medtran51 Posted January 28, 2008 Report Share Posted January 28, 2008 I am not sure what I opened up to start receiving pop ups. I know I did Advance Cleaner, but I was receiving pop ups a while before that. Some of the popups I am getting are coming from Advance Cleaner, Ad2Network, SST, among others. I also noticed that once in a while when a pop up comes up and I close out of it, it cleans off my desktop and I can only open program's through Windows Task Manager. The only way to get my desktop icons back is to reboot my computer. This gets very frustrating. I am sick of this adware junk. It should be outlawed. I have McAfee. I have also noticed that it has been running a little slow. Escpecially getting into websites that I visit frequently. All this is on my laptop.On my regular computer, it has been running slow for sometime and right now is not even hooked up to the internet. It takes forever to boot up and get into programs. It's possible that something was downloaded before I took it off the internet, but I am not sure what. It has been almost a year since it's been online. I am hoping someone can help me with these problems. Thank you.Cheryl Link to post Share on other sites
medtran51 Posted January 28, 2008 Author Report Share Posted January 28, 2008 Forgot to copy over my scan.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:15:48 AM, on 1/28/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\WINDOWS\stsystra.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Common Files\DriveCleaner Free\udcsdr.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\WINDOWS\system32\dlbccoms.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\McAfee\MSK\MskSrver.exeC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\tcpsvcs.exeC:\WINDOWS\System32\snmp.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\system32\taskmgr.exeC:\Documents and Settings\Cheryl E\Local Settings\Temporary Internet Files\Content.IE5\8WAU5IFC\HJTInstall[1].exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=usR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myfamily.com/isapi.dll?c=site&a...in&siteid=*R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=usO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dllO2 - BHO: (no name) - {58A92E23-81B8-47AC-9D38-587A885DEC97} - C:\WINDOWS\system32\awtsq.dllO2 - BHO: {ff09cead-e7fb-f1db-4f14-08b3edc50d46} - {64d05cde-3b80-41f4-bd1f-bf7edaec90ff} - C:\WINDOWS\system32\jebwnrug.dllO2 - BHO: (no name) - {7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dllO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dllO2 - BHO: (no name) - {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} - C:\WINDOWS\system32\xxyyawu.dllO3 - Toolbar: (no name) - {31615D5C-5126-448A-818A-A7CDFEE85A9B} - (no file)O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [sDR6_Check] "C:\Program Files\Common Files\DriveCleaner Free\udcsdr.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkeyO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"O4 - HKLM\..\Run: [2c02873d] rundll32.exe "C:\WINDOWS\system32\tdfjcvih.dll",bO4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"O4 - HKLM\..\Run: [bM2f31b4a1] Rundll32.exe "C:\WINDOWS\system32\ocdhdiln.dll",sO4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exeO4 - Global Startup: Digital Line Detect.lnk = ?O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: http://oft.myfamily.comO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cabO16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://playgames.comcast.net/Gameshell/Gam...ronGameHost.cabO20 - Winlogon Notify: xxyyawu - C:\WINDOWS\SYSTEM32\xxyyawu.dllO23 - Service: McAfee Application Installer Cleanup (0254341201532168) (0254341201532168mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP25434~1.EXEO23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exeO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: dlbc_device - - C:\WINDOWS\system32\dlbccoms.exeO23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\nritipkq.exe (file missing)O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeO23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exeO23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeO23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exeO23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe--End of file - 10251 bytesCheryl Link to post Share on other sites
rmurphy Posted January 28, 2008 Report Share Posted January 28, 2008 Welcome to BestTechie! I'm Ryan, and I'll be helping you clean your computer.lease download Deckard's System Scanner (DSS) and save it to your Desktop.Close all other windows before proceeding. Double-click on dss.exe and follow the prompts.When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.-Ryan Link to post Share on other sites
medtran51 Posted February 1, 2008 Author Report Share Posted February 1, 2008 Welcome to BestTechie! I'm Ryan, and I'll be helping you clean your computer.lease download Deckard's System Scanner (DSS) and save it to your Desktop.Close all other windows before proceeding. Double-click on dss.exe and follow the prompts.When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.-RyanRyan, Here are the two texts you wanted.Main TextDeckard's System Scanner v20071014.68Run by Cheryl E on 2008-02-01 10:29:19Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --80: 2008-02-01 15:29:38 UTC - RP218 - Deckard's System Scanner Restore Point79: 2008-01-30 21:45:10 UTC - RP217 - System Checkpoint78: 2008-01-27 02:07:01 UTC - RP216 - System Checkpoint77: 2008-01-24 19:47:24 UTC - RP215 - Installed Dell Support Center.76: 2008-01-23 22:14:53 UTC - RP214 - System Checkpoint-- First Restore Point -- 1: 2007-12-17 02:54:45 UTC - RP139 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 504 MiB (512 MiB recommended).-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-02-01 10:32:25Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\WLKEEPER.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Intel\Wireless\Bin\1XConfig.exeC:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\AOL\ACS\AOLacsd.exeC:\WINDOWS\system32\dlbccoms.exeC:\Program Files\McAfee\MSC\mcmscsvc.exeC:\Program Files\Common Files\McAfee\MNA\McNASvc.exeC:\Program Files\Common Files\McAfee\McProxy\McProxy.exeC:\Program Files\McAfee\VirusScan\Mcshield.exeC:\Program Files\McAfee\MPF\MpfSrv.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Intel\Wireless\Bin\iFrmewrk.exeC:\Program Files\McAfee\MSK\msksrver.exeC:\WINDOWS\stsystra.exeC:\Program Files\Dell\QuickSet\NicConfigSvc.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\tcpsvcs.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\WINDOWS\system32\snmp.exeC:\Program Files\Common Files\DriveCleaner Free\udcsdr.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exeC:\WINDOWS\system32\fxssvc.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\NetWaiting\netwaiting.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exeC:\Program Files\McAfee\VirusScan\mcsysmon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Cheryl E\Desktop\dss.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=usR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myfamily.com/isapi.dll?c=site&a...in&siteid=*R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=usO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: {947bc265-7be7-8d2b-b674-6a6e7aa08681} - {18680aa7-e6a6-476b-b2d8-7eb7562cb749} - C:\WINDOWS\system32\jvjsbtaa.dllO2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dllO2 - BHO: (no name) - {7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dllO2 - BHO: (no name) - {97EA1386-089F-47CF-8A76-5BB39088C26F} - C:\WINDOWS\system32\awtsq.dllO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dllO2 - BHO: (no name) - {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} - C:\WINDOWS\system32\xxyyawu.dllO3 - Toolbar: (no name) - {31615D5C-5126-448A-818A-A7CDFEE85A9B} - (no file)O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [sDR6_Check] "C:\Program Files\Common Files\DriveCleaner Free\udcsdr.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkeyO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"O4 - HKLM\..\Run: [2c02873d] rundll32.exe "C:\WINDOWS\system32\tknxtkyt.dll",bO4 - HKLM\..\Run: [bM2f31b4a1] Rundll32.exe "C:\WINDOWS\system32\nedhywxp.dll",sO4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exeO4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: https://online.musicmatch.com (HKLM)O15 - Trusted Zone: https://ancestry.com (HKCU)O15 - Trusted Zone: https://myfamily.com (HKCU)O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cabO16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://playgames.comcast.net/Gameshell/Gam...ronGameHost.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cabO18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dllO18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLLO18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLLO18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLLO20 - Winlogon Notify: xxyyawu - C:\WINDOWS\system32\xxyyawu.dllO23 - Service: McAfee Application Installer Cleanup (0088431201878290) (0088431201878290mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP08843~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -serviceO23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exeO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exeO23 - Service: dlbc_device - Unknown owner - C:\WINDOWS\system32\dlbccoms.exeO23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\nritipkq.exe /serviceO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exeO23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exeO23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\msksrver.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exeO23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\DellO23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe--End of file - 11165 bytes-- File Associations -----------------------------------------------------------All associations okay.-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sysS3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------R2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenterR2 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>S2 0088431201878290mcinstcleanup (McAfee Application Installer Cleanup (0088431201878290)) - c:\windows\temp08843~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)S2 DomainService - c:\windows\system32\nritipkq.exe /service (file missing)S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>-- Device Manager: Disabled ----------------------------------------------------Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: Broadcom 440x 10/100 Integrated ControllerDevice ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01C91028&REV_02\4&2FA23535&0&00F0Manufacturer: BroadcomName: Broadcom 440x 10/100 Integrated ControllerPNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01C91028&REV_02\4&2FA23535&0&00F0Service: bcm4sbxp-- Scheduled Tasks -------------------------------------------------------------2008-02-01 01:00:00 358 --a------ C:\WINDOWS\Tasks\McQcTask.job2008-01-25 18:30:00 356 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (LAPPY-Cheryl E).job2007-05-15 00:00:02 356 --a------ C:\WINDOWS\Tasks\McDefragTask.job-- Files created between 2008-01-01 and 2008-02-01 -----------------------------2008-02-01 10:04:43 0 d-------- C:\WINDOWS\LastGood2008-01-31 20:31:32 90688 --a------ C:\WINDOWS\system32\tknxtkyt.dll2008-01-31 20:28:43 94784 --a------ C:\WINDOWS\system32\jvjsbtaa.dll2008-01-31 20:28:32 72256 --a------ C:\WINDOWS\system32\nedhywxp.dll2008-01-30 20:35:52 92736 --a------ C:\WINDOWS\system32\nvrlhtea.dll2008-01-30 20:29:53 68672 --a------ C:\WINDOWS\system32\hadtpgkb.dll2008-01-29 20:29:58 88640 --a------ C:\WINDOWS\system32\yvmofhsr.dll2008-01-29 20:27:39 78912 --a------ C:\WINDOWS\system32\tycwinht.dll2008-01-29 20:27:29 71232 --a------ C:\WINDOWS\system32\kfhkqonl.dll2008-01-28 17:34:40 88640 -----n--- C:\WINDOWS\system32\kcqpcjqg.dll2008-01-28 17:31:38 79936 --a------ C:\WINDOWS\system32\cmwvbjst.dll2008-01-28 17:28:38 71232 --a------ C:\WINDOWS\system32\upvjdprl.dll2008-01-27 17:33:26 89152 --a------ C:\WINDOWS\system32\tdfjcvih.dll2008-01-27 17:27:26 78912 --a------ C:\WINDOWS\system32\jebwnrug.dll2008-01-27 17:24:26 70720 --a------ C:\WINDOWS\system32\ocdhdiln.dll2008-01-26 17:29:12 89152 --a------ C:\WINDOWS\system32\wwemtkkn.dll2008-01-26 17:29:02 68160 --a------ C:\WINDOWS\system32\bxrrqulo.dll2008-01-26 17:26:03 78912 --a------ C:\WINDOWS\system32\lfsiywvq.dll2008-01-25 17:32:52 87104 --a------ C:\WINDOWS\system32\ytslmxmx.dll2008-01-25 17:26:52 70720 --a------ C:\WINDOWS\system32\hajiqjyv.dll2008-01-25 17:23:52 81472 --a------ C:\WINDOWS\system32\vlvpmweb.dll2008-01-24 17:28:15 87616 --a------ C:\WINDOWS\system32\crwghygk.dll2008-01-24 17:28:06 72768 --a------ C:\WINDOWS\system32\rylqwaco.dll2008-01-24 17:25:08 80448 --a------ C:\WINDOWS\system32\hedgdemj.dll2008-01-24 14:51:19 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft2008-01-24 14:49:38 0 d-------- C:\Program Files\Dell Support Center2008-01-24 14:49:32 0 d-------- C:\Program Files\Common Files\supportsoft2008-01-24 14:30:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Dell2008-01-23 17:26:29 87616 --a------ C:\WINDOWS\system32\cwxdqmdm.dll2008-01-23 17:26:19 68672 --a------ C:\WINDOWS\system32\lugqphbc.dll2008-01-23 17:23:23 80960 --a------ C:\WINDOWS\system32\busgbolg.dll2008-01-22 17:30:36 89664 -----n--- C:\WINDOWS\system32\rumcundk.dll2008-01-22 17:27:35 70720 --a------ C:\WINDOWS\system32\rtilygud.dll2008-01-22 17:24:34 77376 --a------ C:\WINDOWS\system32\euyeyeje.dll2008-01-21 16:26:13 88640 --a------ C:\WINDOWS\system32\buwfnlwo.dll2008-01-21 16:23:10 78912 --a------ C:\WINDOWS\system32\edseddni.dll2008-01-21 16:20:10 70208 --a------ C:\WINDOWS\system32\wkxotgrq.dll2008-01-20 16:20:26 85568 --a------ C:\WINDOWS\system32\ykhygjcd.dll2008-01-20 16:17:27 71744 --a------ C:\WINDOWS\system32\odllptdf.dll2008-01-20 16:17:23 79424 --a------ C:\WINDOWS\system32\iipptmqp.dll2008-01-19 14:48:34 69696 --a------ C:\WINDOWS\system32\cblecirm.dll2008-01-19 14:48:28 78400 --a------ C:\WINDOWS\system32\kelxnybn.dll2008-01-18 14:49:32 81984 --a------ C:\WINDOWS\system32\nweyfmej.dll2008-01-18 14:47:01 69696 --a------ C:\WINDOWS\system32\huiargcr.dll2008-01-17 13:21:49 86592 -----n--- C:\WINDOWS\system32\jsdklrhk.dll2008-01-17 13:21:31 70208 --a------ C:\WINDOWS\system32\fjarcncs.dll2008-01-17 13:15:33 77376 --a------ C:\WINDOWS\system32\dbaojmoq.dll2008-01-17 13:07:47 0 d-------- C:\Documents and Settings\All Users\Application Data\PopCap2008-01-16 18:21:54 0 d-------- C:\Program Files\Performanceoptimizer (Free)2008-01-15 10:42:26 0 d-------- C:\WINDOWS\network diagnostic2008-01-14 21:41:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Zylom2008-01-12 17:22:35 0 d-------- C:\Documents and Settings\Cheryl E\Application Data\Pirateville2008-01-03 14:52:07 87104 --a------ C:\WINDOWS\system32\nwerygcr.dll2008-01-03 14:49:30 78400 --a------ C:\WINDOWS\system32\xrlfvwcg.dll2008-01-02 13:19:48 0 --a------ C:\WINDOWS\system32\sdhbvdvc.dll2008-01-02 13:16:47 78400 --a------ C:\WINDOWS\system32\oooglsoe.dll2008-01-01 11:59:48 0 --a------ C:\WINDOWS\system32\dyownbbx.dll2008-01-01 11:56:40 0 -----n--- C:\WINDOWS\system32\epwilern.dll-- Find3M Report ---------------------------------------------------------------2008-02-01 10:31:38 330712 --ahs---- C:\WINDOWS\system32\qstwa.ini22008-02-01 10:04:42 0 d-------- C:\Program Files\McAfee2008-02-01 01:31:07 0 d-------- C:\Program Files\RootsMagic2008-01-31 20:14:46 21540 --a------ C:\Documents and Settings\Cheryl E\Application Data\wklnhst.dat2008-01-28 12:25:58 2519 --a------ C:\WINDOWS\checkip.dat2008-01-26 17:25:44 3558 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys2008-01-26 17:25:37 88 -r-hs---- C:\WINDOWS\system32D2E5E6ECF.sys2008-01-24 14:49:32 0 d-------- C:\Program Files\Common Files2008-01-23 08:09:09 1087 --a------ C:\Documents and Settings\Cheryl E\Application Data\update.log2008-01-22 20:08:03 0 d-------- C:\Program Files\Windows Media Connect 22008-01-19 09:54:20 0 d-------- C:\Documents and Settings\Cheryl E\Application Data\McAfee2008-01-16 22:29:52 0 d-------- C:\Program Files\BFG2008-01-04 17:27:34 0 d-------- C:\Documents and Settings\Cheryl E\Application Data\Adobe2007-12-30 20:07:12 0 --------- C:\WINDOWS\system32\mipaotxf.dll2007-12-30 20:04:09 0 --------- C:\WINDOWS\system32\vvpqrwij.dll2007-12-29 20:06:03 0 --------- C:\WINDOWS\system32\dpfhwtge.dll2007-12-28 20:03:08 0 --------- C:\WINDOWS\system32\tfmsdqyu.dll2007-12-27 20:05:00 0 --------- C:\WINDOWS\system32\qjndhotx.dll2007-12-27 20:02:00 0 --------- C:\WINDOWS\system32\hlsjfilx.dll2007-12-26 20:04:29 80448 --a------ C:\WINDOWS\system32\kprrekwj.dll2007-12-25 20:03:01 0 --------- C:\WINDOWS\system32\dpaicwaf.dll2007-12-24 16:13:24 0 --------- C:\WINDOWS\system32\sjoffkwi.dll2007-12-23 08:22:56 0 --------- C:\WINDOWS\system32\deceriyc.dll2007-12-22 23:25:29 0 d--h----- C:\Program Files\InstallShield Installation Information2007-12-22 23:24:32 0 d-------- C:\Documents and Settings\Cheryl E\Application Data\InstallShield2007-12-22 08:04:46 0 --------- C:\WINDOWS\system32\moisplqx.dll2007-12-19 22:36:24 0 --------- C:\WINDOWS\system32\qohrltaf.dll2007-12-18 19:25:38 0 --------- C:\WINDOWS\system32\hvnxegpq.dll2007-12-16 21:54:27 324608 --a------ C:\WINDOWS\system32\awtsq.dll2007-12-16 21:49:17 40448 --a------ C:\WINDOWS\system32\xxyyawu.dll2007-12-08 19:29:58 278528 --a------ C:\WINDOWS\system32\livesnth.dll <Not Verified; LiveUpdate; LiveSynth>-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18680aa7-e6a6-476b-b2d8-7eb7562cb749}]01/31/2008 08:28 PM 94784 --a------ C:\WINDOWS\system32\jvjsbtaa.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]09/19/2007 05:15 AM 329032 --a------ C:\Program Files\McAfee\MSK\mcapbho.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8}] C:\Program Files\Video ActiveX Access\iesplg.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97EA1386-089F-47CF-8A76-5BB39088C26F}]12/16/2007 09:54 PM 324608 --a------ C:\WINDOWS\system32\awtsq.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856}]12/16/2007 09:49 PM 40448 --a------ C:\WINDOWS\system32\xxyyawu.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 08:49 PM]"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 08:46 PM]"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 08:50 PM]"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/08/2006 06:48 PM]"@"="" []"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/30/2004 02:59 PM]"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 11:30 PM C:\WINDOWS\stsystra.exe]"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [04/06/2006 02:58 PM]"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 04:19 PM]"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 10:44 AM]"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 10:44 AM]"SDR6_Check"="C:\Program Files\Common Files\DriveCleaner Free\udcsdr.exe" [09/27/2006 12:56 PM]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07/30/2006 02:55 AM]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 06:51 PM]"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/04/2007 01:33 AM]"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [09/11/2007 12:43 AM]"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 09:24 AM]"2c02873d"="C:\WINDOWS\system32\tknxtkyt.dll" [01/31/2008 08:31 PM]"BM2f31b4a1"="C:\WINDOWS\system32\nedhywxp.dll" [01/31/2008 08:28 PM][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [09/10/2003 02:24 AM]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 09:23 AM]C:\Documents and Settings\Cheryl E\Start Menu\Programs\Startup\wkcalrem.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [10/7/2005 4:35:12 PM]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [7/30/2006 2:51:37 AM][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]"{FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856}"= C:\WINDOWS\system32\xxyyawu.dll [12/16/2007 09:49 PM 40448][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 09/07/2004 04:08 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyawu] xxyyawu.dll 12/16/2007 09:49 PM 40448 C:\WINDOWS\system32\xxyyawu.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtsq.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]@=""[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@=""-- End of Deckard's System Scanner: finished at 2008-02-01 10:35:11 ------------AND EXTRA Text Link to post Share on other sites
medtran51 Posted February 1, 2008 Author Report Share Posted February 1, 2008 Welcome to BestTechie! I'm Ryan, and I'll be helping you clean your computer.lease download Deckard's System Scanner (DSS) and save it to your Desktop.Close all other windows before proceeding. Double-click on dss.exe and follow the prompts.When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.-RyanRyan, Here is the Extra Text. For some reason I hit enter before I could get this added. Deckard's System Scanner v20071014.68Extra logfile - please post this as an attachment with your post.---------------------------------------------------------------------------------- System Information ----------------------------------------------------------Microsoft Windows XP Home Edition (build 2600) SP 2.0Architecture: X86; Language: EnglishCPU 0: Intel® Pentium® M processor 1.70GHzPercentage of Memory in Use: 77%Physical Memory (total/avail): 503.37 MiB / 115.26 MiBPagefile Memory (total/avail): 1228.8 MiB / 781.55 MiBVirtual Memory (total/avail): 2047.88 MiB / 1926.63 MiBC: is Fixed (NTFS) - 33.52 GiB total, 14.09 GiB free. D: is CDROM (No Media)\\.\PHYSICALDRIVE0 - WDC WD400VE-75HDT1 - 37.26 GiB - 3 partitions \PARTITION0 - Unknown - 47.03 MiB \PARTITION1 (bootable) - Installable File System - 33.52 GiB - C: \PARTITION2 - Unknown - 3.68 GiB-- Security Center -------------------------------------------------------------AUOptions is scheduled to auto-install.Windows Internal Firewall is enabled.AntiVirusDisableNotify is set.FirewallDisableNotify is set.FW: McAfee Personal Firewall v (McAfee)AV: McAfee VirusScan v (McAfee)[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL""C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL""C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL""C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL""C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0""C:\\WINDOWS\\system32\\dlbccoms.exe"="C:\\WINDOWS\\system32\\dlbccoms.exe:*:Enabled:Photo Printer 720 Server""C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent""C:\\WINDOWS\\system32\\nritipkq.exe"="C:\\WINDOWS\\system32\\nri""C:\\Users\\Public\\Phantom EFX\\OnlineCasino\\Bin\\Prelauncher.exe"="C:\\Users\\Public\\Phantom EFX\\OnlineCasino\\Bin\\Prelauncher.exe:*:Enabled:Prelauncher""C:\\Users\\Public\\Phantom EFX\\OnlineCasino\\Launcher\\OLCLauncher.exe"="C:\\Users\\Public\\Phantom EFX\\OnlineCasino\\Launcher\\OLCLauncher.exe:*:Enabled:OLCLauncher"-- Environment Variables -------------------------------------------------------ALLUSERSPROFILE=C:\Documents and Settings\All UsersAPPDATA=C:\Documents and Settings\Cheryl E\Application DataCLIENTNAME=ConsoleCommonProgramFiles=C:\Program Files\Common FilesCOMPUTERNAME=MEDTRANComSpec=C:\WINDOWS\system32\cmd.exeFP_NO_HOST_CHECK=NOHOMEDRIVE=C:HOMEPATH=\Documents and Settings\Cheryl ELOGONSERVER=\\MEDTRANNUMBER_OF_PROCESSORS=1OS=Windows_NTPath=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\WbemPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSHPROCESSOR_ARCHITECTURE=x86PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=0d08ProgramFiles=C:\Program FilesPROMPT=$P$GSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WINDOWSTEMP=C:\DOCUME~1\CHERYL~1\LOCALS~1\TempTMP=C:\DOCUME~1\CHERYL~1\LOCALS~1\TempUSERDOMAIN=MEDTRANUSERNAME=Cheryl EUSERPROFILE=C:\Documents and Settings\Cheryl Ewindir=C:\WINDOWS__COMPAT_LAYER=EnableNXShowUI -- User Profiles ---------------------------------------------------------------Cheryl E (admin)-- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.infAdobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exeAdobe Photoshop Elements 6.0 --> msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.logAmerica Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_us.exeAOL Coach Version 1.0(Build:20040229.1 en) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exeAOL Connectivity Services --> C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /cAOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}Broadcom Management Programs --> MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}Canon Camera Support Core Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91F1A0D6-23AD-49FE-8D4E-379485652214} /l1033 Canon Camera Window DS for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91203BD3-6C3E-472F-ADBD-F60FDC7C4010} Canon Camera Window DVC for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4C96958A-6562-4143-B820-FF4890D3B734} Canon Camera Window for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{C7281207-4AA4-425E-B57A-0E9EF8445635} Canon MovieEdit Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8AF1E098-1A5C-4336-BBE2-D047ABB401ED} Canon PhotoRecord --> MsiExec.exe /X{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}Canon RAW Image Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{45EF4EE3-F591-4B74-A477-0CAE12934CE7} Canon RemoteCapture Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA} Canon Utilities PhotoStitch 3.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA} Canon ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}Charting Companion for Family Tree Maker --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Charting Companion for FTM\Uninst.isu" -c"C:\Program Files\Charting Companion for FTM\Uninst_PDF.dll"Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.infCorel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /sDell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}Dell Game Console --> "C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelDocumentation & Support Launcher --> MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}Dream Day Wedding --> "C:\Program Files\Dream Day Wedding\ReflexiveArcade\unins000.exe"ELIcon --> MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}Family Origins 10.0 Deluxe --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Family Origins\DeIsL1.isu" -c"C:\Program Files\Family Origins\_ISREG32.DLL"Family Tree Maker 2006 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}\setup.exe" -l0x9 Games, Music, & Photos Launcher --> MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}Ghost Town --> C:\Program Files\InstallShield Installation Information\{361CB304-295C-4502-86D3-BBFB014C8E5D}\setup.exe -runfromtemp -l0x0009 -removeonlyHidden Expedition Everest --> "C:\Program Files\Hidden Expedition Everest\ReflexiveArcade\unins000.exe"High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exeHijackThis 2.0.2 --> "C:\Documents and Settings\Cheryl E\Local Settings\Temporary Internet Files\Content.IE5\8WAU5IFC\HijackThis.exe" /uninstallHotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"Intel® Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exeJava 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exeLittle Shop Of Treasures Free Trial --> "C:\Program Files\LittleShopOfTreasures_at\unins000.exe"Magellan RoadMate POI Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7C9A07F-EC37-40C8-B6C2-5BAC806FD668}\Setup.exe" -l0x9 Masque Slots featuring WMS Gaming --> MsiExec.exe /I{CFF7B8DA-6CB6-4E09-B802-EA955B88C51F}Masque Slots II --> C:\PROGRA~1\Masque\UNWISE.EXE C:\PROGRA~1\Masque\INSTALL.LOGMcAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exeMcAfee Uninstaller --> C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htmmCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"Microsoft Digital Image Standard 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM VERSION=11Microsoft Encarta Encyclopedia Standard 2006 --> MsiExec.exe /I{06040048-3E21-46D6-9A91-D927BA08F41D}Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120Microsoft Office Excel Viewer 2003 --> MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}Microsoft Streets & Trips 2006 --> MsiExec.exe /I{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}Microsoft Works Suite 2006 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP D:\Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}mIWCA --> MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelMonopoly Here & Now Edition Free Trial --> "C:\Program Files\MonopolyHereNowEdition_at\unins000.exe"mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}Mystery Case Files Prime Suspects Free Trial --> "C:\Program Files\MysteryCaseFilesPrimeSuspects_at\unins000.exe"mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelPowerDVD 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstallQuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.logRealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0Reel Deal Card Games --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10D8B7C9-FC34-424F-AE73-F5ABC2FAB05E}\setup.exe" -l0x9 -removeonlyReel Deal Slots Nickel Alley --> "c:\Program Files\Phantom\Reel Deal Slots Nickel Alley\unins000.exe"RootsMagic 3.2.5.0 --> "C:\Program Files\RootsMagic\unins000.exe"Search Assist --> MsiExec.exe /X{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"Serif MediaPlus 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C7A5956-FE23-41C7-B0FA-F9877244CA83}\Setup.exe" -l0x9 Serif PhotoPlus 9.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7399656A-A683-41F9-8B81-B49A5138B76C}\Setup.exe" -l0x9 Serif PhotoPlus Association File Formats --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8650CB3-89F1-4AE0-81AC-917423C58DB8}\Setup.exe" -l0x9 Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstallURL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /uWebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exeWindows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"-- Application Event Log -------------------------------------------------------Event Record #/Type5415 / ErrorEvent Submitted/Written: 02/01/2008 10:02:55 AMEvent ID/Source: 1002 / MsiInstallerEvent Description:Unexpected or missing value (name: 'PackageName', value: '') in key 'HKLM\Software\Classes\Installer\Products\B97CF7F995034624490593BE63E82352\SourceList'Event Record #/Type5414 / ErrorEvent Submitted/Written: 02/01/2008 10:01:53 AMEvent ID/Source: 1002 / MsiInstallerEvent Description:Unexpected or missing value (name: 'PackageName', value: '') in key 'HKU\S-1-5-18\Software\Microsoft\Installer\Products\B97CF7F995034624490593BE63E82352\SourceList'Event Record #/Type5411 / WarningEvent Submitted/Written: 02/01/2008 09:56:20 AMEvent ID/Source: 1015 / EvntAgntEvent Description:TraceLevel parameter not located in registry;Default trace level used is 32.Event Record #/Type5410 / WarningEvent Submitted/Written: 02/01/2008 09:56:20 AMEvent ID/Source: 1003 / EvntAgntEvent Description:TraceFileName parameter not located in registry;Default trace file used is .Event Record #/Type5407 / SuccessEvent Submitted/Written: 02/01/2008 09:55:16 AMEvent ID/Source: 2570 / Adobe Active File Monitor 6.0Event Description:Adobe Active File Monitor Service has Started.-- Security Event Log ----------------------------------------------------------No Errors/Warnings found.-- System Event Log ------------------------------------------------------------Event Record #/Type26596 / WarningEvent Submitted/Written: 01/31/2008 08:04:27 PMEvent ID/Source: 8021 / BROWSEREvent Description:The browser was unable to retrieve a list of servers from the browser master \\CHERYL on the network \Device\NetBT_Tcpip_{9EEFE03E-B9E7-4183-A1D5-7411A15787DF}.The data is the error code.Event Record #/Type26579 / WarningEvent Submitted/Written: 01/31/2008 11:24:53 AMEvent ID/Source: 8021 / BROWSEREvent Description:The browser was unable to retrieve a list of servers from the browser master \\CHERYL on the network \Device\NetBT_Tcpip_{9EEFE03E-B9E7-4183-A1D5-7411A15787DF}.The data is the error code.Event Record #/Type26393 / ErrorEvent Submitted/Written: 01/28/2008 03:35:11 PMEvent ID/Source: 7011 / Service Control ManagerEvent Description:Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.Event Record #/Type26392 / WarningEvent Submitted/Written: 01/28/2008 03:34:56 PMEvent ID/Source: 20169 / RemoteAccessEvent Description:Unable to contact a DHCP server. The Automatic Private IP Address 169.254.28.125 will beassigned to dial-in clients. Clients may be unable to access resources onthe network.Event Record #/Type26375 / WarningEvent Submitted/Written: 01/28/2008 03:33:02 PMEvent ID/Source: 1007 / DhcpEvent Description:Your computer has automatically configured the IP address for the NetworkCard with network address 00166F854438. The IP address being used is 169.254.160.120.-- End of Deckard's System Scanner: finished at 2008-02-01 10:35:11 ------------ Link to post Share on other sites
rmurphy Posted February 1, 2008 Report Share Posted February 1, 2008 Please download ComboFix from Here1. Please open Notepad Click Start , then RunType notepad .exe in the Run Box.2. Now copy/paste the entire content of the codebox below into the Notepad window:File::C:\WINDOWS\system32\tknxtkyt.dllC:\WINDOWS\system32\jvjsbtaa.dllC:\WINDOWS\system32\nedhywxp.dllC:\WINDOWS\system32\nvrlhtea.dllC:\WINDOWS\system32\hadtpgkb.dllC:\WINDOWS\system32\yvmofhsr.dllC:\WINDOWS\system32\tycwinht.dllC:\WINDOWS\system32\kfhkqonl.dllC:\WINDOWS\system32\kcqpcjqg.dllC:\WINDOWS\system32\cmwvbjst.dllC:\WINDOWS\system32\upvjdprl.dllC:\WINDOWS\system32\tdfjcvih.dllC:\WINDOWS\system32\jebwnrug.dllC:\WINDOWS\system32\ocdhdiln.dllC:\WINDOWS\system32\wwemtkkn.dllC:\WINDOWS\system32\bxrrqulo.dllC:\WINDOWS\system32\lfsiywvq.dllC:\WINDOWS\system32\ytslmxmx.dllC:\WINDOWS\system32\hajiqjyv.dllC:\WINDOWS\system32\vlvpmweb.dllC:\WINDOWS\system32\crwghygk.dllC:\WINDOWS\system32\rylqwaco.dllC:\WINDOWS\system32\hedgdemj.dllC:\WINDOWS\system32\cwxdqmdm.dllC:\WINDOWS\system32\lugqphbc.dllC:\WINDOWS\system32\busgbolg.dllC:\WINDOWS\system32\rumcundk.dllC:\WINDOWS\system32\rtilygud.dllC:\WINDOWS\system32\euyeyeje.dllC:\WINDOWS\system32\buwfnlwo.dllC:\WINDOWS\system32\edseddni.dllC:\WINDOWS\system32\wkxotgrq.dllC:\WINDOWS\system32\ykhygjcd.dllC:\WINDOWS\system32\odllptdf.dllC:\WINDOWS\system32\iipptmqp.dllC:\WINDOWS\system32\cblecirm.dllC:\WINDOWS\system32\kelxnybn.dllC:\WINDOWS\system32\nweyfmej.dllC:\WINDOWS\system32\huiargcr.dllC:\WINDOWS\system32\jsdklrhk.dllC:\WINDOWS\system32\fjarcncs.dllC:\WINDOWS\system32\dbaojmoq.dllC:\WINDOWS\system32\nwerygcr.dllC:\WINDOWS\system32\xrlfvwcg.dllC:\WINDOWS\system32\sdhbvdvc.dllC:\WINDOWS\system32\oooglsoe.dllC:\WINDOWS\system32\dyownbbx.dllC:\WINDOWS\system32\epwilern.dllC:\WINDOWS\system32\qstwa.ini2C:\WINDOWS\system32\mipaotxf.dllC:\WINDOWS\system32\vvpqrwij.dllC:\WINDOWS\system32\dpfhwtge.dllC:\WINDOWS\system32\tfmsdqyu.dllC:\WINDOWS\system32\qjndhotx.dllC:\WINDOWS\system32\hlsjfilx.dllC:\WINDOWS\system32\kprrekwj.dllC:\WINDOWS\system32\dpaicwaf.dllC:\WINDOWS\system32\sjoffkwi.dllC:\WINDOWS\system32\deceriyc.dllC:\WINDOWS\system32\moisplqx.dllC:\WINDOWS\system32\qohrltaf.dllC:\WINDOWS\system32\hvnxegpq.dllC:\WINDOWS\system32\awtsq.dllC:\WINDOWS\system32\xxyyawu.dllC:\WINDOWS\system32\jvjsbtaa.dllC:\WINDOWS\system32\awtsq.dllC:\WINDOWS\system32\xxyyawu.dllFolder::C:\Program Files\Video ActiveX Access\Registry::[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18680aa7-e6a6-476b-b2d8-7eb7562cb749}][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyawu][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97EA1386-089F-47CF-8A76-5BB39088C26F}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"2c02873d"=-"BM2f31b4a1"=-3. Save the above as CFScript.txt4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:Combofix.txt A new HijackThis log.-Ryan Link to post Share on other sites
medtran51 Posted February 1, 2008 Author Report Share Posted February 1, 2008 Please download ComboFix from Here1. Please open Notepad Click Start , then RunType notepad .exe in the Run Box.2. Now copy/paste the entire content of the codebox below into the Notepad window:File::C:\WINDOWS\system32\tknxtkyt.dllC:\WINDOWS\system32\jvjsbtaa.dllC:\WINDOWS\system32\nedhywxp.dllC:\WINDOWS\system32\nvrlhtea.dllC:\WINDOWS\system32\hadtpgkb.dllC:\WINDOWS\system32\yvmofhsr.dllC:\WINDOWS\system32\tycwinht.dllC:\WINDOWS\system32\kfhkqonl.dllC:\WINDOWS\system32\kcqpcjqg.dllC:\WINDOWS\system32\cmwvbjst.dllC:\WINDOWS\system32\upvjdprl.dllC:\WINDOWS\system32\tdfjcvih.dllC:\WINDOWS\system32\jebwnrug.dllC:\WINDOWS\system32\ocdhdiln.dllC:\WINDOWS\system32\wwemtkkn.dllC:\WINDOWS\system32\bxrrqulo.dllC:\WINDOWS\system32\lfsiywvq.dllC:\WINDOWS\system32\ytslmxmx.dllC:\WINDOWS\system32\hajiqjyv.dllC:\WINDOWS\system32\vlvpmweb.dllC:\WINDOWS\system32\crwghygk.dllC:\WINDOWS\system32\rylqwaco.dllC:\WINDOWS\system32\hedgdemj.dllC:\WINDOWS\system32\cwxdqmdm.dllC:\WINDOWS\system32\lugqphbc.dllC:\WINDOWS\system32\busgbolg.dllC:\WINDOWS\system32\rumcundk.dllC:\WINDOWS\system32\rtilygud.dllC:\WINDOWS\system32\euyeyeje.dllC:\WINDOWS\system32\buwfnlwo.dllC:\WINDOWS\system32\edseddni.dllC:\WINDOWS\system32\wkxotgrq.dllC:\WINDOWS\system32\ykhygjcd.dllC:\WINDOWS\system32\odllptdf.dllC:\WINDOWS\system32\iipptmqp.dllC:\WINDOWS\system32\cblecirm.dllC:\WINDOWS\system32\kelxnybn.dllC:\WINDOWS\system32\nweyfmej.dllC:\WINDOWS\system32\huiargcr.dllC:\WINDOWS\system32\jsdklrhk.dllC:\WINDOWS\system32\fjarcncs.dllC:\WINDOWS\system32\dbaojmoq.dllC:\WINDOWS\system32\nwerygcr.dllC:\WINDOWS\system32\xrlfvwcg.dllC:\WINDOWS\system32\sdhbvdvc.dllC:\WINDOWS\system32\oooglsoe.dllC:\WINDOWS\system32\dyownbbx.dllC:\WINDOWS\system32\epwilern.dllC:\WINDOWS\system32\qstwa.ini2C:\WINDOWS\system32\mipaotxf.dllC:\WINDOWS\system32\vvpqrwij.dllC:\WINDOWS\system32\dpfhwtge.dllC:\WINDOWS\system32\tfmsdqyu.dllC:\WINDOWS\system32\qjndhotx.dllC:\WINDOWS\system32\hlsjfilx.dllC:\WINDOWS\system32\kprrekwj.dllC:\WINDOWS\system32\dpaicwaf.dllC:\WINDOWS\system32\sjoffkwi.dllC:\WINDOWS\system32\deceriyc.dllC:\WINDOWS\system32\moisplqx.dllC:\WINDOWS\system32\qohrltaf.dllC:\WINDOWS\system32\hvnxegpq.dllC:\WINDOWS\system32\awtsq.dllC:\WINDOWS\system32\xxyyawu.dllC:\WINDOWS\system32\jvjsbtaa.dllC:\WINDOWS\system32\awtsq.dllC:\WINDOWS\system32\xxyyawu.dllFolder::C:\Program Files\Video ActiveX Access\Registry::[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18680aa7-e6a6-476b-b2d8-7eb7562cb749}][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyawu][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97EA1386-089F-47CF-8A76-5BB39088C26F}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"2c02873d"=-"BM2f31b4a1"=-3. Save the above as CFScript.txt4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:Combofix.txt A new HijackThis log.-RyanRyan, Here is the combofix textComboFix 08-02.01.6 - Cheryl E 2008-02-01 16:32:37.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.125 [GMT -5:00]Running from: C:\Documents and Settings\Cheryl E\Local Settings\Temporary Internet Files\Content.IE5\59JQCWPV\ComboFix[1].exe * Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\system32\awtsq.dllC:\WINDOWS\system32\xxyyawu.dllC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.datC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.datC:\Documents and Settings\All Users\Application Data\SystemDoctor FreeC:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\AbbrC:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCodeC:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\HOURSC:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ProductCodeC:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\AbbrC:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ActivationCodeC:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ProductCodeC:\Documents and Settings\Cheryl E\Application Data\DriveCleaner FreeC:\Documents and Settings\Cheryl E\Application Data\DriveCleaner Free\Logs\update.logC:\Documents and Settings\Cheryl E\Application Data\WinAntiVirus Pro 2007C:\Documents and Settings\Cheryl E\Application Data\WinAntiVirus Pro 2007\avtasks.datC:\Documents and Settings\Cheryl E\Application Data\WinAntiVirus Pro 2007\CookieList.datC:\Documents and Settings\Cheryl E\Application Data\WinAntiVirus Pro 2007\history.dbC:\Documents and Settings\Cheryl E\Application Data\WinAntiVirus Pro 2007\Logs\update.logC:\Documents and Settings\Cheryl E\Application Data\WinAntiVirus Pro 2007\Logs\wa7Support.logC:\Documents and Settings\Cheryl E\Application Data\WinAntiVirus Pro 2007\Logs\winav.logC:\Documents and Settings\Cheryl E\Application Data\WinAntiVirus Pro 2007\PGE.datC:\Documents and Settings\Cheryl E\err.logC:\Documents and Settings\Cheryl E\ResErrors.logC:\Program Files\Common Files\companion wizardC:\Program Files\Common Files\Companion Wizard\compwiz.exeC:\Program Files\Common Files\Companion Wizard\WapCHK.dllC:\Program Files\Common Files\drivecleaner freeC:\Program Files\Common Files\drivecleaner free\laststat.datC:\Program Files\Common Files\drivecleaner free\udcsdr.exeC:\Program Files\Common Files\SystemDoctorC:\Program Files\Common Files\SystemDoctor\err.logC:\Program Files\Common Files\winantivirus pro 2007C:\Program Files\Common Files\WinAntiVirus Pro 2007\err.logC:\Program Files\Common Files\WinAntiVirus Pro 2007\mfc71.dllC:\Program Files\Common Files\WinAntiVirus Pro 2007\msvcp71.dllC:\Program Files\Common Files\winantivirus pro 2007\msvcr71.dllC:\Program Files\Common Files\WinAntiVirus Pro 2007\up.datC:\Program Files\video activex accessC:\UWA7PC:\WINDOWS\cookies.iniC:\WINDOWS\system32\awtsq.dllC:\WINDOWS\system32\bkgsfrgf.iniC:\WINDOWS\system32\busgbolg.dllC:\WINDOWS\system32\buwfnlwo.dllC:\WINDOWS\system32\bxrrqulo.dllC:\WINDOWS\system32\cavxdwwo.iniC:\WINDOWS\system32\cblecirm.dllC:\WINDOWS\system32\clngiulc.iniC:\WINDOWS\system32\cmwvbjst.dllC:\WINDOWS\system32\crwghygk.dllC:\WINDOWS\system32\cudwicdl.iniC:\WINDOWS\system32\cvdvbhds.iniC:\WINDOWS\system32\cwxdqmdm.dllC:\WINDOWS\system32\dbaojmoq.dllC:\WINDOWS\system32\dcjgyhky.iniC:\WINDOWS\system32\edseddni.dllC:\WINDOWS\system32\euyeyeje.dllC:\WINDOWS\system32\fatlrhoq.iniC:\WINDOWS\system32\fjarcncs.dllC:\WINDOWS\system32\gqjcpqck.iniC:\WINDOWS\system32\hadtpgkb.dllC:\WINDOWS\system32\hajiqjyv.dllC:\WINDOWS\system32\hdkcsvcy.iniC:\WINDOWS\system32\hedgdemj.dllC:\WINDOWS\system32\hivcjfdt.iniC:\WINDOWS\system32\huiargcr.dllC:\WINDOWS\system32\iipptmqp.dllC:\WINDOWS\system32\ineWc01C:\WINDOWS\system32\irgdkjnr.iniC:\WINDOWS\system32\jebwnrug.dllC:\WINDOWS\system32\jiwrqpvv.iniC:\WINDOWS\system32\jsdklrhk.dllC:\WINDOWS\system32\jvjsbtaa.dllC:\WINDOWS\system32\kcqpcjqg.dllC:\WINDOWS\system32\kdnucmur.iniC:\WINDOWS\system32\kelxnybn.dllC:\WINDOWS\system32\kfhkqonl.dllC:\WINDOWS\system32\kgyhgwrc.iniC:\WINDOWS\system32\khrlkdsj.iniC:\WINDOWS\system32\kprrekwj.dllC:\WINDOWS\system32\lfsiywvq.dllC:\WINDOWS\system32\lugqphbc.dllC:\WINDOWS\system32\mdmqdxwc.iniC:\WINDOWS\system32\miyromfh.iniC:\WINDOWS\system32\nedhywxp.dllC:\WINDOWS\system32\nkktmeww.iniC:\WINDOWS\system32\nreliwpe.iniC:\WINDOWS\system32\nvrlhtea.dllC:\WINDOWS\system32\nwerygcr.dllC:\WINDOWS\system32\nweyfmej.dllC:\WINDOWS\system32\ocdhdiln.dllC:\WINDOWS\system32\odllptdf.dllC:\WINDOWS\system32\oooglsoe.dllC:\WINDOWS\system32\ottcutae.iniC:\WINDOWS\system32\owlnfwub.iniC:\WINDOWS\system32\pac.txtC:\WINDOWS\system32\qpgexnvh.iniC:\WINDOWS\system32\qstwa.iniC:\WINDOWS\system32\qstwa.ini2C:\WINDOWS\system32\rcgyrewn.iniC:\WINDOWS\system32\rshfomvy.iniC:\WINDOWS\system32\rtilygud.dllC:\WINDOWS\system32\rumcundk.dllC:\WINDOWS\system32\rylqwaco.dllC:\WINDOWS\system32\stera.logC:\WINDOWS\system32\tdfjcvih.dllC:\WINDOWS\system32\tknxtkyt.dllC:\WINDOWS\system32\tycwinht.dllC:\WINDOWS\system32\tyktxnkt.iniC:\WINDOWS\system32\upvjdprl.dllC:\WINDOWS\system32\vlvpmweb.dllC:\WINDOWS\system32\vomgrrnw.iniC:\WINDOWS\system32\wkxotgrq.dllC:\WINDOWS\system32\wwemtkkn.dllC:\WINDOWS\system32\xlifjslh.iniC:\WINDOWS\system32\xmxmlsty.iniC:\WINDOWS\system32\xqlpsiom.iniC:\WINDOWS\system32\xrlfvwcg.dllC:\WINDOWS\system32\xxyyawu.dllC:\WINDOWS\system32\ykhygjcd.dllC:\WINDOWS\system32\ytslmxmx.dllC:\WINDOWS\system32\yvmofhsr.dll----- BITS: Possible infected sites -----hxxp://www.dellsupportcenter.com.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\LEGACY_DOMAINSERVICE-------\LEGACY_FOPN-------\DomainService-------\nm((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 ))))))))))))))))))))))))))))))).2008-01-24 14:51 . 2008-01-24 14:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft2008-01-24 14:49 . 2008-01-24 14:50 <DIR> d-------- C:\Program Files\Dell Support Center2008-01-24 14:49 . 2008-01-24 14:49 <DIR> d-------- C:\Program Files\Common Files\supportsoft2008-01-24 14:30 . 2008-01-24 14:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell2008-01-17 13:21 . 2008-02-01 16:33 21 --a------ C:\WINDOWS\pskt.ini2008-01-17 13:07 . 2008-01-17 13:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PopCap2008-01-16 18:21 . 2008-01-17 13:07 <DIR> d-------- C:\Program Files\Performanceoptimizer (Free)2008-01-14 21:41 . 2008-01-14 21:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zylom2008-01-12 17:22 . 2008-01-12 17:23 <DIR> d-------- C:\Documents and Settings\Cheryl E\Application Data\Pirateville2008-01-10 15:01 . 2008-02-01 15:45 16,511 --a------ C:\WINDOWS\BM2f31b4a1.xml.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-02-01 19:09 --------- d-----w C:\Program Files\RootsMagic2008-02-01 16:30 21,540 ----a-w C:\Documents and Settings\Cheryl E\Application Data\wklnhst.dat2008-02-01 15:04 --------- d-----w C:\Program Files\McAfee2008-01-23 01:08 --------- d-----w C:\Program Files\Windows Media Connect 22008-01-19 14:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee2008-01-19 14:54 --------- d-----w C:\Documents and Settings\Cheryl E\Application Data\McAfee2008-01-17 03:29 --------- d-----w C:\Program Files\BFG2008-01-02 22:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\JollyBear2007-12-23 06:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP2007-12-23 04:25 --------- d--h--w C:\Program Files\InstallShield Installation Information2007-12-23 04:24 --------- d-----w C:\Documents and Settings\Cheryl E\Application Data\InstallShield2007-08-07 18:15 774,144 ----a-w C:\Program Files\RngInterstitial.dll2007-06-23 20:40 57,432 ----a-w C:\Documents and Settings\Cheryl E\Application Data\GDIPFONTCACHEV1.DAT.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8}] C:\Program Files\Video ActiveX Access\iesplg.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 02:24 20480]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 20:49 94208]"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 20:46 77824]"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 20:50 114688]"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 18:48 761947]"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 23:30 282624 C:\WINDOWS\stsystra.exe]"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 14:58 1032192]"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-30 02:55 98304]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 01:33 582992]"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 00:43 67488]"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]C:\Documents and Settings\Cheryl E\Start Menu\Programs\Startup\wkcalrem.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2005-10-07 16:35:12 21504]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-30 02:51:37 24576][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dllR2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 00:45]R2 dlbc_device;dlbc_device;C:\WINDOWS\system32\dlbccoms.exe [2007-02-07 15:26]R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []S2 0088431201878290mcinstcleanup;McAfee Application Installer Cleanup (0088431201878290);C:\WINDOWS\TEMP\008843~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog [].Contents of the 'Scheduled Tasks' folder"2008-01-25 23:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (LAPPY-Cheryl E).job"- c:\program files\mcafee.com\vso\mcmnhdlr.exe"2007-05-15 05:00:02 C:\WINDOWS\Tasks\McDefragTask.job"- c:\program files\mcafee\mqc\QcConsol.exe'"2008-02-01 06:00:00 C:\WINDOWS\Tasks\McQcTask.job"- c:\program files\mcafee\mqc\QcConsol.exe.**************************************************************************catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-02-01 16:55:45Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfully hidden files: 0 **************************************************************************.------------------------ Other Running Processes ------------------------.C:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\WINDOWS\system32\dlbccoms.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\McAfee\MSK\MskSrver.exeC:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exeC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\tcpsvcs.exeC:\PROGRA~1\McAfee.com\Agent\mcagent.exeC:\WINDOWS\System32\snmp.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\WINDOWS\stsystra.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exeC:\Program Files\NetWaiting\netWaiting.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\WINDOWS\system32\msiexec.exe.**************************************************************************.Completion time: 2008-02-01 17:02:26 - machine was rebootedComboFix-quarantined-files.txt 2008-02-01 22:02:21.2008-01-18 03:31:46 --- E O F --- Link to post Share on other sites
rmurphy Posted February 2, 2008 Report Share Posted February 2, 2008 Go to Microsoft's website => http://support.microsoft.com/kb/310994Select the download that's appropriate for your Operating System. Download the file & save it as it's originally named, next to ComboFix.exe. Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.Please do not reboot your machine until we have reviewed the log.-Ryan Link to post Share on other sites
medtran51 Posted February 2, 2008 Author Report Share Posted February 2, 2008 Go to Microsoft's website => http://support.microsoft.com/kb/310994Select the download that's appropriate for your Operating System. Download the file & save it as it's originally named, next to ComboFix.exe. Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.Please do not reboot your machine until we have reviewed the log.-RyanRyan here is the CF_RC.txtWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS[operating systems]multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetectC:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsCheryl Link to post Share on other sites
rmurphy Posted February 2, 2008 Report Share Posted February 2, 2008 Please post a new HiJack This log, as well as an Uninstall List.To obtain an Uninstall list.Open HijackThis, click Config, click Misc ToolsClick "Open Uninstall Manager"Click "Save List" (generates uninstall_list.txt)-Ryan Link to post Share on other sites
medtran51 Posted February 2, 2008 Author Report Share Posted February 2, 2008 Please post a new HiJack This log, as well as an Uninstall List.To obtain an Uninstall list.Open HijackThis, click Config, click Misc ToolsClick "Open Uninstall Manager"Click "Save List" (generates uninstall_list.txt)-RyanSorry, here it is.Adobe Flash Player ActiveXAdobe Photoshop Elements 6.0Adobe Reader 8.1.1Adobe Shockwave PlayerAmerica Online (Choose which version to remove)AOL Coach Version 1.0(Build:20040229.1 en)AOL Connectivity ServicesAOLIconBroadcom Management ProgramsCanon Camera Support Core LibraryCanon Camera Window DS for ZoomBrowser EXCanon Camera Window DVC for ZoomBrowser EXCanon Camera Window for ZoomBrowser EXCanon MovieEdit Task for ZoomBrowser EXCanon PhotoRecordCanon RAW Image Task for ZoomBrowser EXCanon RemoteCapture Task for ZoomBrowser EXCanon Utilities PhotoStitch 3.1Canon ZoomBrowser EXCharting Companion for Family Tree MakerConexant HDA D110 MDC V.92 ModemCorel Photo Album 6Dell Digital Jukebox DriverDell Driver Reset ToolDell Game ConsoleDell Support CenterDellSupportDigital Content PortalDigital Line DetectDocumentation & Support LauncherDream Day WeddingELIconFamily Origins 10.0 DeluxeFamily Tree Maker 2006Games, Music, & Photos LauncherGhost TownHidden Expedition EverestHigh Definition Audio Driver Package - KB835221HijackThis 2.0.2Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB915865)Hotfix for Windows XP (KB926239)Intel® Graphics Media Accelerator Driver for MobileIntel® PROSet/Wireless SoftwareJava 2 Runtime Environment, SE v1.4.2_03Learn2 Player (Uninstall Only)Little Shop Of Treasures Free TrialMagellan RoadMate POI ManagerMasque Slots featuring WMS GamingMasque Slots IIMcAfee SecurityCenterMcAfee UninstallermCoreMCUmDrWiFimHlpDellMicrosoft .NET Framework (English) v1.0.3705Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Hotfix (KB928366)Microsoft Compression Client Pack 1.0 for Windows XPMicrosoft Digital Image Standard 2006Microsoft Encarta Encyclopedia Standard 2006Microsoft Internationalized Domain Names Mitigation APIsMicrosoft Money 2006Microsoft National Language Support Downlevel APIsMicrosoft Office Excel Viewer 2003Microsoft Office Professional Edition 2003Microsoft Plus! Digital Media Edition InstallerMicrosoft Plus! Photo Story 2 LEMicrosoft Streets & Trips 2006Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft WorksMicrosoft Works Suite 2006 Setup LauncherMicrosoft Works Suite Add-in for Microsoft WordmIWAmIWCAmLogViewmMHouseModem HelperMonopoly Here & Now Edition Free TrialmPfMgrmPfWizmProSafemSSOMSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB936181)mToolkitMusicmatch for Windows Media PlayerMusicmatch® JukeboxmWlsSafemXMLMystery Case Files Prime Suspects Free TrialmZConfigNetWaitingPowerDVD 5.5QuickSetQuickTimeRealArcadeRealPlayerReel Deal Card GamesReel Deal Slots Nickel AlleyRootsMagic 3.2.5.0Search AssistSecurity Update for Step By Step Interactive Training (KB898458)Security Update for Step By Step Interactive Training (KB923723)Security Update for Windows Internet Explorer 7 (KB928090)Security Update for Windows Internet Explorer 7 (KB929969)Security Update for Windows Internet Explorer 7 (KB931768)Security Update for Windows Internet Explorer 7 (KB933566)Security Update for Windows Internet Explorer 7 (KB937143)Security Update for Windows Internet Explorer 7 (KB938127)Security Update for Windows Internet Explorer 7 (KB939653)Security Update for Windows Internet Explorer 7 (KB942615)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player 10 (KB917734)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 6.4 (KB925398)Security Update for Windows XP (KB890046)Security Update for Windows XP (KB893756)Security Update for Windows XP (KB896428)Security Update for Windows XP (KB899587)Security Update for Windows XP (KB900725)Security Update for Windows XP (KB901017)Security Update for Windows XP (KB902400)Security Update for Windows XP (KB905414)Security Update for Windows XP (KB905749)Security Update for Windows XP (KB911567)Security Update for Windows XP (KB911927)Security Update for Windows XP (KB913580)Security Update for Windows XP (KB914388)Security Update for Windows XP (KB914389)Security Update for Windows XP (KB916281)Security Update for Windows XP (KB917159)Security Update for Windows XP (KB917422)Security Update for Windows XP (KB917953)Security Update for Windows XP (KB918118)Security Update for Windows XP (KB918899)Security Update for Windows XP (KB919007)Security Update for Windows XP (KB920213)Security Update for Windows XP (KB920214)Security Update for Windows XP (KB920670)Security Update for Windows XP (KB920683)Security Update for Windows XP (KB920685)Security Update for Windows XP (KB921398)Security Update for Windows XP (KB921503)Security Update for Windows XP (KB921883)Security Update for Windows XP (KB922616)Security Update for Windows XP (KB922760)Security Update for Windows XP (KB922819)Security Update for Windows XP (KB923191)Security Update for Windows XP (KB923414)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB923694)Security Update for Windows XP (KB923980)Security Update for Windows XP (KB924191)Security Update for Windows XP (KB924270)Security Update for Windows XP (KB924496)Security Update for Windows XP (KB924667)Security Update for Windows XP (KB925486)Security Update for Windows XP (KB925902)Security Update for Windows XP (KB926247)Security Update for Windows XP (KB926255)Security Update for Windows XP (KB926436)Security Update for Windows XP (KB927779)Security Update for Windows XP (KB927802)Security Update for Windows XP (KB928255)Security Update for Windows XP (KB928843)Security Update for Windows XP (KB929123)Security Update for Windows XP (KB930178)Security Update for Windows XP (KB931261)Security Update for Windows XP (KB931784)Security Update for Windows XP (KB932168)Security Update for Windows XP (KB933729)Security Update for Windows XP (KB935839)Security Update for Windows XP (KB935840)Security Update for Windows XP (KB936021)Security Update for Windows XP (KB938829)Security Update for Windows XP (KB941202)Security Update for Windows XP (KB941568)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB941644)Security Update for Windows XP (KB943460)Security Update for Windows XP (KB943485)Security Update for Windows XP (KB944653)Serif MediaPlus 2.0Serif PhotoPlus 9.0Serif PhotoPlus Association File FormatsSpelling Dictionaries Support For Adobe Reader 8Synaptics Pointing Device DriverUpdate for Windows XP (KB894391)Update for Windows XP (KB898461)Update for Windows XP (KB900485)Update for Windows XP (KB908531)Update for Windows XP (KB910437)Update for Windows XP (KB911280)Update for Windows XP (KB916595)Update for Windows XP (KB920872)Update for Windows XP (KB922582)Update for Windows XP (KB927891)Update for Windows XP (KB929338)Update for Windows XP (KB930916)Update for Windows XP (KB931836)Update for Windows XP (KB933360)Update for Windows XP (KB936357)Update for Windows XP (KB938828)Update for Windows XP (KB942763)URL AssistantViewpoint Media PlayerWebCyberCoach 3.2 DellWildTangent Web DriverWindows Internet Explorer 7Windows Media Format 11 runtimeWindows Media Format 11 runtimeWindows Media Player 10Windows Media Player 11Windows Media Player 11Windows XP Hotfix - KB885836Windows XP Hotfix - KB885884Windows XP Hotfix - KB886185Windows XP Hotfix - KB888302Windows XP Hotfix - KB890859Cheryl Link to post Share on other sites
medtran51 Posted February 2, 2008 Author Report Share Posted February 2, 2008 Please post a new HiJack This log, as well as an Uninstall List.To obtain an Uninstall list.Open HijackThis, click Config, click Misc ToolsClick "Open Uninstall Manager"Click "Save List" (generates uninstall_list.txt)-Ryanhere's the new hijackthis logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 4:10:40 PM, on 2/2/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\WINDOWS\system32\dlbccoms.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\McAfee\MSK\MskSrver.exeC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exeC:\WINDOWS\system32\tcpsvcs.exeC:\WINDOWS\System32\snmp.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\McAfee.com\Agent\mcagent.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\WINDOWS\stsystra.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exeC:\Program Files\NetWaiting\netWaiting.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\Program Files\Outlook Express\msimn.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Documents and Settings\Cheryl E\Desktop\HJTInstall.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myfamily.com/isapi.dll?c=site&a...in&siteid=*R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=usO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dllO2 - BHO: (no name) - {7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dllO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dllO3 - Toolbar: (no name) - {31615D5C-5126-448A-818A-A7CDFEE85A9B} - (no file)O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkeyO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exeO4 - Global Startup: Digital Line Detect.lnk = ?O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: http://oft.myfamily.comO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cabO16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://playgames.comcast.net/Gameshell/Gam...ronGameHost.cabO23 - Service: McAfee Application Installer Cleanup (0017431201966425) (0017431201966425mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP01743~1.EXEO23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exeO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: dlbc_device - - C:\WINDOWS\system32\dlbccoms.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeO23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exeO23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeO23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exeO23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe--End of file - 9390 bytes Link to post Share on other sites
rmurphy Posted February 3, 2008 Report Share Posted February 3, 2008 Please go to Add/Remove Programs in the Control Panel, and remove the following programsJava 2 Runtime Environment, SE v1.4.2_03Delete the folloing folder: C:\Program Files\Video ActiveX Access\Open HiJack This and scan. When it finishes, put an X in the box next to these following itemO3 - Toolbar: (no name) - {31615D5C-5126-448A-818A-A7CDFEE85A9B} - (no file)Close all open windows except for HiJack This and click fix checked.Reboot your computer.Please go to THIS page, and click on the Download link that is in the Java Runtime Environment (JRE) 6 section.Click the radio button next to Accept License Agreement after reviewing it. The page will refresh - this is normal.Download the Windows Offline Installation, Multi-language. You will want to save this to a location you will remember.Once it has finished downloading, double click it, and follow the prompts to install.If it asks to reboot, select Yes.How is the computer running?-Ryan Link to post Share on other sites
medtran51 Posted February 3, 2008 Author Report Share Posted February 3, 2008 Please go to Add/Remove Programs in the Control Panel, and remove the following programsJava 2 Runtime Environment, SE v1.4.2_03Delete the folloing folder: C:\Program Files\Video ActiveX Access\Open HiJack This and scan. When it finishes, put an X in the box next to these following itemO3 - Toolbar: (no name) - {31615D5C-5126-448A-818A-A7CDFEE85A9B} - (no file)Close all open windows except for HiJack This and click fix checked.Reboot your computer.Please go to THIS page, and click on the Download link that is in the Java Runtime Environment (JRE) 6 section.Click the radio button next to Accept License Agreement after reviewing it. The page will refresh - this is normal.Download the Windows Offline Installation, Multi-language. You will want to save this to a location you will remember.Once it has finished downloading, double click it, and follow the prompts to install.If it asks to reboot, select Yes.How is the computer running?-RyanIt's running a lot faster thank you and no more pop ups. I love it. This is for my laptop. However, my main desktop is running really slow on start up and all the time. Would you be able to help me with that too or do I need to start a new topic?I haven't really used that one in about 1 year because I haven't had the internet hooked up to that one in my new home, but now I do and would like to get that one running faster also.Thanks again.Cheryl Link to post Share on other sites
rmurphy Posted February 3, 2008 Report Share Posted February 3, 2008 If you start a new thread for that one, you can just post the link here and I"ll take a look at it.Congratulations, your log is clean For information on how to protect yourself in the future, read Infection PreventionDo you have any other questions or concerns? This thread will be left open for a few more days, so feel free to ask.-Ryan Link to post Share on other sites
rmurphy Posted February 5, 2008 Report Share Posted February 5, 2008 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. Link to post Share on other sites
Recommended Posts