[email protected] Posted November 26, 2008 Report Share Posted November 26, 2008 I run Intelinet every day. AVG once in a while. Tried PC TOOLS. Went through the self-help list and deleated as instructed, but the freaking thing is still here. I can't use my eBay search at all. It's making me nuts.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:08:31 PM, on 11/26/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Apoint\Apoint.exeAdC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\WINDOWS\system32\igfxsrvc.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Apoint\HidFind.exeC:\Program Files\Apoint\Apntex.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\Creative\ShareDLL\CtNotify.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Creative\ShareDLL\MediaDet.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\WINDOWS\system32\CTSVCCDA.EXEC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\Dell AIO Printer A920\dlbkbmgr.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\WINDOWS\eHome\ehRecvr.exeC:\Program Files\Dell AIO Printer A920\dlbkbmon.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Documents and Settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Program Files\Intelinet\Intelinet.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\ehome\mcrdsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgw.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\Program Files\Intelinet\intelin2.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\eHome\ehmsas.exeC:\WINDOWS\system32\dllhost.exeC:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\PayPal\PayPal Plug-In\RBroker.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dllO2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dllO2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dllO3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dllO3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe"O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe"O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exeO4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exeO4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe"O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUPO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKCU\..\Run: [spybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [intelinet] C:\Program Files\Intelinet\Intelinet.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exeO4 - Global Startup: LUMIX Simple Viewer.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Herod's Lost Tomb\Images\stg_drm.ocxO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...86/client/muweb_site.cab?1194798768671O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cabO16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://C:\Program Files\Mystery P.I. - The New York Fortune\Images\armhelper.ocxO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXEO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: IntelinetSecure - Unknown owner - C:\Program Files\Intelinet\intelin2.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exeO23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exeO24 - Desktop Component 0: (no name) - http://www.knitpicks.com/images/structure/...MP3download.gif--End of file - 12693 bytes Link to post Share on other sites
rmurphy Posted November 26, 2008 Report Share Posted November 26, 2008 Welcome to BestTechie! I'm Ryan, and I'll be helping you fix your computer.Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.-RYan Link to post Share on other sites
[email protected] Posted November 27, 2008 Author Report Share Posted November 27, 2008 Hey, Ryan,Here is the log file from mbam. Gosh, I sure hope this works!Malwarebytes' Anti-Malware 1.30Database version: 1427Windows 5.1.2600 Service Pack 311/26/2008 7:08:44 PMmbam-log-2008-11-26 (19-08-44).txtScan type: Full Scan (C:\|)Objects scanned: 260311Time elapsed: 2 hour(s), 9 minute(s), 4 second(s)Memory Processes Infected: 1Memory Modules Infected: 0Registry Keys Infected: 7Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 5Files Infected: 58Memory Processes Infected:C:\Program Files\Intelinet\intelin2.exe (Rogue.Intelinet) -> Unloaded process successfully.Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\intelinetsecure (Rogue.Intelinet) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\intelinetsecure (Rogue.Intelinet) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\intelinetsecure (Rogue.Intelinet) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Intelinet_is1 (Rogue.Intelinet) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Intelinet (Rogue.Intelinet) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\SpyClean (Rogue.SpyClean) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\intelinet (Rogue.Intelinet) -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:C:\Program Files\Intelinet (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Backup (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Database (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Logs (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Start Menu\Programs\Intelinet (Rogue.Intelinet) -> Quarantined and deleted successfully.Files Infected:C:\Program Files\Intelinet\intelin2.exe (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Intelinet.exe (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP908\A0320160.exe (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP908\A0320167.exe (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\BCKManager.dll (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\CheckRegistry.dll (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\hashes.md5 (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\ListLogs.dll (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\ManageRegistry.dll (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\MFC71.dll (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\msvcp71.dll (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\msvcr71.dll (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\SpywareGuard.dll (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Spywarehandler.dll (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\unins000.dat (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\unins000.exe (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Backup\{093A90A7-B13F-4313-A6F5-AE6C90814FEF}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Backup\{237264C1-9B03-479E-98C3-EBFB5B636587}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Backup\{2699C183-858F-45CC-9754-DFCE7365088C}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Backup\{4F30ACE4-B904-4B12-9F65-105EDCD0FA20}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Backup\{57D3E3AA-E29E-46CF-9788-C12D63E67C03}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Backup\{82FE6BCB-CD7C-4A2A-985E-B8E253F9B06D}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Backup\{9816C857-C27B-4FD6-A2BD-CDD8A9A5FDD8}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Backup\{A0479FED-59B7-49B3-B546-6512070066AF}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Backup\{AB25CEBE-D765-49D7-9D88-91A3A0F14AFB}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Backup\{E277414C-FE4F-456F-B7BE-274FA729F7FC}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Database\Immunizer.db (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Database\Spyware.db (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Logs\2008_10_29.log (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Logs\2008_10_30.log (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Logs\2008_10_31.log (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Logs\2008_11_01.log (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Logs\2008_11_02.log (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Logs\2008_11_04.log (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Logs\2008_11_05.log (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Logs\2008_11_06.log (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Logs\2008_11_07.log (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Logs\2008_11_08.log (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Logs\2008_11_09.log (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Logs\2008_11_10.log (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Logs\2008_11_11.log (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Logs\2008_11_12.log (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Logs\2008_11_13.log (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Logs\2008_11_14.log (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Logs\2008_11_15.log (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Logs\2008_11_17.log (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Logs\2008_11_18.log (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Logs\2008_11_19.log (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Logs\2008_11_20.log (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Logs\2008_11_21.log (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Logs\2008_11_23.log (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Logs\2008_11_24.log (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Logs\2008_11_25.log (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Program Files\Intelinet\Logs\2008_11_26.log (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Start Menu\Programs\Intelinet\Intelinet.lnk (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Start Menu\Programs\Intelinet\Uninstall Intelinet.lnk (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Documents and Settings\LINDA SONDERMANN\Desktop\Intelinet.lnk (Rogue.Intelinet) -> Quarantined and deleted successfully.C:\Documents and Settings\LINDA SONDERMANN\Application Data\Microsoft\Internet Explorer\Quick Launch\Intelinet.lnk (Rogue.Intelinet) -> Quarantined and deleted successfully. Link to post Share on other sites
rmurphy Posted November 27, 2008 Report Share Posted November 27, 2008 That looks How is the computer running?Please post a new hijackthis log, as well as an uninstall list.To obtain an Uninstall list.Open HijackThis, click Config, click Misc ToolsClick "Open Uninstall Manager"Click "Save List" (generates uninstall_list.txt)-Ryan Link to post Share on other sites
[email protected] Posted November 27, 2008 Author Report Share Posted November 27, 2008 As of an hour ago, I still can't use eBay search. Here is the HJT log, and the Uninstall log. Thanks, Ryan!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:35:50 PM, on 11/26/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\WINDOWS\ehome\ehtray.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\Program Files\Apoint\Apoint.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxsrvc.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\WINDOWS\system32\CTSVCCDA.EXEC:\Program Files\Apoint\Apntex.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Apoint\HidFind.exeC:\WINDOWS\eHome\ehRecvr.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\Creative\ShareDLL\CtNotify.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Creative\ShareDLL\MediaDet.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\Dell AIO Printer A920\dlbkbmgr.exeC:\Program Files\Dell AIO Printer A920\dlbkbmon.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Documents and Settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exeC:\WINDOWS\ehome\mcrdsvc.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\WINDOWS\eHome\ehmsas.exeC:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\PayPal\PayPal Plug-In\RBroker.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dllO2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dllO2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dllO3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dllO3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe"O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe"O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exeO4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exeO4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe"O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUPO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKCU\..\Run: [spybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exeO4 - Global Startup: LUMIX Simple Viewer.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Herod's Lost Tomb\Images\stg_drm.ocxO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194798768671O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cabO16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://C:\Program Files\Mystery P.I. - The New York Fortune\Images\armhelper.ocxO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXEO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exeO23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exeO24 - Desktop Component 0: (no name) - http://www.knitpicks.com/images/structure/...MP3download.gif--End of file - 12454 bytes33 Corners7 Wonders - Treasures of SevenABBYY FineReader 5.0 SprintAd-AwareAdobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)Adobe Flash Player ActiveXAdobe Flash Player PluginAdobe Photoshop 7.0Adobe Reader 8.1.2Adobe Shockwave Player 11Advanced Registry OptimizerAIM 6AlchemyAlchemy and Bejeweled PackALPS Touch Pad DriverAOL Coach Version 1.0(Build:20040229.1 en)AOL Connectivity ServicesAOL Uninstaller (Choose which Products to Remove)AOLIconAsk ToolbarAVG 7.5Axialis IconWorkshop 6.0Ben 10 Alien Force Bounty HuntersBetween the WorldsBig Fish Games ClientBoggleBoggle SupremeBook of LegendsBookworm AdventuresBroadcom Management Programs 2Caterpillar Construction TycoonChowder for Windows version 1.0Complete SpanishConexant D110 MDC V.9x ModemConsumer Complete Care Services AgreementCreative PC-CAM 300 DriverCreative PC-CAM CenterCreative WebCam MonitorCreative WebCam PhotoEditorDell AIO Printer A920Dell Digital Jukebox DriverDell Driver Reset ToolDell Support CenterDell Wireless WLAN CardDellSupportDigital Content PortalDigital Line DetectDisney Pirates of the Caribbean OnlineDisney's Ready for Math with PoohDisney's Toontown OnlineDr. Lynch - Grave SecretseBay Toolbar Featuring Yahoo!EducateUElf Bowling - Hawaiian VacationElf Bowling 7 1/7 - The Last InsultELIconEscape The MuseumFaxToolsGdiplusUpgradeGo Go Gourmet - Chef of the YearGoogle AFEGoogle Toolbar for Internet ExplorerHerod's Lost TombHidden Expedition Titanic (remove only)Hidden Mysteries Civil WarHijackThis 2.0.2Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 10 (KB903157)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB952287)HP Image Zone 4.0HP Product DetectionHP Scanjet 4070HP Software UpdateHP UpdateIntel® Graphics Media Accelerator Driver for MobileInternal Network Card Power ManagementJ2SE Runtime Environment 5.0 Update 10J2SE Runtime Environment 5.0 Update 11J2SE Runtime Environment 5.0 Update 6J2SE Runtime Environment 5.0 Update 9Java 2 Runtime Environment, SE v1.4.2_03Java 6 Update 2Java 6 Update 3Java 6 Update 5Java 6 Update 7Java SE Runtime Environment 6 Update 1Jewel Quest Mysteries - Curse of the Emerald TearJumpStart 3rd Grade v1.2KidzuiKnitware Sweaters 2.50Learn2 Player (Uninstall Only)LUMIX Simple ViewerMah Jong MedleyMahjong Escape - Ancient JapanMahjongg - Ancient MayasMalwarebytes' Anti-MalwareMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Hotfix (KB928366)Microsoft Compression Client Pack 1.0 for Windows XPMicrosoft FrontPage 2000 SR-1Microsoft Image Composer 1.5Microsoft Office 2000 SR-1 Disc 2Microsoft Office 2000 SR-1 ProfessionalMicrosoft Office XP Media ContentMicrosoft Office XP StandardMicrosoft Plus! Digital Media Edition InstallerMicrosoft Plus! Photo Story 2 LEMicrosoft User-Mode Driver Framework Feature Pack 1.0Microsoft Web Publishing Wizard 1.52Mighty Math Calculating Crew (Remove only)Modem HelperMozilla Firefox (2.0.0.11)MSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 and SOAP Toolkit 3.0Mushroom AgeMusicmatch for Windows Media PlayerMystery Case Files: Madame Fate (remove only)Mystery P.I. - The New York FortuneNancy Drew: Ghost Dogs of Moon LakeNeedleTraxNetWaitingNetZeroInstallersOozic PlayerOTOYOttoPayPal Plug-InPHOTOfunSTUDIO -viewer-PhotoSmart Printer SoftwarePixMakerPixScreenCE_1.5PowerDVD 5.5Print-A-GridPrintMasterQuickBooks Premier: Accountant Edition 2003QuickSetQuickTimeRealArcadeRealPlayerRescue Heroes Tremor TroubleRhapsody Player EngineRosetta Stone Version 3SCRABBLESecurity Update for Windows Media Player 10 (KB911565)Security Update for Windows Media Player 10 (KB917734)Security Update for Windows Media Player 10 (KB936782)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950759)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB953838)Security Update for Windows XP (KB953839)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956390)Security Update for Windows XP (KB956391)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB957095)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958644)Slingo DeluxeSlingo DeluxeSnood 4Snood 4 Beta version 6.1Snood DeluxeSnood for Windows version 3.52-WSnood Poppers 1.0Snood Slide 2.0Snood Solitaire version 1.1Snood Towers for Windows version 1.02Snoodoku for Windows Version 1.1WSonic DLASonic EncodersSonic MyDVD LESonic RecordNow AudioSonic RecordNow CopySonic RecordNow DataSonic Update ManagerSpelling Dictionaries Support For Adobe Reader 8SPOREâ„¢ Creature Creator Trial EditionSpybot - Search & DestroySpybot - Search & Destroy 1.4Spyware Doctor 6.0Stitch Motif Maker DemoSweater Wizard V3Time ForceTONKA Search & Rescue 2Tri-Peaks Solitaire To GoTurbo Lister 2Unity Web PlayerUpdate for Windows Media Player 10 (KB910393)Update for Windows Media Player 10 (KB913800)Update for Windows Media Player 10 (KB926251)Update for Windows XP (KB951072-v2)Update for Windows XP (KB951978)Update Rollup 2 for Windows XP Media Center Edition 2005Viewpoint Manager (Remove Only)Viewpoint Media PlayerWebCyberCoach 3.2 DellWild Stitches v.1 DemoWindows Genuine Advantage v1.3.0254.0Windows Installer Clean UpWindows Live MessengerWindows Media Format 11 runtimeWindows Media Format 11 runtimeWindows Media Player 10Windows Media Player 10 Hotfix - KB895316Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]Windows Media Player 11Windows Media Player 11Windows XP Media Center Edition 2005 KB908246Windows XP Media Center Edition 2005 KB925766Windows XP Service Pack 3WinZipWinZip Self-ExtractorWorld MosaicsYahoo! ToolbarZam BeezeeZodiac TowerZoombinis Island OdysseyZoombinis Logical Journey Link to post Share on other sites
rmurphy Posted November 29, 2008 Report Share Posted November 29, 2008 Please download JavaRa to your desktop and unzip it to its own folderRun JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.Accept any prompts. Open JavaRa.exe again and select Search For Updates.Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.Open HiJack This and scan. When it finishes, put an X in the box next to these following item(s)O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)Close all open windows except for HiJack This and click fix checked.Reboot your computer.Please rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. -Ryan Link to post Share on other sites
[email protected] Posted November 30, 2008 Author Report Share Posted November 30, 2008 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:20:25 PM, on 11/30/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Apoint\Apoint.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\WINDOWS\system32\CTSVCCDA.EXEC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Apoint\HidFind.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\eHome\ehRecvr.exeC:\Program Files\Creative\ShareDLL\CtNotify.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Program Files\Creative\ShareDLL\MediaDet.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\Dell AIO Printer A920\dlbkbmgr.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\Program Files\Dell AIO Printer A920\dlbkbmon.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Documents and Settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\ehome\mcrdsvc.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\WINDOWS\system32\fxssvc.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dllO2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dllO2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dllO3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dllO3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe"O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe"O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exeO4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exeO4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe"O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUPO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKCU\..\Run: [spybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exeO4 - Global Startup: LUMIX Simple Viewer.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Mortimer Beckett and the Time Paradox\Images\stg_drm.ocxO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194798768671O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cabO16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Mortimer Beckett and the Time Paradox\Images\armhelper.ocxO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXEO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exeO23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exeO24 - Desktop Component 0: (no name) - http://www.knitpicks.com/images/structure/...MP3download.gif--End of file - 12149 bytesThanks, Ryan! Still had ad.yeildmanager taking over my search engines as of this morning. Let's hope this does the trick. Linda Link to post Share on other sites
[email protected] Posted November 30, 2008 Author Report Share Posted November 30, 2008 Yup. Still there. This thing is relentless! Link to post Share on other sites
rmurphy Posted November 30, 2008 Report Share Posted November 30, 2008 Download Lop S&D < hereDouble-click Lop S&D.exeChoose the language, then choose Option 1 (Search)Wait till the end of the scanPost the log which is created: (%SystemDrive%\lopR.txt)-Ryan Link to post Share on other sites
[email protected] Posted December 1, 2008 Author Report Share Posted December 1, 2008 --------------------\\ Lop S&D 4.2.4-9c XP/Vista Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : Intel® Pentium® M processor 1.70GHz ) BIOS : Phoenix ROM BIOS PLUS Version 1.10 A09 USER : LINDA SONDERMANN ( Administrator ) BOOT : Normal boot Antivirus : AVG 7.5.552 7.5.552 (Activated) C:\ (Local Disk) - NTFS - Total:88 Go (Free:42 Go) D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go) "C:\Lop SD" ( MAJ : 01-11-2008|16:30 ) Option : [1] ( Sun 11/30/2008|21:59 ) --------------------\\ Listing folders in APPLIC~1 [02/15/2006|12:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Corel [02/15/2006|12:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Google [08/16/2005|05:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities [12/31/2007|07:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft [02/15/2006|12:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sun [03/26/2007|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe [11/06/2007|05:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL [03/21/2006|09:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads [11/06/2007|05:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP [05/24/2008|06:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Astar Games [04/19/2008|07:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Avg7 [03/08/2008|09:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BigFishGamesCache [08/20/2008|01:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BVRP Software [08/04/2008|05:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> cerasus.media [03/04/2006|01:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Chasing Dogs Studios [12/01/2007|01:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Christmasville [02/27/2008|09:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Dell [11/14/2008|12:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> eBay [08/20/2008|03:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> EscapeTheMuseum [08/27/2008|03:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet [10/24/2008|05:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Flood Light Games [08/16/2008|12:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Fugazo [04/22/2008|04:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Gogii [11/19/2008|05:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Gogii Games [07/20/2007|06:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google [12/31/2007|07:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Grisoft [02/15/2006|12:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek [02/22/2006|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Hewlett-Packard [12/30/2007|07:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HiddenSecretsNightmare [02/15/2006|12:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield [05/04/2007|04:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> JollyBear [10/22/2008|02:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft [11/26/2008|04:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes [01/09/2008|07:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft [11/05/2008|07:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MumboJumbo [06/13/2007|09:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> n7-89-o9-3r-4t-r9 [02/27/2006|06:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Otto [10/17/2008|07:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PC Tools [11/17/2008|08:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PlayFirst [04/05/2008|09:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PlayPond [02/03/2008|11:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QB9 S.R.L [02/15/2006|12:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime [03/24/2007|10:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> RoboForm [09/06/2008|03:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Rosetta Stone [08/27/2008|05:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> RosettaStoneLtdBackup [12/25/2006|03:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sandlot Games [02/25/2006|03:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBT [05/16/2007|06:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SpinTop [06/29/2007|10:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SpinTop Games [10/21/2008|04:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy [11/29/2006|06:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SugarGames [12/23/2007|02:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SupportSoft [04/01/2007|02:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec [11/30/2008|03:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP [07/26/2008|03:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TERMINAL Studio [08/04/2008|03:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TheRace_dev [03/04/2006|12:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia [11/13/2008|06:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint [11/30/2008|09:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WholeSecurity [05/11/2006|07:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage [11/30/2008|02:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WinZip [04/04/2008|01:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WinZipSE [03/22/2007|11:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion [02/15/2006|12:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Corel [02/15/2006|12:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Google [08/16/2005|05:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities [02/26/2006|06:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft [02/15/2006|12:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun [03/21/2006|09:02] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> acccore [06/04/2008|02:23] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Adobe [03/24/2006|09:48] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> AdobeAUM [03/04/2007|03:44] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> AdobeUM [11/30/2008|08:00] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> AVG7 [01/16/2007|12:53] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Axialis [08/04/2008|05:33] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> cerasus.media [04/22/2007|06:22] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> CyberLink [11/14/2008|12:19] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> eBay [11/29/2008|06:47] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> ForgottenRiddles [05/02/2008|10:45] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Friday's games [02/07/2007|06:43] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> funkitron [09/17/2006|07:15] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Gaijin Ent [11/19/2008|05:36] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Gogii Games [08/03/2006|07:41] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Google [04/11/2007|09:15] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Gtek [07/11/2006|10:44] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Help [08/16/2005|05:50] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Identities [12/23/2007|03:10] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> InstallShield [01/09/2008|07:59] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Lavasoft [11/28/2008|07:01] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Leadertech [04/18/2007|06:30] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Macromedia [11/26/2008|04:53] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Malwarebytes [01/01/2008|11:02] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Microsoft [02/27/2006|06:02] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Otto [12/23/2007|03:11] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Panasonic [11/10/2008|08:20] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> PC Tools [11/17/2008|08:47] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> PlayFirst [11/13/2008|06:48] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Real [10/22/2008|01:31] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Sammsoft [08/04/2008|07:20] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Snood [02/22/2006|09:00] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Sonic [11/07/2007|07:50] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> SpinTop [11/20/2008|07:00] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> SpinTop Games [02/15/2006|12:31] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Sun [03/22/2007|11:06] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Symantec [12/29/2007|11:19] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> URSE Games [11/13/2008|06:46] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Viewpoint [11/30/2008|06:39] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> WholeSecurity [11/04/2007|12:06] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> WinRAR [12/31/2007|07:59] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> AVG7 [11/26/2007|08:29] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Google [11/15/2008|09:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Help [10/04/2008|01:23] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft [10/21/2006|10:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Symantec [12/31/2007|07:58] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks [11/30/2008 08:13 PM][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUser.job [02/05/2007 04:08 PM][--ah-----] C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job [11/30/2008 03:13 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT [08/10/2004 06:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing Folders in C:\Program Files [11/11/2007|09:31] C:\Program Files\<DIR> 3DGroove [11/13/2008|06:48] C:\Program Files\<DIR> 7 Wonders - Treasures of Seven [08/20/2008|01:11] C:\Program Files\<DIR> ABBYY FineReader 5.0 Sprint [08/20/2008|01:11] C:\Program Files\<DIR> ABBYY FineReader 6.0 [10/11/2008|01:40] C:\Program Files\<DIR> Activision Value [11/27/2008|06:41] C:\Program Files\<DIR> Adobe [10/22/2008|01:54] C:\Program Files\<DIR> Advanced Registry Optimizer [04/21/2007|12:24] C:\Program Files\<DIR> Agatha Christie - Death on the Nile [11/06/2007|05:52] C:\Program Files\<DIR> AIM6 [09/16/2007|03:31] C:\Program Files\<DIR> America Online 9.0 [03/21/2006|08:50] C:\Program Files\<DIR> AOD [04/24/2006|05:30] C:\Program Files\<DIR> AOL [02/15/2006|12:42] C:\Program Files\<DIR> AOL Companion [12/11/2007|05:03] C:\Program Files\<DIR> AOL Games [09/16/2007|03:31] C:\Program Files\<DIR> Apoint [10/22/2008|01:31] C:\Program Files\<DIR> AskBarDis [01/16/2007|12:53] C:\Program Files\<DIR> Axialis [10/28/2008|04:34] C:\Program Files\<DIR> Between the Worlds [09/16/2007|03:31] C:\Program Files\<DIR> BFG [06/10/2008|08:57] C:\Program Files\<DIR> bfgclient [08/21/2008|07:57] C:\Program Files\<DIR> Boggle [11/17/2008|05:19] C:\Program Files\<DIR> Book of Legends [08/29/2007|09:15] C:\Program Files\<DIR> Borland [02/15/2006|12:35] C:\Program Files\<DIR> Broadcom [11/06/2006|06:11] C:\Program Files\<DIR> Broderbund [03/25/2007|09:21] C:\Program Files\<DIR> CA [08/30/2008|08:54] C:\Program Files\<DIR> Cartoon Network [11/24/2008|11:03] C:\Program Files\<DIR> Chowder [11/13/2008|07:52] C:\Program Files\<DIR> Common Files [08/16/2005|05:38] C:\Program Files\<DIR> ComPlus Applications [02/15/2006|12:19] C:\Program Files\<DIR> CONEXANT [03/22/2007|11:02] C:\Program Files\<DIR> Creative [02/15/2006|12:38] C:\Program Files\<DIR> CyberLink [02/12/2008|10:28] C:\Program Files\<DIR> Davidson [02/15/2006|12:48] C:\Program Files\<DIR> Dell [08/30/2008|11:33] C:\Program Files\<DIR> Dell A920 [08/30/2008|11:36] C:\Program Files\<DIR> Dell AIO Printer A920 [12/23/2007|02:38] C:\Program Files\<DIR> Dell Support Center [04/11/2007|08:50] C:\Program Files\<DIR> DellSupport [02/15/2006|12:37] C:\Program Files\<DIR> Digital Line Detect [10/21/2006|11:47] C:\Program Files\<DIR> directx [04/19/2007|09:07] C:\Program Files\<DIR> Disney [01/13/2008|02:48] C:\Program Files\<DIR> Disney Interactive [11/13/2008|06:47] C:\Program Files\<DIR> Dr. Lynch - Grave Secrets [09/20/2007|09:40] C:\Program Files\<DIR> eBay [02/12/2008|10:54] C:\Program Files\<DIR> Edmark [11/13/2008|06:46] C:\Program Files\<DIR> Electronic Arts [07/08/2008|06:42] C:\Program Files\<DIR> Elf Bowling - Hawaiian Vacation [01/02/2008|03:33] C:\Program Files\<DIR> Elf Bowling 7 17 - The Last Insult [09/16/2007|03:31] C:\Program Files\<DIR> EnglishOtto [09/17/2008|06:27] C:\Program Files\<DIR> Escape The Museum [08/20/2008|01:09] C:\Program Files\<DIR> FaxTools [09/15/2007|10:49] C:\Program Files\<DIR> Fisher-Price® [11/27/2008|08:54] C:\Program Files\<DIR> Forgotten Riddles - The Mayan Princess [09/16/2007|03:31] C:\Program Files\<DIR> GameHouse [11/11/2008|08:05] C:\Program Files\<DIR> GameMill Entertainment [05/16/2007|06:09] C:\Program Files\<DIR> Games [05/16/2007|06:08] C:\Program Files\<DIR> GemMaster [11/30/2006|06:38] C:\Program Files\<DIR> GH-SCRABBLE [11/13/2008|06:47] C:\Program Files\<DIR> Go Go Gourmet - Chef of the Year [02/04/2007|04:10] C:\Program Files\<DIR> Google [02/15/2006|12:51] C:\Program Files\<DIR> GoogleAFE [04/09/2007|01:11] C:\Program Files\<DIR> Grisoft [11/30/2008|04:15] C:\Program Files\<DIR> Hawaiian Explorer Pearl Harbor [11/17/2008|04:48] C:\Program Files\<DIR> Herod's Lost Tomb [02/22/2006|10:17] C:\Program Files\<DIR> Hewlett-Packard [10/11/2008|05:16] C:\Program Files\<DIR> Hidden Expedition - Everest [10/26/2008|09:31] C:\Program Files\<DIR> Hidden Expedition Titanic [08/19/2007|06:07] C:\Program Files\<DIR> HP [01/11/2008|01:33] C:\Program Files\<DIR> hp photosmart [08/30/2008|11:12] C:\Program Files\<DIR> HP PhotoSmart Printers [09/27/2008|11:26] C:\Program Files\<DIR> Infogrames Interactive [11/13/2008|06:34] C:\Program Files\<DIR> InstallShield Installation Information [02/15/2006|12:36] C:\Program Files\<DIR> Intel [08/31/2008|09:19] C:\Program Files\<DIR> Internet Explorer [02/25/2006|03:15] C:\Program Files\<DIR> Intuit [07/17/2008|06:49] C:\Program Files\<DIR> Java [11/13/2008|06:47] C:\Program Files\<DIR> Jewel Quest Mysteries - Curse of the Emerald Tear [11/13/2008|06:47] C:\Program Files\<DIR> Kidzui [03/01/2008|01:09] C:\Program Files\<DIR> Knitting Wizards [08/29/2007|09:15] C:\Program Files\<DIR> Knitware [10/22/2008|02:21] C:\Program Files\<DIR> Lavasoft [02/15/2006|12:42] C:\Program Files\<DIR> Learn2.com [07/27/2008|06:53] C:\Program Files\<DIR> Mah Jong Medley [03/24/2008|03:24] C:\Program Files\<DIR> Mahjong Escape - Ancient Japan [08/05/2008|08:16] C:\Program Files\<DIR> Mahjongg - Ancient Mayas [11/26/2008|04:53] C:\Program Files\<DIR> Malwarebytes' Anti-Malware [08/31/2008|10:26] C:\Program Files\<DIR> Messenger [11/01/2007|05:15] C:\Program Files\<DIR> Microsoft ActiveSync [08/16/2005|05:43] C:\Program Files\<DIR> microsoft frontpage [09/16/2007|03:32] C:\Program Files\<DIR> Microsoft Image Composer [02/05/2007|04:06] C:\Program Files\<DIR> Microsoft IntelliPoint [11/01/2007|05:08] C:\Program Files\<DIR> Microsoft Office [02/15/2006|12:40] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition [11/13/2008|06:47] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE [02/22/2006|11:07] C:\Program Files\<DIR> Microsoft Visual Studio [09/16/2007|03:32] C:\Program Files\<DIR> Modem Helper [09/16/2007|03:32] C:\Program Files\<DIR> Monopoly 3 [03/22/2007|11:04] C:\Program Files\<DIR> Monopoly Here & Now Edition [11/27/2008|12:28] C:\Program Files\<DIR> Mortimer Beckett and the Time Paradox [08/31/2008|09:19] C:\Program Files\<DIR> Movie Maker [11/13/2008|06:47] C:\Program Files\<DIR> Mozilla Firefox [08/07/2007|10:06] C:\Program Files\<DIR> MSECACHE [08/16/2005|05:37] C:\Program Files\<DIR> MSN [02/11/2008|05:28] C:\Program Files\<DIR> MSN Games [08/16/2005|05:37] C:\Program Files\<DIR> MSN Gaming Zone [10/26/2008|10:56] C:\Program Files\<DIR> MSN Messenger [11/18/2006|06:57] C:\Program Files\<DIR> MSXML 4.0 [11/13/2008|06:47] C:\Program Files\<DIR> Mushroom Age [12/06/2007|09:16] C:\Program Files\<DIR> MUSICMATCH [11/13/2008|06:47] C:\Program Files\<DIR> Mystery Case Files - Madame Fate [10/14/2008|06:46] C:\Program Files\<DIR> Mystery Case Files - Ravenhearst [11/14/2008|06:58] C:\Program Files\<DIR> Mystery P.I. - The New York Fortune [01/29/2007|02:26] C:\Program Files\<DIR> Mysteryville [01/29/2007|03:21] C:\Program Files\<DIR> Nancy Drew [05/31/2008|05:37] C:\Program Files\<DIR> NeedlTx [08/31/2008|09:09] C:\Program Files\<DIR> NetMeeting [09/16/2007|03:32] C:\Program Files\<DIR> NetWaiting [02/15/2006|12:39] C:\Program Files\<DIR> NetZeroInstallers [03/28/2007|08:39] C:\Program Files\<DIR> Norton Internet Security [03/22/2007|11:07] C:\Program Files\<DIR> Norton Password Manager [10/26/2008|05:18] C:\Program Files\<DIR> Norton Security Scan [12/22/2007|06:31] C:\Program Files\<DIR> Nstorm [06/23/2006|10:08] C:\Program Files\<DIR> OfficeUpdate11 [08/16/2005|05:38] C:\Program Files\<DIR> Online Services [08/31/2008|09:09] C:\Program Files\<DIR> Outlook Express [12/23/2007|03:12] C:\Program Files\<DIR> Panasonic [11/30/2006|06:38] C:\Program Files\<DIR> Pantheon [07/15/2008|09:17] C:\Program Files\<DIR> PayPal [03/28/2007|08:13] C:\Program Files\<DIR> PCSecurityShield [02/22/2006|10:46] C:\Program Files\<DIR> PixAround.com [10/26/2006|02:04] C:\Program Files\<DIR> PopCap Games [06/23/2006|10:39] C:\Program Files\<DIR> QuickTime [11/30/2006|06:38] C:\Program Files\<DIR> Rainbow Mystery [11/13/2008|06:48] C:\Program Files\<DIR> Real [08/17/2006|07:50] C:\Program Files\<DIR> ReflexiveArcade [09/16/2007|03:32] C:\Program Files\<DIR> RGB [08/27/2008|05:14] C:\Program Files\<DIR> Rosetta Stone [09/16/2007|03:32] C:\Program Files\<DIR> SCRABBLE [03/24/2007|10:22] C:\Program Files\<DIR> Siber Systems [02/15/2006|12:19] C:\Program Files\<DIR> Sigmatel [08/27/2006|08:20] C:\Program Files\<DIR> Slingo [02/18/2008|02:38] C:\Program Files\<DIR> Slingo Deluxe [02/25/2006|03:08] C:\Program Files\<DIR> Snapshot Viewer [02/07/2008|08:20] C:\Program Files\<DIR> Snood [09/09/2007|07:39] C:\Program Files\<DIR> Snood 4 Beta [09/25/2008|06:19] C:\Program Files\<DIR> Snood Deluxe [01/30/2007|08:21] C:\Program Files\<DIR> Snood Solitaire [11/02/2008|07:38] C:\Program Files\<DIR> Snood Towers [10/23/2008|05:55] C:\Program Files\<DIR> Snoodoku [02/15/2006|12:43] C:\Program Files\<DIR> Sonic [10/21/2008|12:46] C:\Program Files\<DIR> Spybot - Search & Destroy [11/28/2008|09:24] C:\Program Files\<DIR> Spyware Doctor [10/17/2008|06:03] C:\Program Files\<DIR> Spyware Doctor(2) [11/30/2006|06:38] C:\Program Files\<DIR> Sweetopia [04/01/2007|02:48] C:\Program Files\<DIR> Symantec [03/13/2008|03:23] C:\Program Files\<DIR> The Adventure Company [06/08/2008|02:14] C:\Program Files\<DIR> The Learning Company [11/02/2008|04:10] C:\Program Files\<DIR> THQ [03/16/2006|11:23] C:\Program Files\<DIR> TLI [11/11/2008|08:55] C:\Program Files\<DIR> Trend Micro [11/18/2007|08:53] C:\Program Files\<DIR> Turtix [08/16/2005|05:50] C:\Program Files\<DIR> Uninstall Information [05/17/2008|07:37] C:\Program Files\<DIR> Unity [11/13/2008|06:46] C:\Program Files\<DIR> Viewpoint [06/10/2008|08:33] C:\Program Files\<DIR> Virtools [11/06/2006|06:31] C:\Program Files\<DIR> Web Publish [02/15/2006|12:45] C:\Program Files\<DIR> WebCyberCoach [03/26/2007|10:54] C:\Program Files\<DIR> Windows Installer Clean Up [03/31/2008|02:37] C:\Program Files\<DIR> Windows Media Connect 2 [02/16/2008|02:29] C:\Program Files\<DIR> Windows Media Player [08/31/2008|09:09] C:\Program Files\<DIR> Windows NT [08/16/2005|05:37] C:\Program Files\<DIR> Windows Plus [08/16/2005|05:40] C:\Program Files\<DIR> WindowsUpdate [11/30/2008|02:44] C:\Program Files\<DIR> WinZip [04/04/2008|01:46] C:\Program Files\<DIR> WinZip Self-Extractor [10/23/2008|03:29] C:\Program Files\<DIR> WOMGames [11/13/2008|06:46] C:\Program Files\<DIR> World Mosaics [11/18/2007|08:54] C:\Program Files\<DIR> Xango Tango [08/16/2005|05:43] C:\Program Files\<DIR> xerox [03/22/2007|11:06] C:\Program Files\<DIR> Yahoo! --------------------\\ Listing Folders in C:\Program Files\Common Files [11/27/2008|06:41] C:\Program Files\Common Files\<DIR> Adobe [11/06/2007|05:51] C:\Program Files\Common Files\<DIR> AOL [02/15/2006|12:42] C:\Program Files\Common Files\<DIR> aolshare [11/06/2006|06:09] C:\Program Files\Common Files\<DIR> Broderbund [02/22/2006|11:07] C:\Program Files\Common Files\<DIR> Designer [02/22/2006|10:15] C:\Program Files\Common Files\<DIR> Hewlett-Packard [02/22/2006|10:16] C:\Program Files\Common Files\<DIR> HP [02/15/2006|12:43] C:\Program Files\Common Files\<DIR> InstallShield [02/25/2006|03:16] C:\Program Files\Common Files\<DIR> Intuit [02/15/2006|12:31] C:\Program Files\Common Files\<DIR> Java [09/15/2007|10:50] C:\Program Files\Common Files\<DIR> Knowledge Adventure [02/25/2006|03:16] C:\Program Files\Common Files\<DIR> LHSPF [08/27/2008|03:57] C:\Program Files\Common Files\<DIR> Macrovision Shared [11/26/2008|10:39] C:\Program Files\Common Files\<DIR> Microsoft Shared [03/21/2006|06:38] C:\Program Files\Common Files\<DIR> MimarSinan [08/16/2005|05:40] C:\Program Files\Common Files\<DIR> MSSoap [02/15/2006|12:42] C:\Program Files\Common Files\<DIR> Nullsoft [08/16/2005|05:33] C:\Program Files\Common Files\<DIR> ODBC [02/22/2006|10:46] C:\Program Files\Common Files\<DIR> PixAround.com [11/13/2008|06:48] C:\Program Files\Common Files\<DIR> Real [08/16/2005|05:40] C:\Program Files\Common Files\<DIR> Services [02/15/2006|12:43] C:\Program Files\Common Files\<DIR> Sonic Shared [08/16/2005|05:33] C:\Program Files\Common Files\<DIR> SpeechEngines [12/23/2007|02:38] C:\Program Files\Common Files\<DIR> supportsoft [10/26/2008|05:18] C:\Program Files\Common Files\<DIR> Symantec Shared [08/31/2008|09:09] C:\Program Files\Common Files\<DIR> System [02/15/2006|12:40] C:\Program Files\Common Files\<DIR> TiVo Shared [02/25/2006|03:46] C:\Program Files\Common Files\<DIR> WexTech Shared [10/22/2008|02:20] C:\Program Files\Common Files\<DIR> Wise Installation Wizard [11/13/2008|06:48] C:\Program Files\Common Files\<DIR> xing shared --------------------\\ Process ( 72 Processes ) iexplore.exe ~ [PID:564] --------------------\\ Searching with S_Lop No Lop folder found ! --------------------\\ Searching for Lop Files - Folders C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsc85.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsd36.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nse2E.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsh90.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsisdt.dll C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsj7B.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsl184.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsl378.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsm80.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsr40.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsr76.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nss14.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nss25.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nss47.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nst325.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nst4C.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nst51.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsv7C.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsv9B.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsx19.tmp C:\DOCUME~1\LINDAS~1\Cookies\linda [email protected][1].txt C:\DOCUME~1\LINDAS~1\Cookies\linda [email protected][1].txt C:\DOCUME~1\LINDAS~1\Cookies\linda [email protected][3].txt --------------------\\ Searching within the Registry ..... OK ! --------------------\\ Checking the Hosts file Hosts file CLEAN --------------------\\ Searching for hidden files with Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-30 22:01:51 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Searching for other infections No other infections found ! [F:1139][D:157]-> C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp [F:1476][D:0]-> C:\DOCUME~1\LINDAS~1\Cookies [F:7311][D:37]-> C:\DOCUME~1\LINDAS~1\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - Sun 11/30/2008|22:15 - Option : [1] --------------------\\ Scan completed at 22:15:09 Link to post Share on other sites
rmurphy Posted December 1, 2008 Report Share Posted December 1, 2008 Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**Please, never rename Combofix unless instructed.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.-----------------------------------------------------------Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.If there is no internet connection after running Combofix, then restart your computer to restore back your connection.-----------------------------------------------------------[*]Double click on combofix.exe & follow the prompts.[*]When finished, it will produce a report for you. [*]Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**-Ryan Link to post Share on other sites
[email protected] Posted December 2, 2008 Author Report Share Posted December 2, 2008 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:59:57 PM, on 12/1/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\WINDOWS\system32\CTSVCCDA.EXEC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\eHome\ehmsas.exeC:\Program Files\Apoint\Apoint.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\Creative\ShareDLL\CtNotify.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Apoint\HidFind.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Creative\ShareDLL\MediaDet.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\Dell AIO Printer A920\dlbkbmgr.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exeC:\Program Files\Dell AIO Printer A920\dlbkbmon.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Documents and Settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\Program Files\HP\Digital Imaging\bin\hpqgalry.exeC:\WINDOWS\system32\msiexec.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dllO2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dllO2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dllO3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dllO4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe"O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe"O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exeO4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exeO4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe"O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUPO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKCU\..\Run: [spybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exeO4 - Global Startup: LUMIX Simple Viewer.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file://C:\Program Files\Mortimer Beckett and the Time Paradox\Images\stg_drm.ocxO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194798768671O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cabO16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Mortimer Beckett and the Time Paradox\Images\armhelper.ocxO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXEO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exeO23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exeO24 - Desktop Component 0: (no name) - http://www.knitpicks.com/images/structure/...MP3download.gif--End of file - 11932 bytesAND ...ComboFix 08-12-01.01 - LINDA SONDERMANN 2008-12-01 19:37:33.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.223 [GMT -5:00]Running from: c:\documents and settings\LINDA SONDERMANN\Desktop\ComboFix.exe * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\Downloaded Program Files\setup.infc:\windows\Downloaded Program Files\TriJinx.1.0.0.67c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\music\mainmenumusic.oggc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\areabomb.oggc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\beetlezap.oggc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonusrow.oggc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonustimer.oggc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bucketfilled.oggc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\clearpyramid.oggc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1a.oggc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1b.oggc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1c.oggc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2a.oggc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2b.oggc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2c.oggc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\colorchain.oggc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\dialogbox.oggc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\drumbeat.oggc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\fillrow.oggc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\gateopen.oggc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\helptip.oggc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\powerup.oggc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\rotateboardleft.oggc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\timerup.oggc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning.oggc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning2.oggc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\artifacts-bb.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\bar.jpgc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber0.jpgc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber1.jpgc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\circledoor.jpgc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\full_screen_dialog.jpgc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_large.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_small.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_large.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_small.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hexfield.jpgc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hidden-artifact_icon.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\large_dialog.jpgc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\local-hs-bb.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\mainmenu.jpgc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\small_dialog.jpgc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\textfield.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\trifield.jpgc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover1.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover2.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover3.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover4.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock1.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock2.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock3.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock4.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetletatoo.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\dirt.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpost.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpostovr.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\tritop.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_down.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_over.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_up.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_down.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_over.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_up.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_down.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_over.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_up.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_down.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_over.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_up.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_down.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_over.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_up.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_down.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_over.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_up.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkdown.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkup.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_down.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_over.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_up.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_down.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_over.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_up.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_down.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_over.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_up.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_down.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_over.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_up.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_down.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_over.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_up.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknob.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknobover.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderrail.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\anwar\look\pl0001.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\bast\look\bl0001.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\kristine\look\kl0001.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\crackedstopper.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\cursor.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\doorlights.txtc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\jackarmstrong.mvecc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\lithos.mvecc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\greybomb.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\arrowkeys.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\helptip.jpgc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\levels\levels.datc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\disk.meshc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\equilateraltriangle.meshc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\flattri.meshc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\pyramid.meshc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\quad.meshc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\rotatingpyramid.meshc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\scarabpanel.meshc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\p1icon.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-0.xmlc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-1.xmlc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-0-1.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-1-1.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scorecloud.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\setup.xmlc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\areashockwave.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_1.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_2.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_3.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_4.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_starter.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_tail.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\flash.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\rubble.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke2.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke3.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\aol_logo.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\playfirst_logo.jpgc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue0\snake_dirty.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\arm01_dirty.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\mask01_1.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\statue01_dirty.jpgc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\stopper.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\timer.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\timerglow.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\timericon.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\tm.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue1.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue2.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue3.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen1.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen2.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen3.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered1.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered2.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered3.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow1.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow2.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow3.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabomb.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabombrollover.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\blue.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bluerollover.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\boardfill.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick1.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick2.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick3.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bricktip.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared1.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared2.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared3.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared4.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared5.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared6.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye1.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye2.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye3.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye4.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\green.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\greenrollover.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-blue.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-bluerollover.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-green.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-greenrollover.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-red.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-redrollover.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellow.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellowrollover.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\red.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\redrollover.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wild.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wildrollover.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellow.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellowrollover.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image0.jpgc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image1.jpgc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image2.jpgc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image3.jpgc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\bluebucket.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\buckettriangle.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\chainlink.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\chaintip.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\genericbucket.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\greenbucket.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\redbucket.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallblue.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallgreen.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallred.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallyellow.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\urnglow.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\urnplatform.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\yellowbucket.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\warning.pngc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\error.luac:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\game.luac:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\gameover.luac:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscore.luac:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscoreinfo.luac:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscoresubmit.luac:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\instructions.luac:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\leveldesign.luac:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\levelover.luac:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainarcade.luac:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainconfirm.luac:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\maincontinue.luac:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\maingames.luac:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainpuzzle.luac:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\maphelptip.luac:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\options.luac:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\pause.luac:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\quitconfirm.luac:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\start.luac:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\storyplayer.luac:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\style.luac:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\upsell.luac:\windows\Downloaded Program Files\TriJinx.1.0.0.67\strings.xmlc:\windows\Downloaded Program Files\TriJinx.1.0.0.67\TriJinx.exec:\windows\IE4 Error Log.txt.((((((((((((((((((((((((( Files Created from 2008-11-02 to 2008-12-02 ))))))))))))))))))))))))))))))).2008-12-01 16:30 . 2008-12-01 16:30 <DIR> d-------- c:\program files\Bejeweled Twist2008-11-30 21:58 . 2008-11-30 22:15 <DIR> d----c--- C:\Lop SD2008-11-30 21:51 . 2008-11-30 21:57 <DIR> d-------- c:\documents and settings\LINDA SONDERMANN\.SunDownloadManager2008-11-30 14:42 . 2008-11-30 14:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZip2008-11-30 07:37 . 2008-11-30 07:37 54,156 --ah----- c:\windows\QTFont.qfn2008-11-30 07:37 . 2008-11-30 07:37 1,409 --a------ c:\windows\QTFont.for2008-11-29 18:49 . 2008-11-29 18:49 <DIR> d-------- c:\windows\system32\ActiveX2008-11-29 18:49 . 2008-11-30 16:54 <DIR> d-------- c:\program files\Hawaiian Explorer Pearl Harbor2008-11-27 20:55 . 2008-11-29 18:47 <DIR> d-------- c:\documents and settings\LINDA SONDERMANN\Application Data\ForgottenRiddles2008-11-27 20:54 . 2008-11-27 20:54 <DIR> d-------- c:\program files\Forgotten Riddles - The Mayan Princess2008-11-27 11:51 . 2008-11-27 12:28 <DIR> d-------- c:\program files\Mortimer Beckett and the Time Paradox2008-11-26 16:53 . 2008-11-26 16:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware2008-11-26 16:53 . 2008-11-26 16:53 <DIR> d-------- c:\documents and settings\LINDA SONDERMANN\Application Data\Malwarebytes2008-11-26 16:53 . 2008-11-26 16:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes2008-11-26 16:53 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys2008-11-26 16:53 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys2008-11-24 23:00 . 2008-11-24 23:03 <DIR> d-------- c:\program files\Chowder2008-11-19 17:36 . 2008-11-19 17:36 <DIR> d-------- c:\documents and settings\LINDA SONDERMANN\Application Data\Gogii Games2008-11-19 17:36 . 2008-11-19 17:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Gogii Games2008-11-17 20:47 . 2008-11-17 20:47 <DIR> d-------- c:\documents and settings\LINDA SONDERMANN\Application Data\PlayFirst2008-11-17 17:19 . 2008-11-17 17:19 <DIR> d-------- c:\program files\Book of Legends2008-11-17 16:45 . 2008-11-17 16:48 <DIR> d-------- c:\program files\Herod's Lost Tomb2008-11-14 18:57 . 2008-11-14 18:58 <DIR> d-------- c:\program files\Mystery P.I. - The New York Fortune2008-11-14 12:19 . 2008-11-14 12:19 <DIR> d-------- c:\documents and settings\LINDA SONDERMANN\Application Data\eBay2008-11-13 19:14 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll2008-11-13 19:14 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui2008-11-13 18:48 . 2008-11-13 18:48 <DIR> d-------- c:\program files\Common Files\xing shared2008-11-13 18:48 . 2008-11-13 18:48 <DIR> d-------- c:\program files\7 Wonders - Treasures of Seven2008-11-13 18:47 . 2008-11-13 18:47 <DIR> d-------- c:\program files\Mystery Case Files - Madame Fate2008-11-13 18:47 . 2008-11-13 18:47 <DIR> d-------- c:\program files\Mushroom Age2008-11-13 18:47 . 2008-11-13 18:47 <DIR> d-------- c:\program files\Microsoft Plus! Photo Story 2 LE2008-11-13 18:47 . 2008-11-13 18:47 <DIR> d-------- c:\program files\Kidzui2008-11-13 18:47 . 2008-11-13 18:47 <DIR> d-------- c:\program files\Jewel Quest Mysteries - Curse of the Emerald Tear2008-11-13 18:47 . 2008-11-13 18:47 <DIR> d-------- c:\program files\Go Go Gourmet - Chef of the Year2008-11-13 18:47 . 2008-11-13 18:47 <DIR> d-------- c:\program files\Dr. Lynch - Grave Secrets2008-11-13 18:46 . 2008-11-13 18:46 <DIR> d-------- c:\program files\World Mosaics2008-11-13 18:46 . 2008-11-13 18:46 <DIR> d-------- c:\program files\Viewpoint2008-11-13 18:46 . 2008-11-13 18:46 <DIR> d-------- c:\program files\Electronic Arts2008-11-13 18:46 . 2008-11-13 18:46 <DIR> d-------- c:\documents and settings\LINDA SONDERMANN\Application Data\Viewpoint2008-11-12 09:40 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys2008-11-12 09:39 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll2008-11-11 20:05 . 2008-11-11 20:05 <DIR> d-------- c:\program files\GameMill Entertainment2008-11-11 08:55 . 2008-11-11 08:55 <DIR> d-------- c:\program files\Trend Micro2008-11-10 08:20 . 2008-11-10 08:20 <DIR> d-------- c:\documents and settings\LINDA SONDERMANN\Application Data\PC Tools2008-11-10 08:20 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys2008-11-10 08:20 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys2008-11-10 08:20 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys2008-11-10 08:20 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys2008-11-02 19:35 . 2008-11-02 19:38 <DIR> d-------- c:\program files\Snood Towers2008-11-02 16:10 . 2008-11-02 16:10 <DIR> d-------- c:\program files\THQ.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-12-02 00:17 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP2008-12-01 23:49 --------- d-----w c:\documents and settings\LINDA SONDERMANN\Application Data\WholeSecurity2008-12-01 23:49 --------- d-----w c:\documents and settings\All Users\Application Data\WholeSecurity2008-12-01 15:55 --------- d-----w c:\documents and settings\LINDA SONDERMANN\Application Data\AVG72008-12-01 12:50 --------- d-----w c:\program files\Spyware Doctor2008-11-29 00:01 --------- d-----w c:\documents and settings\LINDA SONDERMANN\Application Data\Leadertech2008-11-27 23:41 --------- d-----w c:\program files\Common Files\Adobe2008-11-21 00:00 --------- d-----w c:\documents and settings\LINDA SONDERMANN\Application Data\SpinTop Games2008-11-18 01:47 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst2008-11-14 17:19 --------- d-----w c:\documents and settings\All Users\Application Data\eBay2008-11-13 23:48 --------- d-----w c:\program files\Real2008-11-13 23:48 --------- d-----w c:\program files\Common Files\Real2008-11-13 23:46 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint2008-11-13 23:34 --------- d--h--w c:\program files\InstallShield Installation Information2008-11-06 00:37 --------- d-----w c:\documents and settings\All Users\Application Data\MumboJumbo2008-10-28 21:34 --------- d-----w c:\program files\Between the Worlds2008-10-27 22:11 164 -c--a-w C:\install.dat2008-10-27 02:31 --------- d-----w c:\program files\Hidden Expedition Titanic2008-10-26 22:18 --------- d-----w c:\program files\Norton Security Scan2008-10-26 22:18 --------- d-----w c:\program files\Common Files\Symantec Shared2008-10-26 15:56 --------- d-----w c:\program files\MSN Messenger2008-10-24 22:23 --------- d-----w c:\documents and settings\All Users\Application Data\Flood Light Games2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys2008-10-23 22:55 --------- d-----w c:\program files\Snoodoku2008-10-23 20:29 --------- d-----w c:\program files\WOMGames2008-10-22 19:21 --------- d-----w c:\program files\Lavasoft2008-10-22 19:21 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft2008-10-22 19:20 --------- d-----w c:\program files\Common Files\Wise Installation Wizard2008-10-22 18:54 --------- d-----w c:\program files\Advanced Registry Optimizer2008-10-22 18:31 --------- d-----w c:\program files\AskBarDis2008-10-22 18:31 --------- d-----w c:\documents and settings\LINDA SONDERMANN\Application Data\Sammsoft2008-10-21 21:02 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2008-10-21 19:45 61,224 ----a-w c:\documents and settings\LINDA SONDERMANN\GoToAssistDownloadHelper.exe2008-10-21 17:46 --------- d-----w c:\program files\Spybot - Search & Destroy2008-10-18 00:18 --------- d-----w c:\documents and settings\All Users\Application Data\PC Tools2008-10-17 23:03 --------- d-----w c:\program files\Spyware Doctor(2)2008-10-14 23:46 --------- d-----w c:\program files\Mystery Case Files - Ravenhearst2008-10-11 22:16 --------- d-----w c:\program files\Hidden Expedition - Everest2008-10-11 18:40 --------- d-----w c:\program files\Activision Value2008-03-08 14:33 0 ----a-w c:\program files\temp012007-03-26 12:02 630,784 ----a-w c:\documents and settings\LINDA SONDERMANN\GoToAssist_chat2way__317_en.exe2006-12-11 00:24 557,056 ----a-w c:\documents and settings\LINDA SONDERMANN\GoToAssist_phone__317_en.exe2006-06-25 16:24 774,144 ----a-w c:\program files\RngInterstitial.dll2006-02-27 23:02 251 ----a-w c:\program files\wt3d.ini2006-02-26 00:48 557,056 ----a-w c:\documents and settings\LINDA SONDERMANN\chatlnk.exe2006-05-12 13:36 56 --sh--r c:\windows\system32\4BC3057C5F.sys2006-05-12 13:36 3,558 --sha-w c:\windows\system32\KGyGaAvL.sys.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]"Google Update"="c:\documents and settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-16 133104]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-15 98304]"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]"Disc Detector"="c:\program files\Creative\ShareDLL\CtNotify.exe" [2001-04-02 191488]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]"eBayToolbar"="c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2008-08-06 652528]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 842584]"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-08-23 196608]"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032]"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 270336]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-12 185872]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-12-31 219136]c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-02-25 113664]Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\PMremind.exe [2006-11-06 323584]HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-12-23 57344]Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-09-10 525664][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"vidc.iv41"= ir41_32.dll[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\America Online 9.0\\waol.exe"="c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="c:\\Program Files\\Real\\RealPlayer\\realplay.exe"="c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"="c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"="c:\\Program Files\\Cartoon Network\\Ben 10 Bounty Hunters\\RT_Multiplayer.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\MSN Messenger\\msnmsgr.exe"="c:\\Program Files\\MSN Messenger\\livecall.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2008-01-11 18864]S3 PD016BLK;Creative PC-CAM 300 (Still Image);c:\windows\system32\DRIVERS\PD016blk.sys [2006-02-22 28665]S3 PD016VID;Creative PC-CAM 300 (Video);c:\windows\system32\DRIVERS\PD016vid.sys [2006-02-22 433152]S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-06-03 24652]*Newly Created Service* - CATCHME*Newly Created Service* - PROCEXP90.Contents of the 'Scheduled Tasks' folder2008-12-01 c:\windows\Tasks\GoogleUpdateTaskUser.job- c:\documents and settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-16 16:46]2007-02-05 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job- c:\program files\Microsoft IntelliPoint\ipoint.exe [2006-11-21 17:09].- - - - ORPHANS REMOVED - - - -Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file).------- Supplementary Scan -------.mStart Page = hxxp://www.dell.comuInternet Connection Wizard,ShellNext = iexploreIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.htmlc:\windows\Downloaded Program Files\CONFLICT.46\stg_drm.ocx - c:\windows\Downloaded Program Files\CONFLICT.47\stg_drm.ocxO16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9}file://c:\program files\Mortimer Beckett and the Time Paradox\Images\stg_drm.ocxc:\windows\Downloaded Program Files\CONFLICT.3\armhelper.ocx - c:\windows\Downloaded Program Files\CONFLICT.4\armhelper.ocxc:\windows\Downloaded Program Files\CONFLICT.5\armhelper.ocxc:\windows\Downloaded Program Files\CONFLICT.6\armhelper.ocxc:\windows\Downloaded Program Files\CONFLICT.7\armhelper.ocxO16 -: {CC450D71-CC90-424C-8638-1F2DBAC87A54}file://c:\program files\Mortimer Beckett and the Time Paradox\Images\armhelper.ocx.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-12-01 19:44:09Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ...HKLM\Software\Microsoft\Windows\CurrentVersion\Run Disc Detector = c:\program files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????Disc Detector?B???A???????A?? ????B???@?$?@?? C?????U?@?????????@?B???A???????A?? ????B???@?????P???$?@?P ??????~?B~??????????@?a?????????????????B?????? ???????????????????p????????B scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-12-01 19:47:43ComboFix-quarantined-files.txt 2008-12-02 00:47:10Pre-Run: 45,164,515,328 bytes freePost-Run: 45,674,184,704 bytes freeWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect471 --- E O F --- 2008-11-27 03:40:34Thanks, again, Ryan! Link to post Share on other sites
rmurphy Posted December 3, 2008 Report Share Posted December 3, 2008 hmm... I can't see anything that you would causing your issue.Please update and perform another full scan with MBAM, and then post the log.-Ryan Link to post Share on other sites
[email protected] Posted December 3, 2008 Author Report Share Posted December 3, 2008 Malwarebytes' Anti-Malware 1.30Database version: 1427Windows 5.1.2600 Service Pack 312/3/2008 1:45:05 PMmbam-log-2008-12-03 (13-45-05).txtScan type: Full Scan (C:\|)Objects scanned: 252658Time elapsed: 3 hour(s), 48 minute(s), 53 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)This is really irritating. If I use the eBay search engine, I get about 4 seconds before the page flips over. If I use Google or one of the others, I get a few minutes, but I always lose the page, sooner or later. It's really cutting into my holiday shopping, not to mention, my eBay sales ... Link to post Share on other sites
[email protected] Posted December 3, 2008 Author Report Share Posted December 3, 2008 Actually, Ryan, I go to a Dell page with a Google search field that says, Sorry, we couldn't find http://ad.yieldmanager.com/st%3Fad_type. Here are some related websites: Does that change anything? I'm being hijacked, but by whom?Linda Link to post Share on other sites
rmurphy Posted December 5, 2008 Report Share Posted December 5, 2008 Sorry for the delay, I wanted to get a second opinion because I couldn't find anything malicious.Open HiJack This and scan. When it finishes, put an X in the box next to these following item(s)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dllO2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllClose all open windows except for HiJack This and click fix checked.Reboot your computer.Please rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. -Ryan Link to post Share on other sites
[email protected] Posted December 5, 2008 Author Report Share Posted December 5, 2008 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:09:46 PM, on 12/5/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\WINDOWS\system32\CTSVCCDA.EXEC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\eHome\ehmsas.exeC:\Program Files\Apoint\Apoint.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Apoint\HidFind.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\Creative\ShareDLL\CtNotify.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exeC:\Program Files\Creative\ShareDLL\MediaDet.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\Dell AIO Printer A920\dlbkbmgr.exeC:\Program Files\Dell AIO Printer A920\dlbkbmon.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Documents and Settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exeC:\Program Files\HP\Digital Imaging\bin\hpqgalry.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\WINDOWS\system32\msiexec.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dllO3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dllO3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dllO4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe"O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe"O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exeO4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exeO4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe"O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUPO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKCU\..\Run: [spybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exeO4 - Global Startup: LUMIX Simple Viewer.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Bejeweled Twist\Images\stg_drm.ocxO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194798768671O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cabO16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Mortimer Beckett and the Time Paradox\Images\armhelper.ocxO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXEO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exeO23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exeO24 - Desktop Component 0: (no name) - http://www.knitpicks.com/images/structure/...MP3download.gif--End of file - 11442 bytes Link to post Share on other sites
[email protected] Posted December 5, 2008 Author Report Share Posted December 5, 2008 Ryan ... I think it might be GONE! Dare I say it? You mean to tell me that it was a Google toolbar or a Yahoo tool bar that brought this hideous thing in? I always heard that downloading toolbars was trouble.At the risk of jumping in too soon, THANK YOU!!!!(Fingers crossed) I hope this is it! You were magnificent! Patient, quick to respond, and thorough! I will tell everyone I know! Linda Link to post Share on other sites
rmurphy Posted December 10, 2008 Report Share Posted December 10, 2008 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. Link to post Share on other sites
Recommended Posts