayer Class) - http://www.drivecam.com/videos/DriveCamEvent.dll O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebas...sCamControl.ocx O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...933/mcfscan.cab O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (file missing) O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 10890 bytes
  3. ComboFix 09-02-12.03 - roy 2009-02-14 16:26:17.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1527 [GMT -5:00] Running from: c:\documents and settings\roy\Desktop\ComboFix.exe AV: Norton 360 *On-access scanning disabled* (Updated) FW: Norton 360 *disabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\roy\Desktop\System Security.lnk c:\documents and settings\roy\Start Menu\Programs\System Security c:\documents and settings\roy\Start Menu\Programs\System Security\System Security.lnk c:\program files\Helper c:\windows\IE4 Error Log.txt . ((((((((((((((((((((((((( Files Created from 2009-01-14 to 2009-02-14 ))))))))))))))))))))))))))))))) . 2009-02-14 15:40 . 2009-02-14 15:40 <DIR> d-------- c:\program files\Trend Micro 2009-02-14 15:15 . 2009-02-14 15:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-14 15:15 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-14 15:15 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-14 13:41 . 2009-02-14 13:41 <DIR> d-------- c:\documents and settings\roy\Application Data\Malwarebytes 2009-02-14 13:41 . 2009-02-14 13:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-14 12:40 . 2009-02-14 12:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\129663247 2009-02-14 12:40 . 2009-02-14 12:40 0 --a------ c:\documents and settings\All Users\Application Data\123478687123.dat 2009-01-27 13:10 . 2009-01-27 13:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Graboid Inc 2009-01-27 13:08 . 2009-01-27 13:11 <DIR> d-------- c:\documents and settings\michelle\Application Data\MozillaControl 2009-01-24 22:57 . 2009-01-24 22:57 <DIR> d-------- c:\program files\VideoLAN 2009-01-24 22:57 . 2009-01-29 13:56 <DIR> d-------- c:\program files\Graboid 2009-01-17 16:44 . 2009-01-17 16:45 <DIR> d-------- c:\windows\system32\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-14 21:19 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-02-05 01:28 67,504 ----a-w c:\documents and settings\roy\Application Data\GDIPFONTCACHEV1.DAT 2009-02-01 22:08 848 ----a-w c:\documents and settings\roy\Application Data\wklnhst.dat 2009-01-28 20:40 6,580 --sha-w c:\windows\system32\KGyGaAvL.sys 2009-01-17 02:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll 2009-01-14 10:20 --------- d-----w c:\program files\Google 2009-01-06 00:27 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2009-01-06 00:27 60,808 ----a-w c:\windows\system32\S32EVNT1.DLL 2009-01-06 00:27 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS 2009-01-06 00:27 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2009-01-06 00:27 --------- d-----w c:\program files\Symantec 2008-12-26 17:41 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe 2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-12-19 01:11 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-12-19 01:11 --------- d-----w c:\program files\Java 2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys 2006-11-11 12:43 304 ----a-w c:\documents and settings\michelle\Application Data\wklnhst.dat 2008-08-20 21:20 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082020080821\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded] @="{4433A54A-1AC8-432F-90FC-85F045CF383C}" [HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}] 2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending] @="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}" [HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}] 2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected] @="{476D0EA3-80F9-48B5-B70B-05E677C9C148}" [HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}] 2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-02 98304] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "1949337950"="c:\documents and settings\All Users\Application Data\129663247\1949337950.exe" [2009-02-14 2198554] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8097:TCP"= 8097:TCP:EarthLink UHP Modem Support "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 149352] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-01 99376] S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888] --- Other Services/Drivers In Memory --- *NewlyCreated* - COMHOST . Contents of the 'Scheduled Tasks' folder 2008-12-31 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [] 2008-03-07 c:\windows\Tasks\Uniblue SpeedUpMyPC.job - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm128YYUS&fl=0&ptb=WdMYRe5KSubFVWe1Y8Q46A&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms} uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Search IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000 Trusted Zone: musicmatch.com\online DPF: {66E79B75-F711-4A88-9C6D-10BCA64F3306} - hxxp://www.drivecam.com/videos/DriveCamEvent.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-14 16:29:51 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1164) c:\windows\System32\BCMLogon.dll . Completion time: 2009-02-14 16:35:17 ComboFix-quarantined-files.txt 2009-02-14 21:33:54 Pre-Run: 19,177,562,112 bytes free Post-Run: 19,314,241,536 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 166 --- E O F --- 2009-02-12 09:57:24
  4. I am new to this type of forum. I am trying to rid my computer of "system security" that continues to popup. I have run the Malware and Hijack this. Several items were found and deleted but did not resolve the problem. What sould I do next?
  5. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:41:07 PM, on 2/14/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Documents and Settings\All Users\Application Data\129663247\1949337950.exe C:\Program Files\NetWaiting\netWaiting.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061002 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [1949337950] "C:\Documents and Settings\All Users\Application Data\129663247\1949337950.exe" O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab O16 - DPF: {66E79B75-F711-4A88-9C6D-10BCA64F3306} (DriveCamPlayer Class) - http://www.drivecam.com/videos/DriveCamEvent.dll O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebas...sCamControl.ocx O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...933/mcfscan.cab O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (file missing) O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 10968 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.