-
Content Count
11 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by [email protected]
-
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:09:46 PM, on 12/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"
O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [spybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Bejeweled Twist\Images\stg_drm.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194798768671
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Mortimer Beckett and the Time Paradox\Images\armhelper.ocx
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O24 - Desktop Component 0: (no name) - http://www.knitpicks.com/images/structure/...MP3download.gif
--
End of file - 11442 bytes
-
Actually, Ryan, I go to a Dell page with a Google search field that says,
Sorry, we couldn't find http://ad.yieldmanager.com/st%3Fad_type. Here are some related websites:
Does that change anything? I'm being hijacked, but by whom?
Linda
-
Malwarebytes' Anti-Malware 1.30
Database version: 1427
Windows 5.1.2600 Service Pack 3
12/3/2008 1:45:05 PM
mbam-log-2008-12-03 (13-45-05).txt
Scan type: Full Scan (C:\|)
Objects scanned: 252658
Time elapsed: 3 hour(s), 48 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
This is really irritating. If I use the eBay search engine, I get about 4 seconds before the page flips over. If I use Google or one of the others, I get a few minutes, but I always lose the page, sooner or later. It's really cutting into my holiday shopping, not to mention, my eBay sales ...
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:57 PM, on 12/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"
O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [spybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file://C:\Program Files\Mortimer Beckett and the Time Paradox\Images\stg_drm.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194798768671
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Mortimer Beckett and the Time Paradox\Images\armhelper.ocx
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O24 - Desktop Component 0: (no name) - http://www.knitpicks.com/images/structure/...MP3download.gif
--
End of file - 11932 bytes
AND ...
ComboFix 08-12-01.01 - LINDA SONDERMANN 2008-12-01 19:37:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.223 [GMT -5:00]
Running from: c:\documents and settings\LINDA SONDERMANN\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Downloaded Program Files\setup.inf
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\areabomb.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\beetlezap.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonusrow.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonustimer.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bucketfilled.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\clearpyramid.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1a.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1b.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1c.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2a.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2b.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2c.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\colorchain.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\dialogbox.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\drumbeat.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\fillrow.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\gateopen.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\helptip.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\powerup.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\rotateboardleft.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\timerup.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning2.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\artifacts-bb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\bar.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber0.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber1.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\circledoor.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\full_screen_dialog.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_large.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_small.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_large.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_small.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hexfield.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hidden-artifact_icon.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\large_dialog.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\local-hs-bb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\small_dialog.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\textfield.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\trifield.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetletatoo.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\dirt.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpost.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpostovr.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\tritop.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkdown.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkup.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknob.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknobover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderrail.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\anwar\look\pl0001.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\bast\look\bl0001.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\kristine\look\kl0001.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\crackedstopper.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\cursor.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\doorlights.txt
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\jackarmstrong.mvec
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\lithos.mvec
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\greybomb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\arrowkeys.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\helptip.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\levels\levels.dat
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\disk.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\equilateraltriangle.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\flattri.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\pyramid.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\quad.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\rotatingpyramid.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\scarabpanel.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\p1icon.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-0.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-1.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-0-1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-1-1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scorecloud.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\setup.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\areashockwave.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_starter.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_tail.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\flash.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\rubble.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue0\snake_dirty.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\arm01_dirty.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\mask01_1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\statue01_dirty.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\stopper.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\timer.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\timerglow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\timericon.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\tm.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabomb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabombrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\blue.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bluerollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\boardfill.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bricktip.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared5.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared6.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\green.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\greenrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-blue.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-bluerollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-green.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-greenrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-red.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-redrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellowrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\red.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\redrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wild.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wildrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellowrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image0.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image1.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image2.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image3.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\bluebucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\buckettriangle.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\chainlink.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\chaintip.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\genericbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\greenbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\redbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallblue.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallgreen.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallred.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallyellow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\urnglow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\urnplatform.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\yellowbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\warning.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\error.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\game.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\gameover.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscore.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscoreinfo.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscoresubmit.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\instructions.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\leveldesign.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\levelover.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainarcade.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainconfirm.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\maincontinue.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\maingames.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainpuzzle.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\maphelptip.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\options.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\pause.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\quitconfirm.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\start.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\storyplayer.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\style.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\upsell.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\strings.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\TriJinx.exe
c:\windows\IE4 Error Log.txt
.
((((((((((((((((((((((((( Files Created from 2008-11-02 to 2008-12-02 )))))))))))))))))))))))))))))))
.
2008-12-01 16:30 . 2008-12-01 16:30 <DIR> d-------- c:\program files\Bejeweled Twist
2008-11-30 21:58 . 2008-11-30 22:15 <DIR> d----c--- C:\Lop SD
2008-11-30 21:51 . 2008-11-30 21:57 <DIR> d-------- c:\documents and settings\LINDA SONDERMANN\.SunDownloadManager
2008-11-30 14:42 . 2008-11-30 14:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZip
2008-11-30 07:37 . 2008-11-30 07:37 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-30 07:37 . 2008-11-30 07:37 1,409 --a------ c:\windows\QTFont.for
2008-11-29 18:49 . 2008-11-29 18:49 <DIR> d-------- c:\windows\system32\ActiveX
2008-11-29 18:49 . 2008-11-30 16:54 <DIR> d-------- c:\program files\Hawaiian Explorer Pearl Harbor
2008-11-27 20:55 . 2008-11-29 18:47 <DIR> d-------- c:\documents and settings\LINDA SONDERMANN\Application Data\ForgottenRiddles
2008-11-27 20:54 . 2008-11-27 20:54 <DIR> d-------- c:\program files\Forgotten Riddles - The Mayan Princess
2008-11-27 11:51 . 2008-11-27 12:28 <DIR> d-------- c:\program files\Mortimer Beckett and the Time Paradox
2008-11-26 16:53 . 2008-11-26 16:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-26 16:53 . 2008-11-26 16:53 <DIR> d-------- c:\documents and settings\LINDA SONDERMANN\Application Data\Malwarebytes
2008-11-26 16:53 . 2008-11-26 16:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-26 16:53 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-26 16:53 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-24 23:00 . 2008-11-24 23:03 <DIR> d-------- c:\program files\Chowder
2008-11-19 17:36 . 2008-11-19 17:36 <DIR> d-------- c:\documents and settings\LINDA SONDERMANN\Application Data\Gogii Games
2008-11-19 17:36 . 2008-11-19 17:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Gogii Games
2008-11-17 20:47 . 2008-11-17 20:47 <DIR> d-------- c:\documents and settings\LINDA SONDERMANN\Application Data\PlayFirst
2008-11-17 17:19 . 2008-11-17 17:19 <DIR> d-------- c:\program files\Book of Legends
2008-11-17 16:45 . 2008-11-17 16:48 <DIR> d-------- c:\program files\Herod's Lost Tomb
2008-11-14 18:57 . 2008-11-14 18:58 <DIR> d-------- c:\program files\Mystery P.I. - The New York Fortune
2008-11-14 12:19 . 2008-11-14 12:19 <DIR> d-------- c:\documents and settings\LINDA SONDERMANN\Application Data\eBay
2008-11-13 19:14 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-11-13 19:14 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-13 18:48 . 2008-11-13 18:48 <DIR> d-------- c:\program files\Common Files\xing shared
2008-11-13 18:48 . 2008-11-13 18:48 <DIR> d-------- c:\program files\7 Wonders - Treasures of Seven
2008-11-13 18:47 . 2008-11-13 18:47 <DIR> d-------- c:\program files\Mystery Case Files - Madame Fate
2008-11-13 18:47 . 2008-11-13 18:47 <DIR> d-------- c:\program files\Mushroom Age
2008-11-13 18:47 . 2008-11-13 18:47 <DIR> d-------- c:\program files\Microsoft Plus! Photo Story 2 LE
2008-11-13 18:47 . 2008-11-13 18:47 <DIR> d-------- c:\program files\Kidzui
2008-11-13 18:47 . 2008-11-13 18:47 <DIR> d-------- c:\program files\Jewel Quest Mysteries - Curse of the Emerald Tear
2008-11-13 18:47 . 2008-11-13 18:47 <DIR> d-------- c:\program files\Go Go Gourmet - Chef of the Year
2008-11-13 18:47 . 2008-11-13 18:47 <DIR> d-------- c:\program files\Dr. Lynch - Grave Secrets
2008-11-13 18:46 . 2008-11-13 18:46 <DIR> d-------- c:\program files\World Mosaics
2008-11-13 18:46 . 2008-11-13 18:46 <DIR> d-------- c:\program files\Viewpoint
2008-11-13 18:46 . 2008-11-13 18:46 <DIR> d-------- c:\program files\Electronic Arts
2008-11-13 18:46 . 2008-11-13 18:46 <DIR> d-------- c:\documents and settings\LINDA SONDERMANN\Application Data\Viewpoint
2008-11-12 09:40 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 09:39 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 20:05 . 2008-11-11 20:05 <DIR> d-------- c:\program files\GameMill Entertainment
2008-11-11 08:55 . 2008-11-11 08:55 <DIR> d-------- c:\program files\Trend Micro
2008-11-10 08:20 . 2008-11-10 08:20 <DIR> d-------- c:\documents and settings\LINDA SONDERMANN\Application Data\PC Tools
2008-11-10 08:20 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-11-10 08:20 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-11-10 08:20 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-11-10 08:20 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-11-02 19:35 . 2008-11-02 19:38 <DIR> d-------- c:\program files\Snood Towers
2008-11-02 16:10 . 2008-11-02 16:10 <DIR> d-------- c:\program files\THQ
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 00:17 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-01 23:49 --------- d-----w c:\documents and settings\LINDA SONDERMANN\Application Data\WholeSecurity
2008-12-01 23:49 --------- d-----w c:\documents and settings\All Users\Application Data\WholeSecurity
2008-12-01 15:55 --------- d-----w c:\documents and settings\LINDA SONDERMANN\Application Data\AVG7
2008-12-01 12:50 --------- d-----w c:\program files\Spyware Doctor
2008-11-29 00:01 --------- d-----w c:\documents and settings\LINDA SONDERMANN\Application Data\Leadertech
2008-11-27 23:41 --------- d-----w c:\program files\Common Files\Adobe
2008-11-21 00:00 --------- d-----w c:\documents and settings\LINDA SONDERMANN\Application Data\SpinTop Games
2008-11-18 01:47 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2008-11-14 17:19 --------- d-----w c:\documents and settings\All Users\Application Data\eBay
2008-11-13 23:48 --------- d-----w c:\program files\Real
2008-11-13 23:48 --------- d-----w c:\program files\Common Files\Real
2008-11-13 23:46 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-13 23:34 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-06 00:37 --------- d-----w c:\documents and settings\All Users\Application Data\MumboJumbo
2008-10-28 21:34 --------- d-----w c:\program files\Between the Worlds
2008-10-27 22:11 164 -c--a-w C:\install.dat
2008-10-27 02:31 --------- d-----w c:\program files\Hidden Expedition Titanic
2008-10-26 22:18 --------- d-----w c:\program files\Norton Security Scan
2008-10-26 22:18 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-26 15:56 --------- d-----w c:\program files\MSN Messenger
2008-10-24 22:23 --------- d-----w c:\documents and settings\All Users\Application Data\Flood Light Games
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 22:55 --------- d-----w c:\program files\Snoodoku
2008-10-23 20:29 --------- d-----w c:\program files\WOMGames
2008-10-22 19:21 --------- d-----w c:\program files\Lavasoft
2008-10-22 19:21 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-22 19:20 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-22 18:54 --------- d-----w c:\program files\Advanced Registry Optimizer
2008-10-22 18:31 --------- d-----w c:\program files\AskBarDis
2008-10-22 18:31 --------- d-----w c:\documents and settings\LINDA SONDERMANN\Application Data\Sammsoft
2008-10-21 21:02 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-21 19:45 61,224 ----a-w c:\documents and settings\LINDA SONDERMANN\GoToAssistDownloadHelper.exe
2008-10-21 17:46 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-18 00:18 --------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2008-10-17 23:03 --------- d-----w c:\program files\Spyware Doctor(2)
2008-10-14 23:46 --------- d-----w c:\program files\Mystery Case Files - Ravenhearst
2008-10-11 22:16 --------- d-----w c:\program files\Hidden Expedition - Everest
2008-10-11 18:40 --------- d-----w c:\program files\Activision Value
2008-03-08 14:33 0 ----a-w c:\program files\temp01
2007-03-26 12:02 630,784 ----a-w c:\documents and settings\LINDA SONDERMANN\GoToAssist_chat2way__317_en.exe
2006-12-11 00:24 557,056 ----a-w c:\documents and settings\LINDA SONDERMANN\GoToAssist_phone__317_en.exe
2006-06-25 16:24 774,144 ----a-w c:\program files\RngInterstitial.dll
2006-02-27 23:02 251 ----a-w c:\program files\wt3d.ini
2006-02-26 00:48 557,056 ----a-w c:\documents and settings\LINDA SONDERMANN\chatlnk.exe
2006-05-12 13:36 56 --sh--r c:\windows\system32\4BC3057C5F.sys
2006-05-12 13:36 3,558 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"Google Update"="c:\documents and settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-16 133104]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-15 98304]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"Disc Detector"="c:\program files\Creative\ShareDLL\CtNotify.exe" [2001-04-02 191488]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"eBayToolbar"="c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2008-08-06 652528]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 842584]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-08-23 196608]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 270336]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-12 185872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-12-31 219136]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-02-25 113664]
Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\PMremind.exe [2006-11-06 323584]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-12-23 57344]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-09-10 525664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Cartoon Network\\Ben 10 Bounty Hunters\\RT_Multiplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2008-01-11 18864]
S3 PD016BLK;Creative PC-CAM 300 (Still Image);c:\windows\system32\DRIVERS\PD016blk.sys [2006-02-22 28665]
S3 PD016VID;Creative PC-CAM 300 (Video);c:\windows\system32\DRIVERS\PD016vid.sys [2006-02-22 433152]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-06-03 24652]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-12-01 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-16 16:46]
2007-02-05 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2006-11-21 17:09]
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
c:\windows\Downloaded Program Files\CONFLICT.46\stg_drm.ocx - c:\windows\Downloaded Program Files\CONFLICT.47\stg_drm.ocx
O16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9}
file://c:\program files\Mortimer Beckett and the Time Paradox\Images\stg_drm.ocx
c:\windows\Downloaded Program Files\CONFLICT.3\armhelper.ocx - c:\windows\Downloaded Program Files\CONFLICT.4\armhelper.ocx
c:\windows\Downloaded Program Files\CONFLICT.5\armhelper.ocx
c:\windows\Downloaded Program Files\CONFLICT.6\armhelper.ocx
c:\windows\Downloaded Program Files\CONFLICT.7\armhelper.ocx
O16 -: {CC450D71-CC90-424C-8638-1F2DBAC87A54}
file://c:\program files\Mortimer Beckett and the Time Paradox\Images\armhelper.ocx
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 19:44:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = c:\program files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????Disc Detector?B???A???????A?? ????B???@?$?@?? C?????U?@?????????@?B???A???????A?? ????B???@?????P???$?@?P ??????~?B~??????????@?a?????????????????B?????? ???????????????????p????????B
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-12-01 19:47:43
ComboFix-quarantined-files.txt 2008-12-02 00:47:10
Pre-Run: 45,164,515,328 bytes free
Post-Run: 45,674,184,704 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
471 --- E O F --- 2008-11-27 03:40:34
Thanks, again, Ryan!
-
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel® Pentium® M processor 1.70GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A09
USER : LINDA SONDERMANN ( Administrator )
BOOT : Normal boot
Antivirus : AVG 7.5.552 7.5.552 (Activated)
C:\ (Local Disk) - NTFS - Total:88 Go (Free:42 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( Sun 11/30/2008|21:59 )
--------------------\\ Listing folders in APPLIC~1
[02/15/2006|12:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Corel
[02/15/2006|12:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Google
[08/16/2005|05:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[12/31/2007|07:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[02/15/2006|12:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sun
[03/26/2007|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[11/06/2007|05:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[03/21/2006|09:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[11/06/2007|05:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[05/24/2008|06:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Astar Games
[04/19/2008|07:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Avg7
[03/08/2008|09:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BigFishGamesCache
[08/20/2008|01:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BVRP Software
[08/04/2008|05:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> cerasus.media
[03/04/2006|01:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Chasing Dogs Studios
[12/01/2007|01:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Christmasville
[02/27/2008|09:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Dell
[11/14/2008|12:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> eBay
[08/20/2008|03:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> EscapeTheMuseum
[08/27/2008|03:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[10/24/2008|05:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Flood Light Games
[08/16/2008|12:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Fugazo
[04/22/2008|04:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Gogii
[11/19/2008|05:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Gogii Games
[07/20/2007|06:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[12/31/2007|07:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Grisoft
[02/15/2006|12:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek
[02/22/2006|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Hewlett-Packard
[12/30/2007|07:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HiddenSecretsNightmare
[02/15/2006|12:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[05/04/2007|04:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> JollyBear
[10/22/2008|02:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[11/26/2008|04:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[01/09/2008|07:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[11/05/2008|07:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MumboJumbo
[06/13/2007|09:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> n7-89-o9-3r-4t-r9
[02/27/2006|06:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Otto
[10/17/2008|07:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PC Tools
[11/17/2008|08:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PlayFirst
[04/05/2008|09:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PlayPond
[02/03/2008|11:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QB9 S.R.L
[02/15/2006|12:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[03/24/2007|10:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> RoboForm
[09/06/2008|03:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Rosetta Stone
[08/27/2008|05:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> RosettaStoneLtdBackup
[12/25/2006|03:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sandlot Games
[02/25/2006|03:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBT
[05/16/2007|06:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SpinTop
[06/29/2007|10:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SpinTop Games
[10/21/2008|04:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[11/29/2006|06:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SugarGames
[12/23/2007|02:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SupportSoft
[04/01/2007|02:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[11/30/2008|03:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[07/26/2008|03:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TERMINAL Studio
[08/04/2008|03:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TheRace_dev
[03/04/2006|12:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[11/13/2008|06:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[11/30/2008|09:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WholeSecurity
[05/11/2006|07:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[11/30/2008|02:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WinZip
[04/04/2008|01:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WinZipSE
[03/22/2007|11:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion
[02/15/2006|12:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Corel
[02/15/2006|12:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Google
[08/16/2005|05:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[02/26/2006|06:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[02/15/2006|12:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun
[03/21/2006|09:02] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> acccore
[06/04/2008|02:23] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Adobe
[03/24/2006|09:48] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> AdobeAUM
[03/04/2007|03:44] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> AdobeUM
[11/30/2008|08:00] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> AVG7
[01/16/2007|12:53] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Axialis
[08/04/2008|05:33] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> cerasus.media
[04/22/2007|06:22] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> CyberLink
[11/14/2008|12:19] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> eBay
[11/29/2008|06:47] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> ForgottenRiddles
[05/02/2008|10:45] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Friday's games
[02/07/2007|06:43] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> funkitron
[09/17/2006|07:15] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Gaijin Ent
[11/19/2008|05:36] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Gogii Games
[08/03/2006|07:41] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Google
[04/11/2007|09:15] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Gtek
[07/11/2006|10:44] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Help
[08/16/2005|05:50] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Identities
[12/23/2007|03:10] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> InstallShield
[01/09/2008|07:59] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Lavasoft
[11/28/2008|07:01] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Leadertech
[04/18/2007|06:30] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Macromedia
[11/26/2008|04:53] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Malwarebytes
[01/01/2008|11:02] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Microsoft
[02/27/2006|06:02] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Otto
[12/23/2007|03:11] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Panasonic
[11/10/2008|08:20] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> PC Tools
[11/17/2008|08:47] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> PlayFirst
[11/13/2008|06:48] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Real
[10/22/2008|01:31] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Sammsoft
[08/04/2008|07:20] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Snood
[02/22/2006|09:00] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Sonic
[11/07/2007|07:50] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> SpinTop
[11/20/2008|07:00] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> SpinTop Games
[02/15/2006|12:31] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Sun
[03/22/2007|11:06] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Symantec
[12/29/2007|11:19] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> URSE Games
[11/13/2008|06:46] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Viewpoint
[11/30/2008|06:39] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> WholeSecurity
[11/04/2007|12:06] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> WinRAR
[12/31/2007|07:59] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> AVG7
[11/26/2007|08:29] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Google
[11/15/2008|09:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Help
[10/04/2008|01:23] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[10/21/2006|10:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Symantec
[12/31/2007|07:58] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks
[11/30/2008 08:13 PM][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
[02/05/2007 04:08 PM][--ah-----] C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
[11/30/2008 03:13 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/10/2004 06:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing Folders in C:\Program Files
[11/11/2007|09:31] C:\Program Files\<DIR> 3DGroove
[11/13/2008|06:48] C:\Program Files\<DIR> 7 Wonders - Treasures of Seven
[08/20/2008|01:11] C:\Program Files\<DIR> ABBYY FineReader 5.0 Sprint
[08/20/2008|01:11] C:\Program Files\<DIR> ABBYY FineReader 6.0
[10/11/2008|01:40] C:\Program Files\<DIR> Activision Value
[11/27/2008|06:41] C:\Program Files\<DIR> Adobe
[10/22/2008|01:54] C:\Program Files\<DIR> Advanced Registry Optimizer
[04/21/2007|12:24] C:\Program Files\<DIR> Agatha Christie - Death on the Nile
[11/06/2007|05:52] C:\Program Files\<DIR> AIM6
[09/16/2007|03:31] C:\Program Files\<DIR> America Online 9.0
[03/21/2006|08:50] C:\Program Files\<DIR> AOD
[04/24/2006|05:30] C:\Program Files\<DIR> AOL
[02/15/2006|12:42] C:\Program Files\<DIR> AOL Companion
[12/11/2007|05:03] C:\Program Files\<DIR> AOL Games
[09/16/2007|03:31] C:\Program Files\<DIR> Apoint
[10/22/2008|01:31] C:\Program Files\<DIR> AskBarDis
[01/16/2007|12:53] C:\Program Files\<DIR> Axialis
[10/28/2008|04:34] C:\Program Files\<DIR> Between the Worlds
[09/16/2007|03:31] C:\Program Files\<DIR> BFG
[06/10/2008|08:57] C:\Program Files\<DIR> bfgclient
[08/21/2008|07:57] C:\Program Files\<DIR> Boggle
[11/17/2008|05:19] C:\Program Files\<DIR> Book of Legends
[08/29/2007|09:15] C:\Program Files\<DIR> Borland
[02/15/2006|12:35] C:\Program Files\<DIR> Broadcom
[11/06/2006|06:11] C:\Program Files\<DIR> Broderbund
[03/25/2007|09:21] C:\Program Files\<DIR> CA
[08/30/2008|08:54] C:\Program Files\<DIR> Cartoon Network
[11/24/2008|11:03] C:\Program Files\<DIR> Chowder
[11/13/2008|07:52] C:\Program Files\<DIR> Common Files
[08/16/2005|05:38] C:\Program Files\<DIR> ComPlus Applications
[02/15/2006|12:19] C:\Program Files\<DIR> CONEXANT
[03/22/2007|11:02] C:\Program Files\<DIR> Creative
[02/15/2006|12:38] C:\Program Files\<DIR> CyberLink
[02/12/2008|10:28] C:\Program Files\<DIR> Davidson
[02/15/2006|12:48] C:\Program Files\<DIR> Dell
[08/30/2008|11:33] C:\Program Files\<DIR> Dell A920
[08/30/2008|11:36] C:\Program Files\<DIR> Dell AIO Printer A920
[12/23/2007|02:38] C:\Program Files\<DIR> Dell Support Center
[04/11/2007|08:50] C:\Program Files\<DIR> DellSupport
[02/15/2006|12:37] C:\Program Files\<DIR> Digital Line Detect
[10/21/2006|11:47] C:\Program Files\<DIR> directx
[04/19/2007|09:07] C:\Program Files\<DIR> Disney
[01/13/2008|02:48] C:\Program Files\<DIR> Disney Interactive
[11/13/2008|06:47] C:\Program Files\<DIR> Dr. Lynch - Grave Secrets
[09/20/2007|09:40] C:\Program Files\<DIR> eBay
[02/12/2008|10:54] C:\Program Files\<DIR> Edmark
[11/13/2008|06:46] C:\Program Files\<DIR> Electronic Arts
[07/08/2008|06:42] C:\Program Files\<DIR> Elf Bowling - Hawaiian Vacation
[01/02/2008|03:33] C:\Program Files\<DIR> Elf Bowling 7 17 - The Last Insult
[09/16/2007|03:31] C:\Program Files\<DIR> EnglishOtto
[09/17/2008|06:27] C:\Program Files\<DIR> Escape The Museum
[08/20/2008|01:09] C:\Program Files\<DIR> FaxTools
[09/15/2007|10:49] C:\Program Files\<DIR> Fisher-Price®
[11/27/2008|08:54] C:\Program Files\<DIR> Forgotten Riddles - The Mayan Princess
[09/16/2007|03:31] C:\Program Files\<DIR> GameHouse
[11/11/2008|08:05] C:\Program Files\<DIR> GameMill Entertainment
[05/16/2007|06:09] C:\Program Files\<DIR> Games
[05/16/2007|06:08] C:\Program Files\<DIR> GemMaster
[11/30/2006|06:38] C:\Program Files\<DIR> GH-SCRABBLE
[11/13/2008|06:47] C:\Program Files\<DIR> Go Go Gourmet - Chef of the Year
[02/04/2007|04:10] C:\Program Files\<DIR> Google
[02/15/2006|12:51] C:\Program Files\<DIR> GoogleAFE
[04/09/2007|01:11] C:\Program Files\<DIR> Grisoft
[11/30/2008|04:15] C:\Program Files\<DIR> Hawaiian Explorer Pearl Harbor
[11/17/2008|04:48] C:\Program Files\<DIR> Herod's Lost Tomb
[02/22/2006|10:17] C:\Program Files\<DIR> Hewlett-Packard
[10/11/2008|05:16] C:\Program Files\<DIR> Hidden Expedition - Everest
[10/26/2008|09:31] C:\Program Files\<DIR> Hidden Expedition Titanic
[08/19/2007|06:07] C:\Program Files\<DIR> HP
[01/11/2008|01:33] C:\Program Files\<DIR> hp photosmart
[08/30/2008|11:12] C:\Program Files\<DIR> HP PhotoSmart Printers
[09/27/2008|11:26] C:\Program Files\<DIR> Infogrames Interactive
[11/13/2008|06:34] C:\Program Files\<DIR> InstallShield Installation Information
[02/15/2006|12:36] C:\Program Files\<DIR> Intel
[08/31/2008|09:19] C:\Program Files\<DIR> Internet Explorer
[02/25/2006|03:15] C:\Program Files\<DIR> Intuit
[07/17/2008|06:49] C:\Program Files\<DIR> Java
[11/13/2008|06:47] C:\Program Files\<DIR> Jewel Quest Mysteries - Curse of the Emerald Tear
[11/13/2008|06:47] C:\Program Files\<DIR> Kidzui
[03/01/2008|01:09] C:\Program Files\<DIR> Knitting Wizards
[08/29/2007|09:15] C:\Program Files\<DIR> Knitware
[10/22/2008|02:21] C:\Program Files\<DIR> Lavasoft
[02/15/2006|12:42] C:\Program Files\<DIR> Learn2.com
[07/27/2008|06:53] C:\Program Files\<DIR> Mah Jong Medley
[03/24/2008|03:24] C:\Program Files\<DIR> Mahjong Escape - Ancient Japan
[08/05/2008|08:16] C:\Program Files\<DIR> Mahjongg - Ancient Mayas
[11/26/2008|04:53] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[08/31/2008|10:26] C:\Program Files\<DIR> Messenger
[11/01/2007|05:15] C:\Program Files\<DIR> Microsoft ActiveSync
[08/16/2005|05:43] C:\Program Files\<DIR> microsoft frontpage
[09/16/2007|03:32] C:\Program Files\<DIR> Microsoft Image Composer
[02/05/2007|04:06] C:\Program Files\<DIR> Microsoft IntelliPoint
[11/01/2007|05:08] C:\Program Files\<DIR> Microsoft Office
[02/15/2006|12:40] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition
[11/13/2008|06:47] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE
[02/22/2006|11:07] C:\Program Files\<DIR> Microsoft Visual Studio
[09/16/2007|03:32] C:\Program Files\<DIR> Modem Helper
[09/16/2007|03:32] C:\Program Files\<DIR> Monopoly 3
[03/22/2007|11:04] C:\Program Files\<DIR> Monopoly Here & Now Edition
[11/27/2008|12:28] C:\Program Files\<DIR> Mortimer Beckett and the Time Paradox
[08/31/2008|09:19] C:\Program Files\<DIR> Movie Maker
[11/13/2008|06:47] C:\Program Files\<DIR> Mozilla Firefox
[08/07/2007|10:06] C:\Program Files\<DIR> MSECACHE
[08/16/2005|05:37] C:\Program Files\<DIR> MSN
[02/11/2008|05:28] C:\Program Files\<DIR> MSN Games
[08/16/2005|05:37] C:\Program Files\<DIR> MSN Gaming Zone
[10/26/2008|10:56] C:\Program Files\<DIR> MSN Messenger
[11/18/2006|06:57] C:\Program Files\<DIR> MSXML 4.0
[11/13/2008|06:47] C:\Program Files\<DIR> Mushroom Age
[12/06/2007|09:16] C:\Program Files\<DIR> MUSICMATCH
[11/13/2008|06:47] C:\Program Files\<DIR> Mystery Case Files - Madame Fate
[10/14/2008|06:46] C:\Program Files\<DIR> Mystery Case Files - Ravenhearst
[11/14/2008|06:58] C:\Program Files\<DIR> Mystery P.I. - The New York Fortune
[01/29/2007|02:26] C:\Program Files\<DIR> Mysteryville
[01/29/2007|03:21] C:\Program Files\<DIR> Nancy Drew
[05/31/2008|05:37] C:\Program Files\<DIR> NeedlTx
[08/31/2008|09:09] C:\Program Files\<DIR> NetMeeting
[09/16/2007|03:32] C:\Program Files\<DIR> NetWaiting
[02/15/2006|12:39] C:\Program Files\<DIR> NetZeroInstallers
[03/28/2007|08:39] C:\Program Files\<DIR> Norton Internet Security
[03/22/2007|11:07] C:\Program Files\<DIR> Norton Password Manager
[10/26/2008|05:18] C:\Program Files\<DIR> Norton Security Scan
[12/22/2007|06:31] C:\Program Files\<DIR> Nstorm
[06/23/2006|10:08] C:\Program Files\<DIR> OfficeUpdate11
[08/16/2005|05:38] C:\Program Files\<DIR> Online Services
[08/31/2008|09:09] C:\Program Files\<DIR> Outlook Express
[12/23/2007|03:12] C:\Program Files\<DIR> Panasonic
[11/30/2006|06:38] C:\Program Files\<DIR> Pantheon
[07/15/2008|09:17] C:\Program Files\<DIR> PayPal
[03/28/2007|08:13] C:\Program Files\<DIR> PCSecurityShield
[02/22/2006|10:46] C:\Program Files\<DIR> PixAround.com
[10/26/2006|02:04] C:\Program Files\<DIR> PopCap Games
[06/23/2006|10:39] C:\Program Files\<DIR> QuickTime
[11/30/2006|06:38] C:\Program Files\<DIR> Rainbow Mystery
[11/13/2008|06:48] C:\Program Files\<DIR> Real
[08/17/2006|07:50] C:\Program Files\<DIR> ReflexiveArcade
[09/16/2007|03:32] C:\Program Files\<DIR> RGB
[08/27/2008|05:14] C:\Program Files\<DIR> Rosetta Stone
[09/16/2007|03:32] C:\Program Files\<DIR> SCRABBLE
[03/24/2007|10:22] C:\Program Files\<DIR> Siber Systems
[02/15/2006|12:19] C:\Program Files\<DIR> Sigmatel
[08/27/2006|08:20] C:\Program Files\<DIR> Slingo
[02/18/2008|02:38] C:\Program Files\<DIR> Slingo Deluxe
[02/25/2006|03:08] C:\Program Files\<DIR> Snapshot Viewer
[02/07/2008|08:20] C:\Program Files\<DIR> Snood
[09/09/2007|07:39] C:\Program Files\<DIR> Snood 4 Beta
[09/25/2008|06:19] C:\Program Files\<DIR> Snood Deluxe
[01/30/2007|08:21] C:\Program Files\<DIR> Snood Solitaire
[11/02/2008|07:38] C:\Program Files\<DIR> Snood Towers
[10/23/2008|05:55] C:\Program Files\<DIR> Snoodoku
[02/15/2006|12:43] C:\Program Files\<DIR> Sonic
[10/21/2008|12:46] C:\Program Files\<DIR> Spybot - Search & Destroy
[11/28/2008|09:24] C:\Program Files\<DIR> Spyware Doctor
[10/17/2008|06:03] C:\Program Files\<DIR> Spyware Doctor(2)
[11/30/2006|06:38] C:\Program Files\<DIR> Sweetopia
[04/01/2007|02:48] C:\Program Files\<DIR> Symantec
[03/13/2008|03:23] C:\Program Files\<DIR> The Adventure Company
[06/08/2008|02:14] C:\Program Files\<DIR> The Learning Company
[11/02/2008|04:10] C:\Program Files\<DIR> THQ
[03/16/2006|11:23] C:\Program Files\<DIR> TLI
[11/11/2008|08:55] C:\Program Files\<DIR> Trend Micro
[11/18/2007|08:53] C:\Program Files\<DIR> Turtix
[08/16/2005|05:50] C:\Program Files\<DIR> Uninstall Information
[05/17/2008|07:37] C:\Program Files\<DIR> Unity
[11/13/2008|06:46] C:\Program Files\<DIR> Viewpoint
[06/10/2008|08:33] C:\Program Files\<DIR> Virtools
[11/06/2006|06:31] C:\Program Files\<DIR> Web Publish
[02/15/2006|12:45] C:\Program Files\<DIR> WebCyberCoach
[03/26/2007|10:54] C:\Program Files\<DIR> Windows Installer Clean Up
[03/31/2008|02:37] C:\Program Files\<DIR> Windows Media Connect 2
[02/16/2008|02:29] C:\Program Files\<DIR> Windows Media Player
[08/31/2008|09:09] C:\Program Files\<DIR> Windows NT
[08/16/2005|05:37] C:\Program Files\<DIR> Windows Plus
[08/16/2005|05:40] C:\Program Files\<DIR> WindowsUpdate
[11/30/2008|02:44] C:\Program Files\<DIR> WinZip
[04/04/2008|01:46] C:\Program Files\<DIR> WinZip Self-Extractor
[10/23/2008|03:29] C:\Program Files\<DIR> WOMGames
[11/13/2008|06:46] C:\Program Files\<DIR> World Mosaics
[11/18/2007|08:54] C:\Program Files\<DIR> Xango Tango
[08/16/2005|05:43] C:\Program Files\<DIR> xerox
[03/22/2007|11:06] C:\Program Files\<DIR> Yahoo!
--------------------\\ Listing Folders in C:\Program Files\Common Files
[11/27/2008|06:41] C:\Program Files\Common Files\<DIR> Adobe
[11/06/2007|05:51] C:\Program Files\Common Files\<DIR> AOL
[02/15/2006|12:42] C:\Program Files\Common Files\<DIR> aolshare
[11/06/2006|06:09] C:\Program Files\Common Files\<DIR> Broderbund
[02/22/2006|11:07] C:\Program Files\Common Files\<DIR> Designer
[02/22/2006|10:15] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[02/22/2006|10:16] C:\Program Files\Common Files\<DIR> HP
[02/15/2006|12:43] C:\Program Files\Common Files\<DIR> InstallShield
[02/25/2006|03:16] C:\Program Files\Common Files\<DIR> Intuit
[02/15/2006|12:31] C:\Program Files\Common Files\<DIR> Java
[09/15/2007|10:50] C:\Program Files\Common Files\<DIR> Knowledge Adventure
[02/25/2006|03:16] C:\Program Files\Common Files\<DIR> LHSPF
[08/27/2008|03:57] C:\Program Files\Common Files\<DIR> Macrovision Shared
[11/26/2008|10:39] C:\Program Files\Common Files\<DIR> Microsoft Shared
[03/21/2006|06:38] C:\Program Files\Common Files\<DIR> MimarSinan
[08/16/2005|05:40] C:\Program Files\Common Files\<DIR> MSSoap
[02/15/2006|12:42] C:\Program Files\Common Files\<DIR> Nullsoft
[08/16/2005|05:33] C:\Program Files\Common Files\<DIR> ODBC
[02/22/2006|10:46] C:\Program Files\Common Files\<DIR> PixAround.com
[11/13/2008|06:48] C:\Program Files\Common Files\<DIR> Real
[08/16/2005|05:40] C:\Program Files\Common Files\<DIR> Services
[02/15/2006|12:43] C:\Program Files\Common Files\<DIR> Sonic Shared
[08/16/2005|05:33] C:\Program Files\Common Files\<DIR> SpeechEngines
[12/23/2007|02:38] C:\Program Files\Common Files\<DIR> supportsoft
[10/26/2008|05:18] C:\Program Files\Common Files\<DIR> Symantec Shared
[08/31/2008|09:09] C:\Program Files\Common Files\<DIR> System
[02/15/2006|12:40] C:\Program Files\Common Files\<DIR> TiVo Shared
[02/25/2006|03:46] C:\Program Files\Common Files\<DIR> WexTech Shared
[10/22/2008|02:20] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[11/13/2008|06:48] C:\Program Files\Common Files\<DIR> xing shared
--------------------\\ Process
( 72 Processes )
iexplore.exe ~ [PID:564]
--------------------\\ Searching with S_Lop
No Lop folder found !
--------------------\\ Searching for Lop Files - Folders
C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsc85.tmp
C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsd36.tmp
C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nse2E.tmp
C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsh90.tmp
C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsisdt.dll
C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsj7B.tmp
C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsl184.tmp
C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsl378.tmp
C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsm80.tmp
C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsr40.tmp
C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsr76.tmp
C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nss14.tmp
C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nss25.tmp
C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nss47.tmp
C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nst325.tmp
C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nst4C.tmp
C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nst51.tmp
C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsv7C.tmp
C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsv9B.tmp
C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsx19.tmp
C:\DOCUME~1\LINDAS~1\Cookies\linda [email protected][1].txt
C:\DOCUME~1\LINDAS~1\Cookies\linda [email protected][1].txt
C:\DOCUME~1\LINDAS~1\Cookies\linda [email protected][3].txt
--------------------\\ Searching within the Registry
..... OK !
--------------------\\ Checking the Hosts file
Hosts file CLEAN
--------------------\\ Searching for hidden files with Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-30 22:01:51
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Searching for other infections
No other infections found !
[F:1139][D:157]-> C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp
[F:1476][D:0]-> C:\DOCUME~1\LINDAS~1\Cookies
[F:7311][D:37]-> C:\DOCUME~1\LINDAS~1\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - Sun 11/30/2008|22:15 - Option : [1]
--------------------\\ Scan completed at 22:15:09
-
Yup. Still there. This thing is relentless!
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:25 PM, on 11/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"
O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [spybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Mortimer Beckett and the Time Paradox\Images\stg_drm.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194798768671
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Mortimer Beckett and the Time Paradox\Images\armhelper.ocx
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O24 - Desktop Component 0: (no name) - http://www.knitpicks.com/images/structure/...MP3download.gif
--
End of file - 12149 bytes
Thanks, Ryan! Still had ad.yeildmanager taking over my search engines as of this morning. Let's hope this does the trick. Linda
-
As of an hour ago, I still can't use eBay search. Here is the HJT log, and the Uninstall log. Thanks, Ryan!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:50 PM, on 11/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"
O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [spybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Herod's Lost Tomb\Images\stg_drm.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194798768671
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://C:\Program Files\Mystery P.I. - The New York Fortune\Images\armhelper.ocx
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O24 - Desktop Component 0: (no name) - http://www.knitpicks.com/images/structure/...MP3download.gif
--
End of file - 12454 bytes
33 Corners
7 Wonders - Treasures of Seven
ABBYY FineReader 5.0 Sprint
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Photoshop 7.0
Adobe Reader 8.1.2
Adobe Shockwave Player 11
Advanced Registry Optimizer
AIM 6
Alchemy
Alchemy and Bejeweled Pack
ALPS Touch Pad Driver
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Ask Toolbar
AVG 7.5
Axialis IconWorkshop 6.0
Ben 10 Alien Force Bounty Hunters
Between the Worlds
Big Fish Games Client
Boggle
Boggle Supreme
Book of Legends
Bookworm Adventures
Broadcom Management Programs 2
Caterpillar Construction Tycoon
Chowder for Windows version 1.0
Complete Spanish
Conexant D110 MDC V.9x Modem
Consumer Complete Care Services Agreement
Creative PC-CAM 300 Driver
Creative PC-CAM Center
Creative WebCam Monitor
Creative WebCam PhotoEditor
Dell AIO Printer A920
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support Center
Dell Wireless WLAN Card
DellSupport
Digital Content Portal
Digital Line Detect
Disney Pirates of the Caribbean Online
Disney's Ready for Math with Pooh
Disney's Toontown Online
Dr. Lynch - Grave Secrets
eBay Toolbar Featuring Yahoo!
EducateU
Elf Bowling - Hawaiian Vacation
Elf Bowling 7 1/7 - The Last Insult
ELIcon
Escape The Museum
FaxTools
GdiplusUpgrade
Go Go Gourmet - Chef of the Year
Google AFE
Google Toolbar for Internet Explorer
Herod's Lost Tomb
Hidden Expedition Titanic (remove only)
Hidden Mysteries Civil War
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Image Zone 4.0
HP Product Detection
HP Scanjet 4070
HP Software Update
HP Update
Intel® Graphics Media Accelerator Driver for Mobile
Internal Network Card Power Management
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java 6 Update 2
Java 6 Update 3
Java 6 Update 5
Java 6 Update 7
Java SE Runtime Environment 6 Update 1
Jewel Quest Mysteries - Curse of the Emerald Tear
JumpStart 3rd Grade v1.2
Kidzui
Knitware Sweaters 2.50
Learn2 Player (Uninstall Only)
LUMIX Simple Viewer
Mah Jong Medley
Mahjong Escape - Ancient Japan
Mahjongg - Ancient Mayas
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft FrontPage 2000 SR-1
Microsoft Image Composer 1.5
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft Office XP Media Content
Microsoft Office XP Standard
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Web Publishing Wizard 1.52
Mighty Math Calculating Crew (Remove only)
Modem Helper
Mozilla Firefox (2.0.0.11)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Mushroom Age
Musicmatch for Windows Media Player
Mystery Case Files: Madame Fate (remove only)
Mystery P.I. - The New York Fortune
Nancy Drew: Ghost Dogs of Moon Lake
NeedleTrax
NetWaiting
NetZeroInstallers
Oozic Player
OTOY
Otto
PayPal Plug-In
PHOTOfunSTUDIO -viewer-
PhotoSmart Printer Software
PixMaker
PixScreenCE_1.5
PowerDVD 5.5
Print-A-Grid
PrintMaster
QuickBooks Premier: Accountant Edition 2003
QuickSet
QuickTime
RealArcade
RealPlayer
Rescue Heroes Tremor Trouble
Rhapsody Player Engine
Rosetta Stone Version 3
SCRABBLE
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Slingo Deluxe
Slingo Deluxe
Snood 4
Snood 4 Beta version 6.1
Snood Deluxe
Snood for Windows version 3.52-W
Snood Poppers 1.0
Snood Slide 2.0
Snood Solitaire version 1.1
Snood Towers for Windows version 1.02
Snoodoku for Windows Version 1.1W
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spelling Dictionaries Support For Adobe Reader 8
SPOREâ„¢ Creature Creator Trial Edition
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Spyware Doctor 6.0
Stitch Motif Maker Demo
Sweater Wizard V3
Time Force
TONKA Search & Rescue 2
Tri-Peaks Solitaire To Go
Turbo Lister 2
Unity Web Player
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebCyberCoach 3.2 Dell
Wild Stitches v.1 Demo
Windows Genuine Advantage v1.3.0254.0
Windows Installer Clean Up
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinZip
WinZip Self-Extractor
World Mosaics
Yahoo! Toolbar
Zam Beezee
Zodiac Tower
Zoombinis Island Odyssey
Zoombinis Logical Journey
-
Hey, Ryan,
Here is the log file from mbam. Gosh, I sure hope this works!
Malwarebytes' Anti-Malware 1.30
Database version: 1427
Windows 5.1.2600 Service Pack 3
11/26/2008 7:08:44 PM
mbam-log-2008-11-26 (19-08-44).txt
Scan type: Full Scan (C:\|)
Objects scanned: 260311
Time elapsed: 2 hour(s), 9 minute(s), 4 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 58
Memory Processes Infected:
C:\Program Files\Intelinet\intelin2.exe (Rogue.Intelinet) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\intelinetsecure (Rogue.Intelinet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\intelinetsecure (Rogue.Intelinet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\intelinetsecure (Rogue.Intelinet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Intelinet_is1 (Rogue.Intelinet) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Intelinet (Rogue.Intelinet) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SpyClean (Rogue.SpyClean) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\intelinet (Rogue.Intelinet) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Intelinet (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Backup (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Database (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Intelinet (Rogue.Intelinet) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Intelinet\intelin2.exe (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Intelinet.exe (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP908\A0320160.exe (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP908\A0320167.exe (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\BCKManager.dll (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\CheckRegistry.dll (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\hashes.md5 (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\ListLogs.dll (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\ManageRegistry.dll (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\MFC71.dll (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\msvcp71.dll (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\msvcr71.dll (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\SpywareGuard.dll (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Spywarehandler.dll (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\unins000.dat (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\unins000.exe (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Backup\{093A90A7-B13F-4313-A6F5-AE6C90814FEF}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Backup\{237264C1-9B03-479E-98C3-EBFB5B636587}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Backup\{2699C183-858F-45CC-9754-DFCE7365088C}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Backup\{4F30ACE4-B904-4B12-9F65-105EDCD0FA20}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Backup\{57D3E3AA-E29E-46CF-9788-C12D63E67C03}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Backup\{82FE6BCB-CD7C-4A2A-985E-B8E253F9B06D}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Backup\{9816C857-C27B-4FD6-A2BD-CDD8A9A5FDD8}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Backup\{A0479FED-59B7-49B3-B546-6512070066AF}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Backup\{AB25CEBE-D765-49D7-9D88-91A3A0F14AFB}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Backup\{E277414C-FE4F-456F-B7BE-274FA729F7FC}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Database\Immunizer.db (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Database\Spyware.db (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2008_10_29.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2008_10_30.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2008_10_31.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2008_11_01.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2008_11_02.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2008_11_04.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2008_11_05.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2008_11_06.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2008_11_07.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2008_11_08.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2008_11_09.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2008_11_10.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2008_11_11.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2008_11_12.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2008_11_13.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2008_11_14.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2008_11_15.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2008_11_17.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2008_11_18.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2008_11_19.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2008_11_20.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2008_11_21.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2008_11_23.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2008_11_24.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2008_11_25.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Program Files\Intelinet\Logs\2008_11_26.log (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Intelinet\Intelinet.lnk (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Intelinet\Uninstall Intelinet.lnk (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Documents and Settings\LINDA SONDERMANN\Desktop\Intelinet.lnk (Rogue.Intelinet) -> Quarantined and deleted successfully.
C:\Documents and Settings\LINDA SONDERMANN\Application Data\Microsoft\Internet Explorer\Quick Launch\Intelinet.lnk (Rogue.Intelinet) -> Quarantined and deleted successfully.
-
I run Intelinet every day. AVG once in a while. Tried PC TOOLS. Went through the self-help list and deleated as instructed, but the freaking thing is still here. I can't use my eBay search at all. It's making me nuts.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:31 PM, on 11/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exeAd
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\LINDA SONDERMANN\Local Settings\Application
Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intelinet\Intelinet.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Intelinet\intelin2.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} -
C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-
B461-4BC5-8870-4C09146192CA} - C:\Program
Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar6.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-
A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} -
C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} -
C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} -
C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07
\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program
Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"
O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common
Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2
\eBayTBDaemon.exe
O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32
\spool\drivers\w32x86\3\hpztsb04.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support
Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader
8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support
Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920
\dlbkbmgr.exe"
O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [spybotSD TeaTimer] "C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\LINDA
SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [intelinet] C:\Program Files\Intelinet\Intelinet.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe
/RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe
/RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe
/RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe
/RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program
Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital
Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital
Imaging\bin\hpqthb08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10
\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1
\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay
Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-
47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-
f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) -
file://C:\Program Files\Herod's Lost Tomb\Images\stg_drm.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microsoftu...86/client/muweb
_site.cab?1194798768671
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -
https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://C:\Program
Files\Mystery P.I. - The New York Fortune\Images\armhelper.ocx
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program
Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. -
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1
\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1
\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program
Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IntelinetSecure - Unknown owner - C:\Program Files\Intelinet\intelin2.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program
Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program
Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program
Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter)
(sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support
Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner -
C:\WINDOWS\System32\wltrysvc.exe
O24 - Desktop Component 0: (no name) -
http://www.knitpicks.com/images/structure/...MP3download.gif
--
End of file - 12693 bytes
Ad.yeildmanager. Be Gone![RESOLVED]
in Malware Removal
Posted
Ryan ... I think it might be GONE! Dare I say it? You mean to tell me that it was a Google toolbar or a Yahoo tool bar that brought this hideous thing in? I always heard that downloading toolbars was trouble.
At the risk of jumping in too soon, THANK YOU!!!!
(Fingers crossed) I hope this is it! You were magnificent! Patient, quick to respond, and thorough! I will tell everyone I know!
Linda