Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Beck

Pages: [1]
1
Tech Clinic / VIRUS???
« on: September 13, 2006, 09:20:57 PM »
Okay--I removed Trend Micro completely, and made sure my XP firewall was turned on.  I surfed around a bit.  Just when I think things are running quicker, it really bogs down and takes forever to load a page.  My connection speed is varying widely tonight.  I have no idea why that happens.  I'm sitting in the same place that I usually do when using the laptop.  Sometimes it runs around 48 Mbsp, most often in the 20-30 Mbsp range, but tonight it's currently running at 5.5 Mbsp.  My direct connect on my desktop model always runs at 100 Mbps.  

I'm posting a fresh HijackThis log.  What next?   http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' />

Logfile of HijackThis v1.99.1
Scan saved at 8:52:08 PM, on 9/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gtec.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.siue.edu/~reburns"); (C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7160FB1B-3DE0-4C42-81F0-41B4269990B0} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v12/ticker.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

2
Tech Clinic / VIRUS???
« on: September 11, 2006, 07:18:47 PM »
I'm posting my SmitFraudFix log below.  What next?  Oh--none of my anti-virus programs picked up on SmitFraudFix running . . .

Beck http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/cool.gif\' class=\'bbc_emoticon\' alt=\'B)\' />

SmitFraudFix v2.87

Scan done at 19:07:19.06, Mon 09/11/2006
Run from C:\Documents and Settings\Becky\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Becky\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Becky\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

3
Tech Clinic / VIRUS???
« on: September 10, 2006, 05:19:51 PM »
I was able to disable Ewido, but "Stop" wasn't an available option (the button remained pale grey).

I surfed around a bit, and it seems like it might be a tiny bit faster.

I'm not just having problems with IE, though.  Today (and sporadic times in the past), Word, Excel, and Outlook freeze up, and I get the message that the program is not responding (Word and Excel did this today).

I am using a wireless connection, and I haven't tried to connect directly.  Now that I think about it, I think most of the problems began when I installed Trend Micro.  I upgraded my IE from 6 to 7 because I was having problems with it and thought a newer version would solve them--it hasn't.

Any more suggestions?

Beck http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wacko.gif\' class=\'bbc_emoticon\' alt=\':wacko:\' />

4
Tech Clinic / VIRUS???
« on: September 10, 2006, 12:35:58 PM »
The download worked this time.  Here's the log:

Beck

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-09-10 12:08:36
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT      \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys                ZwOpenProcess

SSDT      \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys                ZwTerminateProcess

---- Devices - GMER 1.0.10 ----

Device   \FileSystem\Fastfat \Fat IRP_MJ_CREATE                                                               A89BCC8A

Device   \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_DEVICE_CONTROL    [AA1FF701]
                                                                                                                                    tfsnifs.sys

Device   \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_DEVICE_CONTROL      [AA1FF701]
                                                                                                                                    tfsnifs.sys

Device   \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_DEVICE_CONTROL              [AA1FF701]
                                                                                                                                     tfsnifs.sys

Device   \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_DEVICE_CONTROL          [AA1FF701]
                                                                                                                                    tfsnifs.sys

Device   \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_DEVICE_CONTROL        [AA1FF701]
                                                                                                                                    tfsnifs.sys

Device   \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL                                                 [AA1FF89D]
                                                                                                                                    tfsnifs.sys

---- Files - GMER 1.0.10 ----

File       C:\System Volume Information\MountPointManagerRemoteDatabase                
File       C:\System Volume Information\tracking.log                                    
File       C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}  

---- EOF - GMER 1.0.10 ----

5
Tech Clinic / VIRUS???
« on: September 09, 2006, 10:54:47 PM »
I was finally able to save that zip file to my desktop, but every time I try to unzip it, I get an error message that says: "No files to extract."    What now?

Beck

6
Tech Clinic / VIRUS???
« on: September 08, 2006, 08:35:30 PM »
questolo,

I don't know what the heck to think about my computer now or what to do.  Tonight it's running slower than ever.  I have tried and tried to download (save) the GMER file, but I can't get it done.  I've let IE run for over an hour, and it only manages to download 6%--Netscape downloads nothing.  My DSL connection speed is fluctuating (anywhere from 11 Mbps to 36 Mbps).  I went ahead and ran another Hijackthis log for you, and I'll post it below.  Do you have any suggestions???

Beck

Logfile of HijackThis v1.99.1
Scan saved at 8:28:50 PM, on 9/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\EXPLORER.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRAM FILES\DELL SUPPORT\DSAGNT.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gtec.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.siue.edu/~reburns"); (C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\prefs.js)
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7160FB1B-3DE0-4C42-81F0-41B4269990B0} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v12/ticker.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

7
Tech Clinic / VIRUS???
« on: September 07, 2006, 07:40:50 PM »
Well, I'm still having trouble.  I upgraded IE, and that didn't help.  I used Navigator for a while, and it's basically as slow as IE.

I had the mystery file scanned (I didn't have a version tab).  Here are the results of the scan:


Results from the virus scan of uploaded sample
Return to the Virus.Org Scanning Service

The following represents the test results from the virus scanners used by the Virus.Org scanning service when it performed the scan on the file 'D7D10B508E.sys'.   
   
   
   
File:   D7D10B508E.sys
SHA-1 Digest:   0aa74639bbfb0ace692a13191e559699b1854eee
Packers:   Unknown
Status:   Potentially Clean
   
   
   
Scanner   Scanner Version   Result   Scan Time
ArcaVir   1.0.3   Clean   0.784439 secs
avast!   2.0.0   Clean   0.00730085 secs
AVG Anti Virus   7.1.30   Clean   1.38923 secs
Avira Desktop   1.1.6-32   Clean   3.25781 secs
BitDefender   7.1   Clean   4.07102 secs
ClamAV   0.88/1815   Clean   0.00353694 secs
Dr. Web   4.33.0   Clean   5.65655 secs
F-PROT   4.6.5   Clean   0.424863 secs
H+BEDV AntiVir   NULL   Clean   3.54855 secs
Ikarus PSCAN   2.32   Clean   8.57994 secs
NOD32   2.51.1   Clean   2.07967 secs
Norman Virus Control   5.70.01   Clean   4.15496 secs
Sophos Sweep   4.05.0   Clean   2.72894 secs
VBA32   3.11.1   Clean   1.93916 secs
VirusBuster 2005   1.2.4   Clean   1.25759 secs
   
Any other suggestions?

Beck

8
Tech Clinic / VIRUS???
« on: September 04, 2006, 10:58:51 PM »
I downloaded ATF-Cleaner and did everything you said.  Here are the new logs that you requested.

Thanks,
Becky

Logfile of HijackThis v1.99.1
Scan saved at 10:48:34 PM, on 9/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gtec.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.siue.edu/~reburns"); (C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\prefs.js)
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7160FB1B-3DE0-4C42-81F0-41B4269990B0} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v12/ticker.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--------------------------------------------------------------------------------------------------------------------------

Becky - 06-09-04 22:50:19.26
ComboFix 06.08.30BT - Running from: C:\Documents and Settings\Becky\Desktop

(((((((((((((((((((((((((((((((   Files Created from 2006-08-04 to 2006-09-04  ))))))))))))))))))))))))))))))))))
 

No new files created in this timespan
 

((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-04 14:12   --------   d--------   C:\Program Files\ewido anti-spyware 4.0
2006-08-28 20:47   --------   d--------   C:\Program Files\Java
2006-08-28 20:45   --------   d--------   C:\Program Files\Common Files\Java
2006-08-28 20:45   --------   d--------   C:\Program Files\Common Files
2006-08-18 17:34   22284   --a------   C:\Documents and Settings\Becky\Application Data\Comma Separated Values (Windows).ADR
2006-08-18 17:23   38465   --a------   C:\Documents and Settings\Becky\Application Data\Comma Separated Values (DOS).ADR
2006-08-16 17:20   31248   --a------   C:\WINDOWS\system32\drivers\tmpreflt.sys
2006-08-16 17:20   197648   --a------   C:\WINDOWS\system32\drivers\tmxpflt.sys
2006-08-16 16:51   1051456   --a------   C:\WINDOWS\system32\drivers\VsapiNT.sys
2006-07-27 08:24   679424   --a------   C:\WINDOWS\system32\inetcomm.dll
2006-07-21 03:24   72704   --a------   C:\WINDOWS\system32\hlink.dll
2006-07-14 23:19   --------   d--------   C:\Program Files\Yahoo! Games
2006-07-09 20:20   --------   d--------   C:\Program Files\Internet Explorer
2006-07-02 19:24   3619   --a------   C:\Documents and Settings\Becky\Application Data\AdobeDLM.log
2006-07-02 19:24   0   --a------   C:\Documents and Settings\Becky\Application Data\dm.ini
2006-06-25 19:33   56   -r-hs----   C:\WINDOWS\system32\D7D10B508E.sys
2006-06-25 19:33   3766   --ahs----   C:\WINDOWS\system32\KGyGaAvL.sys
2006-06-23 09:28   5512704   ---------   C:\WINDOWS\system32\ieframe.dll
2006-06-23 09:28   47616   ---------   C:\WINDOWS\system32\msfeedsbs.dll
2006-06-23 09:28   454144   ---------   C:\WINDOWS\system32\msfeeds.dll
2006-06-23 09:28   413696   --a------   C:\WINDOWS\system32\vbscript.dll
2006-06-23 09:28   223744   --a------   C:\WINDOWS\system32\webcheck.dll
2006-06-23 09:28   179200   ---------   C:\WINDOWS\system32\ieui.dll
2006-06-23 09:28   155648   --a------   C:\WINDOWS\system32\msls31.dll
2006-06-23 05:41   172544   ---------   C:\WINDOWS\system32\WinFXDocObj.exe
2006-06-23 05:40   78848   --a------   C:\WINDOWS\system32\ieencode.dll
2006-06-23 05:40   40960   --a------   C:\WINDOWS\system32\url.dll
2006-06-23 05:39   99328   --a------   C:\WINDOWS\system32\occache.dll
2006-06-23 05:39   39424   --a------   C:\WINDOWS\system32\licmgr10.dll
2006-06-23 05:37   14336   --a------   C:\WINDOWS\system32\corpol.dll
2006-06-23 05:34   81920   --a------   C:\WINDOWS\system32\admparse.dll
2006-06-23 05:34   50688   --a------   C:\WINDOWS\system32\ie4uinit.exe
2006-06-23 05:34   372736   --a------   C:\WINDOWS\system32\iedkcs32.dll
2006-06-23 05:34   228864   --a------   C:\WINDOWS\system32\ieaksie.dll
2006-06-23 05:34   167936   --a------   C:\WINDOWS\system32\ieakeng.dll
2006-06-23 05:33   54272   --a------   C:\WINDOWS\system32\iesetup.dll
2006-06-23 05:33   41984   --a------   C:\WINDOWS\system32\iernonce.dll
2006-06-23 05:33   121856   --a------   C:\WINDOWS\system32\advpack.dll
2006-06-23 05:30   11776   ---------   C:\WINDOWS\system32\msfeedssync.exe
2006-06-23 05:29   55296   ---------   C:\WINDOWS\system32\icardie.dll
2006-06-23 05:29   35328   --a------   C:\WINDOWS\system32\imgutil.dll
2006-06-23 05:27   251392   ---------   C:\WINDOWS\system32\iertutil.dll
2006-06-23 05:26   45568   --a------   C:\WINDOWS\system32\mshta.exe
2006-06-23 04:46   377856   ---------   C:\WINDOWS\system32\ieapfltr.dll
2006-06-23 04:45   48640   --a------   C:\WINDOWS\system32\mshtmler.dll
2006-06-23 04:41   172032   --a------   C:\WINDOWS\system32\ieakui.dll
2006-06-19 15:18   23552   ---------   C:\WINDOWS\system32\idndl.dll
2006-06-19 15:18   22752   --a------   C:\WINDOWS\system32\spupdsvc.exe
2006-06-19 15:18   20480   ---------   C:\WINDOWS\system32\normaliz.dll
 

((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2006\\pccguide.exe\""
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PRONoMgrWired"="C:\\Program Files\\Intel\\PROSetWired\\NCS\\PROSet\\PRONoMgr.exe"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~3\\mimboot.exe"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"Dell Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY"
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mozilla Quick Launch"="\"C:\\Program Files\\Netscape\\Netscape\\Netscp.exe\" -turbo"
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
  00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
  00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
 
 
 
Completion time: Mon 09/04/2006 22:50:57.60
ComboFix Log.txt
ComboFix.txt
ComboFix2.txt

9
Tech Clinic / VIRUS???
« on: September 04, 2006, 06:42:22 PM »
Okay . . . the boxes under my LAN settings were already unchecked, so I went into msconfig and made the changes that you suggested.  I logged into Blackboard (I teach English comp and use Blackboard in all of my classes).  At first, I was able to navigate around quicker, but after a while, pages began opening up much slower again.  Could all of this slowness be connected to my crummy Celeron M processor?  Should I go back into msconfig and return to the normal setup, yet?  What's strange is, I can press "enter" and wait minutes for a page to load, but if I reload the page 2x, it typically will load right away then.

Beck http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' />

10
Tech Clinic / VIRUS???
« on: September 04, 2006, 12:20:58 AM »
guestolo:

Yesterday morning I posted the Dr. Web log that you wanted (please see previous post).  Tonight I took at look at the processes (in Task Manager), because I could bake a cake while waiting for a page to load . . . I'm pasting in all of the processes that are running on my computer (see below).  Is it normal for this many to be running at one time when I only have one program going (that I am aware of)?

svchost.exe   SYSTEM                00      656 K
taskmgr.exe   Becky                00   4,952 K
TmPfw.exe                   SYSTEM                00   2,052 K
wdfmgr.exe   LOCAL SERVICE       00      128 K
mim.exe                   Becky                00   1,540 K
MMDiag.exe   Becky                00      242 K
wmiprvse.exe   SYSTEM                00      424 K
Netscp.exe                   Becky                00   1,028 K
LEXPPS.EXE                   SYSTEM                00      396 K
Spoolsv.exe   SYSTEM                00   2,328 K
LESBCES.EXE   SYSTEM                00        64 K
BCMWLTRY.EXE   SYSTEM                00   2,096 K
WLTRYSVC.EXE   SYSTEM                00        64 K
ctfmon.exe                   Becky                00   1,728 K
PcCtlCom.exe   SYSTEM                00   1,216 K
DSAgnt.exe   Becky                00      532 K
ewido.exe                   Becky                00   1,856 K
DLG.exe                   Becky                00      344 K
jusched.exe   Becky                00        64 K
svchost.exe   LOCAL SERVICE       00      928 K
apdproxy.exe   Becky                00   1,128 K
svchost.exe   NETWORK SERVICE  00      868 K
svchost.exe   SYSTEM                00   8,692 K
svchost.exe   NETWORK SERVICE  00   1,580 K
igfxsrvc.exe   Becky                00      112 K
svchost.exe   SYSTEM                00   1,732 K
NicConfigSvc.exe   SYSTEM                00      416 K
MediaDetect.exe   Becky                00      500 K
lsass.exe                   SYSTEM                00   1,132 K
services.exe   SYSTEM                00   1,604 K
winlogon.exe   SYSTEM                00   1,272 K
csrss.exe                   SYSTEM                00   1,364 K
igfxpers.exe   Becky                00      984 K
hkcmd.exe                   Becky                     00   1,152 K
smss.exe                   SYSTEM                00        60 K
pccguide.exe   Becky                00   3,684 K
issch.exe                   Becky                       00      296 K
tfswctrl.exe                   Becky                00   1,228 K
realplay.exe   Becky                00   2,200 K
DVDLauncher.exe   Becky                00      456 K
guard.exe                   SYSTEM                00   7,196 K
WLTRAY.EXE   Becky                00   1,068 K
quickset.exe   Becky                00      528 K
PRONoMgr.exe   Becky                00      280 K
SynTPEnh.exe   Becky                00   1,372 K
tmproxy.exe   SYSTEM                00                 12,640 K
Tmntsrv.exe   SYSTEM                00      656 K
explorer.exe   Becky                02   8,428 K
System                   SYSTEM                00        40 K
System Idle Process   SYSTEM                98        28 K



Beck

[attachment=1314:attachment]guestolo:

Yesterday morning I posted the Dr. Web log that you wanted (please see previous post).  Tonight I took at look at the processes (in Task Manager), because I could bake a cake while waiting for a page to load . . . I'm attaching a copy of all of the processes that are running on my computer.  Is it normal for this many to be running at one time when I only have one program going (that I am aware of)?

Beck

11
Tech Clinic / VIRUS???
« on: September 02, 2006, 10:25:15 AM »
guestolo,

Here's the Dr. Web log that you requested:

Silent Runners.vbs;C:\Documents and Settings\Becky\Desktop;Probably BATCH.Virus;;
A0012936.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP113;Trojan.Virtumod;Deleted.;
A0012937.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP113;Trojan.Virtumod;Deleted.;
A0013094.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115;Trojan.MulDrop.3406;Deleted.;
A0013095.ocx;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115;Adware.Coupons;;


Why doesn't my PC-cillin pick up on these things?  Have I completely wasted my $ on it?   http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />

Becky

12
Tech Clinic / VIRUS???
« on: September 01, 2006, 07:59:20 PM »
questolo,

Here are the two logs that you asked for.  Sorry it took me so long to get them to you--my browser (IE) kept freezing.  Actually, this is the 2nd time I'm trying to post.  The first time I clicked "Add Reply" IE went blank and came back with the page cannot be found message . . . and my post was gone.  Hopefully it will work this time.

Thanks a bunch!
Beck  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

----------------------------------------------------------------------------------------------------------------------

Becky - 06-09-01 19:26:14.54
ComboFix 06.08.30BT - Running from: C:\Documents and Settings\Becky\Desktop

(((((((((((((((((((((((((((((((   Files Created from 2006-08-01 to 2006-09-01  ))))))))))))))))))))))))))))))))))
 

2006-08-26   22:13   4   --ah-----   C:\WINDOWS\uccspecb.sys
 

((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-01 18:38   --------   d--------   C:\Program Files\ewido anti-spyware 4.0
2006-08-28 20:47   --------   d--------   C:\Program Files\Java
2006-08-28 20:45   --------   d--------   C:\Program Files\Common Files\Java
2006-08-28 20:45   --------   d--------   C:\Program Files\Common Files
2006-08-18 17:34   22284   --a------   C:\Documents and Settings\Becky\Application Data\Comma Separated Values (Windows).ADR
2006-08-18 17:23   38465   --a------   C:\Documents and Settings\Becky\Application Data\Comma Separated Values (DOS).ADR
2006-08-16 17:20   31248   --a------   C:\WINDOWS\system32\drivers\tmpreflt.sys
2006-08-16 17:20   197648   --a------   C:\WINDOWS\system32\drivers\tmxpflt.sys
2006-08-16 16:51   1051456   --a------   C:\WINDOWS\system32\drivers\VsapiNT.sys
2006-07-27 08:24   679424   --a------   C:\WINDOWS\system32\inetcomm.dll
2006-07-21 03:24   72704   --a------   C:\WINDOWS\system32\hlink.dll
2006-07-14 23:19   --------   d--------   C:\Program Files\Yahoo! Games
2006-07-09 20:20   --------   d--------   C:\Program Files\Internet Explorer
2006-07-03 19:25   --------   d--------   C:\Program Files\DBCBT
2006-07-02 19:24   3619   --a------   C:\Documents and Settings\Becky\Application Data\AdobeDLM.log
2006-07-02 19:24   0   --a------   C:\Documents and Settings\Becky\Application Data\dm.ini
2006-07-02 19:24   --------   d--------   C:\Program Files\Adobe
2006-07-02 18:45   --------   d--------   C:\Documents and Settings\Becky\Application Data\AdobeAUM
2006-07-02 18:45   --------   d--------   C:\Documents and Settings\Becky\Application Data\Adobe
2006-07-02 18:42   --------   d--------   C:\Program Files\Yahoo!
2006-07-02 17:19   --------   d--------   C:\Program Files\Common Files\Adobe
2006-06-25 19:33   56   -r-hs----   C:\WINDOWS\system32\D7D10B508E.sys
2006-06-25 19:33   3766   --ahs----   C:\WINDOWS\system32\KGyGaAvL.sys
2006-06-23 09:28   5512704   ---------   C:\WINDOWS\system32\ieframe.dll
2006-06-23 09:28   47616   ---------   C:\WINDOWS\system32\msfeedsbs.dll
2006-06-23 09:28   454144   ---------   C:\WINDOWS\system32\msfeeds.dll
2006-06-23 09:28   413696   --a------   C:\WINDOWS\system32\vbscript.dll
2006-06-23 09:28   223744   --a------   C:\WINDOWS\system32\webcheck.dll
2006-06-23 09:28   179200   ---------   C:\WINDOWS\system32\ieui.dll
2006-06-23 09:28   155648   --a------   C:\WINDOWS\system32\msls31.dll
2006-06-23 05:41   172544   ---------   C:\WINDOWS\system32\WinFXDocObj.exe
2006-06-23 05:40   78848   --a------   C:\WINDOWS\system32\ieencode.dll
2006-06-23 05:40   40960   --a------   C:\WINDOWS\system32\url.dll
2006-06-23 05:39   99328   --a------   C:\WINDOWS\system32\occache.dll
2006-06-23 05:39   39424   --a------   C:\WINDOWS\system32\licmgr10.dll
2006-06-23 05:37   14336   --a------   C:\WINDOWS\system32\corpol.dll
2006-06-23 05:34   81920   --a------   C:\WINDOWS\system32\admparse.dll
2006-06-23 05:34   50688   --a------   C:\WINDOWS\system32\ie4uinit.exe
2006-06-23 05:34   372736   --a------   C:\WINDOWS\system32\iedkcs32.dll
2006-06-23 05:34   228864   --a------   C:\WINDOWS\system32\ieaksie.dll
2006-06-23 05:34   167936   --a------   C:\WINDOWS\system32\ieakeng.dll
2006-06-23 05:33   54272   --a------   C:\WINDOWS\system32\iesetup.dll
2006-06-23 05:33   41984   --a------   C:\WINDOWS\system32\iernonce.dll
2006-06-23 05:33   121856   --a------   C:\WINDOWS\system32\advpack.dll
2006-06-23 05:30   11776   ---------   C:\WINDOWS\system32\msfeedssync.exe
2006-06-23 05:29   55296   ---------   C:\WINDOWS\system32\icardie.dll
2006-06-23 05:29   35328   --a------   C:\WINDOWS\system32\imgutil.dll
2006-06-23 05:27   251392   ---------   C:\WINDOWS\system32\iertutil.dll
2006-06-23 05:26   45568   --a------   C:\WINDOWS\system32\mshta.exe
2006-06-23 04:46   377856   ---------   C:\WINDOWS\system32\ieapfltr.dll
2006-06-23 04:45   48640   --a------   C:\WINDOWS\system32\mshtmler.dll
2006-06-23 04:41   172032   --a------   C:\WINDOWS\system32\ieakui.dll
2006-06-19 15:18   23552   ---------   C:\WINDOWS\system32\idndl.dll
2006-06-19 15:18   22752   --a------   C:\WINDOWS\system32\spupdsvc.exe
2006-06-19 15:18   20480   ---------   C:\WINDOWS\system32\normaliz.dll
 

((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"PRONoMgrWired"="C:\\Program Files\\Intel\\PROSetWired\\NCS\\PROSet\\PRONoMgr.exe"
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"Dell Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~3\\mimboot.exe"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2006\\pccguide.exe\""
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Mozilla Quick Launch"="\"C:\\Program Files\\Netscape\\Netscape\\Netscp.exe\" -turbo"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
  00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
  00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
 
 
 
 
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
 
backup-20060831-110947-552
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...als/Coupons.cab
backup-20060830-232750-971
O2 - BHO: DosSpecFolder Object - {3E1BEA96-02D9-4992-B508-9B51819D9D86} - C:\WINDOWS\system32\sstqn.dll (file missing)
 
Completion time: Fri 09/01/2006 19:27:03.93
ComboFix.txt
-------------------------------------------------------------------------------------------------------------------------

"Silent Runners.vbs", revision 47, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"DellSupport" = ""C:\Program Files\Dell Support\DSAgnt.exe" /startup" ["Gteko Ltd."]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Mozilla Quick Launch" = ""C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo" ["Mozilla, Netscape"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"PRONoMgrWired" = "C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" ["Intel® Corporation"]
"Dell QuickSet" = "C:\Program Files\Dell\QuickSet\quickset.exe" [empty string]
"Dell Wireless Manager UI" = "C:\WINDOWS\system32\WLTRAY" ["Dell Inc"]
"DVDLauncher" = ""C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"" ["CyberLink Corp."]
"RealTray" = "C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER" ["RealNetworks, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"dla" = "C:\WINDOWS\system32\dla\tfswctrl.exe" ["Sonic Solutions"]
"ISUSPM Startup" = ""C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup" ["InstallShield Software Corporation"]
"ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"]
"MimBoot" = "C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" ["Musicmatch, Inc."]
"pccguide.exe" = ""C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"" ["Trend Micro Incorporated."]
"igfxtray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"igfxhkcmd" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"igfxpers" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]
"Corel Photo Downloader" = "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" ["Corel, Inc."]
"Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06647158-359E-4D10-A8DE-E6145DA90BE9}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Trend Micro Antifraud Toolbar"
                   \InProcServer32\(Default) = "C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll" ["Trend Micro Incorporated."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "DriveLetterAccess"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "SSVHelper Class"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
  -> {HKLM...CLSID} = "Display Panning CPL Extension"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
  -> {HKLM...CLSID} = "Portable Media Devices"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
  -> {HKLM...CLSID} = "Portable Media Devices Menu"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
  -> {HKLM...CLSID} = "DriveLetterAccess"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
  -> {HKLM...CLSID} = "Microsoft Office Outlook"
                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
  -> {HKLM...CLSID} = "Outlook File Icon Extension"
                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
  -> {HKLM...CLSID} = "Shell Search Band"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{48F45200-91E6-11CE-8A4F-0080C81A28D4}" = "TMD Shell Extension"
  -> {HKLM...CLSID} = "TMD Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Trend Micro\Internet Security 2006\Tmdshell.dll" ["Trend Micro Incorporated."]
"{771A9DA0-731A-11CE-993C-00AA004ADB6C}" = "VBPropSheet"
  -> {HKLM...CLSID} = "VBPropSheet"
                   \InProcServer32\(Default) = "C:\Program Files\Trend Micro\Internet Security 2006\VBProp.dll" ["Trend Micro Incorporated."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
                   \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "autocheck autochk * stera" [file not found], [MS], [file not found], [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
  -> {HKLM...CLSID} = "PDF Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
  -> {HKLM...CLSID} = "CContextScan Object"
                   \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
  -> {HKLM...CLSID} = "CContextScan Object"
                   \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Becky\My Documents\My Pictures\Maltese in custome.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\sstext3d.scr" [MS]


Startup items in "Becky" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Digital Line Detect" -> shortcut to: "C:\Program Files\Digital Line Detect\DLG.exe" ["BVRP Software"]
"dlbcserv" -> shortcut to: "C:\Program Files\Dell Photo Printer 720\dlbcserv.exe" [null data]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{871F91FD-3A92-4988-A842-16AB2CFF5AF1}"
  -> {HKLM...CLSID} = "Trend Micro Antifraud Toolbar"
                   \InProcServer32\(Default) = "C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll" ["Trend Micro Incorporated."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Real.com"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
  -> {HKCU...CLSID} = "Java Plug-in"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Dell Wireless WLAN Tray Service, wltrysvc, "C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe" [null data]
ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
NICCONFIGSVC, NICCONFIGSVC, "C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe" ["Dell Inc."]
Trend Micro Central Control Component, PcCtlCom, "C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe" ["Trend Micro Incorporated."]
Trend Micro Personal Firewall, TmPfw, "C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe" ["Trend Micro Inc."]
Trend Micro Proxy Service, tmproxy, "C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe" ["Trend Micro Inc."]
Trend Micro Real-time Service, Tmntsrv, "C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe" ["Trend Micro Incorporated."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Dell Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
ssgb6 Langmon\Driver = "ssgb6mon.dll" ["Samsung Electronics."]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
  use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 43 seconds, including 18 seconds for message boxes)

13
Tech Clinic / VIRUS???
« on: August 31, 2006, 11:32:25 AM »
guestolo,

I did the "Fix Check" thing to the two entries, rebooted, and ran a new Hijackthis log.  My computer is running e-x-t-r-e-m-e-l-y slow . . . It took about 7 min to reboot and 3.5 min to load my "VIRUS???" topic.  Here's the fresh hijackthis log that you asked for:

Logfile of HijackThis v1.99.1
Scan saved at 11:10:13 AM, on 8/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gtec.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.siue.edu/~reburns"); (C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\prefs.js)
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7160FB1B-3DE0-4C42-81F0-41B4269990B0} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v12/ticker.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

-----------------------------------------------------------------------------------------------------

Is there a way that I can eliminate all of the extra crap from running at startup?

Thanks a bunch!
Beck   http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\';)\' />

14
Tech Clinic / VIRUS???
« on: August 30, 2006, 04:05:57 PM »
Logfile of HijackThis v1.99.1
Scan saved at 4:04:18 PM, on 8/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRAM FILES\DELL SUPPORT\DSAGNT.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gtec.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.siue.edu/~reburns"); (C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\prefs.js)
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DosSpecFolder Object - {3E1BEA96-02D9-4992-B508-9B51819D9D86} - C:\WINDOWS\system32\sstqn.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7160FB1B-3DE0-4C42-81F0-41B4269990B0} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v12/ticker.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...als/Coupons.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

15
Tech Clinic / VIRUS???
« on: August 29, 2006, 08:20:35 AM »
Sorry . . .  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

 + Created at:   7:09:51 PM 8/28/2006

 + Scan result:   



C:\Documents and Settings\Becky\Local Settings\Temporary Internet Files\Content.IE5\Q3Z0I44X\Coupons[1].cab/cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
HKU\S-1-5-21-1740484225-2935656826-1141337983-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\asdf.exe -> Downloader.Small : Cleaned with backup (quarantined).
:mozilla.92:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.93:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.107:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.108:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.126:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.127:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.38:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.39:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.40:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.35:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.109:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.78:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.18:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.59:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.131:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.28:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.29:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.30:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.31:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.32:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.33:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.34:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.21:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.22:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.161:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.54:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.87:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.105:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.106:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.61:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.62:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.63:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.64:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.65:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.66:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.67:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.68:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.17:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.19:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.20:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.60:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Becky\Local Settings\Temp\NI.UWA6P_0001_N69M0303\setup.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).


::Report end

16
Tech Clinic / VIRUS???
« on: August 28, 2006, 08:57:38 PM »
I rescanned my computer using Ewido and remembered to hit Apply all actions.  I'll post the new report below.  I ran a new Vundofix scan, but it didn't find anything new, so I don't have a new report.  I also removed the two programs, as instructed, and installed the newest version of Java.  Thank you so much for all of your help!!!

Becky

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

 + Created at:   7:09:51 PM 8/28/2006

 + Scan result:   



C:\Documents and Settings\Becky\Local Settings\Temporary Internet Files\Content.IE5\Q3Z0I44X\Coupons[1].cab/cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
HKU\S-1-5-21-1740484225-2935656826-1141337983-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\asdf.exe -> Downloader.Small : Cleaned with backup (quarantined).
:mozilla.92:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.93:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.107:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.108:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.126:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.127:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.38:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.39:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.40:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.35:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.109:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.78:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.18:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.59:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.131:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.28:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.29:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.30:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.31:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.32:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.33:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.34:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.21:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.22:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.161:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.54:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.87:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.105:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.106:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.61:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.62:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.63:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.64:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.65:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.66:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.67:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.68:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.17:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.19:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.20:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Becky\Cookies\becky@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.60:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Becky\Local Settings\Temp\NI.UWA6P_0001_N69M0303\setup.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).


::Report end

-----------------------
What's next?  =)

17
Tech Clinic / VIRUS???
« on: August 27, 2006, 09:28:56 PM »
Okay, it took me FOREVER to download and run everything, but (shock, shock), both Vundofix and Ewido found plenty.  Thank you!!  Here are my logs:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

 + Created at:   9:00:50 PM 8/27/2006

 + Scan result:   



C:\Documents and Settings\Becky\Local Settings\Temporary Internet Files\Content.IE5\Q3Z0I44X\Coupons[1].cab/cpbrkpie.ocx -> Adware.Coupons : No action taken.
C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : No action taken.
HKU\S-1-5-21-1740484225-2935656826-1141337983-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : No action taken.
C:\asdf.exe -> Downloader.Small : No action taken.
:mozilla.92:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.93:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Becky\Cookies\becky@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.107:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.108:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Becky\Cookies\becky@adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Becky\Cookies\becky@adrevolver[3].txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.126:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.127:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.38:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.39:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.40:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.41:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.35:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Becky\Cookies\becky@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.109:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Bfast : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.78:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Coremetrics : No action taken.
:mozilla.18:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.59:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : No action taken.
:mozilla.131:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.28:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.29:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.30:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.31:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.32:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.33:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.34:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.21:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.22:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.161:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.54:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.87:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.105:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.106:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Becky\Cookies\becky@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.61:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.62:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.63:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.64:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.65:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.66:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.67:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.68:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.17:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.19:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.20:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Becky\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.60:C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\cookies.txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Becky\Local Settings\Temp\NI.UWA6P_0001_N69M0303\setup.exe -> Trojan.Fakealert : No action taken.


::Report end
-----------------------------------------------------------------------------------

VundoFix V6.1.2

Checking Java version...

Java version is 1.4.2.3

Scan started at 5:12:04 PM 8/27/2006

Listing files found while scanning....

C:\WINDOWS\system32\sstqn.dll
C:\WINDOWS\system32\nqtss.ini
C:\WINDOWS\system32\nqtss.bak1
C:\WINDOWS\system32\nqtss.bak2
C:\WINDOWS\system32\nqtss.ini2
C:\WINDOWS\system32\nqtss.tmp

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\sstqn.dll
C:\WINDOWS\system32\sstqn.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\nqtss.ini
C:\WINDOWS\system32\nqtss.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\nqtss.bak1
C:\WINDOWS\system32\nqtss.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\nqtss.bak2
C:\WINDOWS\system32\nqtss.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\nqtss.ini2
C:\WINDOWS\system32\nqtss.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\nqtss.tmp
C:\WINDOWS\system32\nqtss.tmp Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.2

Checking Java version...

Java version is 1.4.2.3

Scan started at 5:24:11 PM 8/27/2006

Listing files found while scanning....

C:\WINDOWS\system32\sstqn.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\sstqn.dll
C:\WINDOWS\system32\sstqn.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.2

Checking Java version...

Java version is 1.4.2.3

Scan started at 7:39:10 PM 8/27/2006

Listing files found while scanning....

No infected files were found.

------------------------------------------
What now?

18
Tech Clinic / VIRUS???
« on: August 27, 2006, 02:54:22 PM »
Logfile of HijackThis v1.99.1
Scan saved at 2:50:47 PM, on 8/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.Email Removed/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gtec.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.siue.edu/~reburns"); (C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Becky\Application Data\Mozilla\Profiles\default\loz3dh3l.slt\prefs.js)
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DosSpecFolder Object - {3E1BEA96-02D9-4992-B508-9B51819D9D86} - C:\WINDOWS\system32\sstqn.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7160FB1B-3DE0-4C42-81F0-41B4269990B0} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v12/ticker.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...als/Coupons.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: sstqn - C:\WINDOWS\system32\sstqn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Thank you!!!

19
Tech Clinic / VIRUS???
« on: August 27, 2006, 02:06:36 PM »
Please help!  I'm ready to smash my laptop against a brick wall . . . My computer keeps freezing up (Netscape, IE, Word, etc.).  I continually get messages that say the "program is not responding."  I have virus software: PC-cilin 2006, but I'm not sure it's very effective.  My virus log shows a virus: A0005851.dll that cannot be cleaned, and when I run a new virus scan, I get a message which says that I have PE_Generic.Z malware, but PC-cilin gives me no help with cleaning or removing it.  I'm desperate!!!

20
Tech Clinic / VIRUS???
« on: August 27, 2006, 01:54:33 PM »
Please help!  I'm ready to smash my laptop against a brick wall . . . My computer keeps freezing up (Netscape, IE, Word, etc.).  I continually get messages that say the "program is not responding."  I have virus software: PC-cilin 2006, but I'm not sure it's very effective.  My virus log shows a virus: A0005851.dll that cannot be cleaned, and when I run a new virus scan, I get a message which says that I have PE_Generic.Z malware, but PC-cilin gives me no help with cleaning or removing it.  I'm desperate!!!

Pages: [1]