Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I hate popups. Help please

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I hate popups. Help please

Unread postby ross_rachel4life » June 28th, 2007, 7:46 pm

Logfile of HijackThis v1.99.1
Scan saved at 1020 AM, on 6/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1139965892\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr. exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Documents and Settings\Christina\Application Data\tmp942.tmp.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common

files\aol\1139965892\ee\services\antiSpywareApp\ve r2_0_25_1\AOLSP

Scheduler.exe
c:\program files\common files\aol\1139965892\ee\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\YTBSDK.e xe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://dell.myway.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {016b8055-06aa-479f-8343-0c10a00ec104} -

C:\WINDOWS\system32\CICnt5.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} -

C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} -

C:\WINDOWS\system32\tmp13.tmp.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} -

c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} -

C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -

C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media

Experience\PCMService.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe"

/checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH

Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\program

files\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe
O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe

/embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common

Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common

Files\AOL\1139965892\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft

Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program

Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program

Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe

/autorun
O4 - HKLM\..\Run: [winehq.org] rundll32.exe "C:\WINDOWS\iifddd.dll",realset
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe

-quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe"

/startup
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager]

C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr. exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program

Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM

Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program

Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program

Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -

C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -

%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -

{85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file

missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) -

http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus

scanner) -

http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) -

http://aol.easports.com/downloads/ga...mmon/ieell.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active

Launcher) - http://install.wildtangent.com/Activ...veLauncher.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class)

- http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating

System Class) -

http://download.mcafee.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility

Class) -

http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) -

http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai.net/7/840/537/2...cro.com/housec

all/xscan53.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) -

http://imlive.com/chatsource/ImlCID98.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer

Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) -

http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -

http://download.mcafee.com/molbin/sh...19/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) -

http://game18.zylomgames.com/activex...amesplayer.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl

Object) - http://aolsvc.aol.com/onlinegames/di...h.1.0.0.72.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -

http://download.mcafee.com/molbin/is...35/mcfscan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -

http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O18 - Protocol hijack: mhtml -
O20 - Winlogon Notify: CICnt5 - C:\WINDOWS\SYSTEM32\CICnt5.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program

Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner -

C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file

missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision -

C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation

- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DomainService - - C:\Documents and

Settings\Christina\Application Data\tmp942.tmp.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program

Files\DellSupport\brkrsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program

Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation -

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks

Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) -

Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee

Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec

Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation -

C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -

Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton

AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec

Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program

Files\Viewpoint\Common\ViewpointService.exe
ross_rachel4life
Regular Member
 
Posts: 15
Joined: June 28th, 2007, 7:42 pm
Advertisement
Register to Remove

Unread postby SNOWHITE » June 28th, 2007, 8:53 pm

Hello ross_rachel4life,

My name is SNOWHITE and I will be helping you with your Malware problem.

Please follow the steps below exactly in the order they are written:

Step #1

1. Download combofix from one of these links:
Link1
Link2
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Step #2

Run HijackThis again and post the new log here, also please make sure before you copy the content of the report and paste it here, in Notepad click on Format and uncheck Word Wrap.

Please post back with new HijackThis log and the contents of combofix report.

Regards,
User avatar
SNOWHITE
Regular Member
 
Posts: 94
Joined: February 12th, 2007, 2:06 pm

Unread postby ross_rachel4life » June 29th, 2007, 3:13 pm

combofix:

"Christina" - 2007-06-29 13:10:08 - ComboFix 07-06-27.7 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\CHRIST~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\X2SWPBGR\www.broadcaster.com
C:\DOCUME~1\CHRIST~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\CHRIST~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\Joseph\APPLIC~1\Sskknwrd.dll
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\accessories\cup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\accessories\customer_cup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\accessories\heart.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\accessories\menu_down.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\accessories\menu_up.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\accessories\plates.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\accessories\ticket.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\accessories\tray.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\audio\sfx\sfx_diner.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\audio\sfx\sfx_rollover_1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\choosedifficulty.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\credits.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\flo_lose.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\flo_win.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\help1.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\help2.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\highscores.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\levelintro.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\levelintro_mask.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\levelover.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\levelover_mask.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\popup.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\popup_mask.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\upgradegrid.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\upgradetitle.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\upsell.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\arrowleft_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\arrowleft_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\arrowright_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\arrowright_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\back_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\back_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\backchalk.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\backchalkup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\backtomenu_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\backtomenu_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\cancel.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\cancelup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\career.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\career_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\close.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\closeup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\continue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\continueover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\credits_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\credits_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\download_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\download_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\easy.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\easy_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\endlessshift.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\endlessshift_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\hard.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\hard_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\help.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\help_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\highscores.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\highscores_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\instructions_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\instructions_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\letsplay.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\letsplayover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\medium.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\medium_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\moreinfo.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\moreinfoup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\off.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\off_on.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\on.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\on_on.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\pause.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\pauseover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\quit.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\quitgame.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\quitgameover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\quitover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\resumegame.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\resumegameover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\submit.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\submitup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\tryagain.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\tryagainover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\upgrade_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\upgrade_up.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\viewglobal.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\viewglobalup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\viewhighscore.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\viewhighscoreon.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\viewlocal.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\viewlocalup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\comics\webcomic.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\config\career.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\config\customer.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\config\endless.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\config\global.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\config\powerups.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\cook\cook.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\cook\cook.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\cook\stove.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\cursor\arrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\cursor\click.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\cursor\click2.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\cursor\grab.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\cursor\open.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\blue\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\blue\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\blue\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\green\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\green\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\green\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\purple\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\purple\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\purple\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\red\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\red\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\red\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\yellow\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\yellow\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\yellow\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\blue\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\blue\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\blue\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\green\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\green\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\green\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\purple\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\purple\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\purple\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\red\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\red\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\red\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\yellow\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\yellow\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\yellow\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\flo\idle.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\flo\idle.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\flo\lower.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\flo\lower.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\flo\upper.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\flo\upper.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\fonts\arial.mvec
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\fonts\komikaaxis.mvec
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\furniture\chair.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\furniture\chair.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\furniture\dirt2top.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\furniture\dirt4top.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\furniture\dishcart.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\furniture\dishcart.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\furniture\drinkstation_off.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\furniture\drinkstation_on1.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\furniture\drinkstation_on2.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\furniture\ticketstation.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\furniture\ticketstation.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\hiscore\arrowdown.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\hiscore\arrowdownon.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\hiscore\arrowleft.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\hiscore\arrowlefton.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\hiscore\arrowright.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\hiscore\arrowrighton.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\hiscore\arrowup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\hiscore\arrowupon.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\hiscore\p1icon.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\hiscore\textedit.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\hiscore\title.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\endless_1_1.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\endless_1_1_a.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\endless_1_1_b.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\endless_1_1_c.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\endless_1_2.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\endless_1_2_a.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\endless_1_2_b.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\endless_1_2_c.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\endless_1_2_d.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\endless_1_3.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\endless_1_3_a.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\endless_1_3_b.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\endless_1_3_c.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\endless_1_3_d.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\fifth_level_diner.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\first_level_diner.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\fourth_level_diner.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\second_level_diner.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\playfirst_logo.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\restaurants\diner\background.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\restaurants\diner\food\food1.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\restaurants\diner\food\food1.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\restaurants\diner\food\food2.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\restaurants\diner\food\food2.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\restaurants\diner\food\food3.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\restaurants\diner\food\food3.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\restaurants\diner\frames\upgrade_0001.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\restaurants\diner\tables\2top.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\restaurants\diner\tables\2top.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\restaurants\diner\tables\4top.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\restaurants\diner\tables\4top.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\restaurants\diner\upgrades.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\restaurants\tableshadow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\choosedifficulty.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\chooseplayer.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\chooserestaurant.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\credits.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\game.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\gothighscore.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\help.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\help2.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\hiscore.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\hiscoreinfo.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\hiscoresubmit.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\levelintro.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\levelover.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\loading.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\mainloop.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\mainmenu.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\ok.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\pause.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\style.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\tutorialintro.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\upgrade.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\upsell.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\webcomic.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\yesno.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\splash\aol_logo.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\splash\gamelabsplash.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\splash\playfirst_logo.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\strings.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\angersmoke.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\angersmoke.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\chairflags.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\chairflags.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\check.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\checkmark.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\clock.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\closed.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\closingtime.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\coinflip.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\coinflip.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\dollar.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\doodles\coffee.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\doodles\tables.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\doodles\wallpaper.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\expert.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\expertscore.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\foodpoof.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\foodpoof.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\fork_timer.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\goalcompleted.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\heartgrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\heartgrow.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\jar.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\jar.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\level.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\level_career.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\score.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\sound.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\staroff.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\staron.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\tablenumber.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\tablenumberup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\traynumber.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\tutorial_character.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\tutorialarrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\tutorialbox.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\upgradeanim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\upgradeanim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\upgrades\drinks.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\upgrades\maitred.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\upgrades\oven.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\upgrades\select.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\upgrades\shoes.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\upgrades\stereo.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\upgrades\table.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\dinerdash.exe
C:\WINDOWS\system32\drivers\uzcx.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-29 )))))))))))))))))))))))))))))))


2007-06-29 13:09 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-29 13:08 122,880 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmpD.tmp.exe
2007-06-29 08:09 122,880 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp8CB.tmp.exe
2007-06-29 08:07 73,982 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp8C4.tmp.exe
2007-06-29 08:07 59,368 --a------ C:\WINDOWS\SYSTEM32\tmp8C4.tmp.dll
2007-06-29 08:07 2,560 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp8C5.tmp.exe
2007-06-29 08:07 134,887 --a------ C:\WINDOWS\gebaya.dll
2007-06-29 08:07 128,251 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp8C3.tmp.exe
2007-06-29 08:05 122,880 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp8C1.tmp.exe
2007-06-28 23:40 975,175 ---hs---- C:\WINDOWS\svvxxx.ini2
2007-06-28 23:40 73,920 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp8A6.tmp.exe
2007-06-28 23:40 59,457 --a------ C:\WINDOWS\SYSTEM32\tmp8A6.tmp.dll
2007-06-28 23:40 134,903 --a------ C:\WINDOWS\xxxvvs.dll
2007-06-28 23:40 128,216 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp8A5.tmp.exe
2007-06-28 23:36 122,880 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp8A4.tmp.exe
2007-06-28 23:31 2,560 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp8A3.tmp.exe
2007-06-28 23:30 73,920 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp8A2.tmp.exe
2007-06-28 23:30 59,457 --a------ C:\WINDOWS\SYSTEM32\tmp8A2.tmp.dll
2007-06-28 23:30 128,216 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp8A1.tmp.exe
2007-06-28 19:21 128,216 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp88B.tmp.exe
2007-06-28 19:20 122,880 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp88A.tmp.exe
2007-06-28 18:14 73,920 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp1A.tmp.exe
2007-06-28 18:14 59,457 --a------ C:\WINDOWS\SYSTEM32\tmp1A.tmp.dll
2007-06-28 14:00 73,920 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp8.tmp.exe
2007-06-28 14:00 59,457 --a------ C:\WINDOWS\SYSTEM32\tmp8.tmp.dll
2007-06-28 14:00 128,216 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp7.tmp.exe
2007-06-28 08:46 <DIR> d--hs---- C:\DOCUME~1\CHRIST~1\APPLIC~1\wsnpoem
2007-06-28 08:45 166,104 --a------ C:\WINDOWS\SYSTEM32\pentnt.dll
2007-06-28 08:44 122,880 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp924.tmp.exe
2007-06-28 08:42 73,920 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp922.tmp.exe
2007-06-28 08:42 59,457 --a------ C:\WINDOWS\SYSTEM32\tmp922.tmp.dll
2007-06-28 08:42 2,560 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp923.tmp.exe
2007-06-28 08:42 134,903 --a------ C:\WINDOWS\ljghgf.dll
2007-06-28 08:42 128,216 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp921.tmp.exe
2007-06-27 12:37 59,427 --a------ C:\WINDOWS\SYSTEM32\tmp890.tmp.dll
2007-06-27 12:37 2,560 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp891.tmp.exe
2007-06-27 12:37 134,917 --a------ C:\WINDOWS\nnkhih.dll
2007-06-27 12:37 128,153 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp88F.tmp.exe
2007-06-27 12:37 122,880 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp890.tmp.exe
2007-06-27 12:30 122,880 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp88E.tmp.exe
2007-06-27 12:27 73,920 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp88C.tmp.exe
2007-06-27 12:27 59,457 --a------ C:\WINDOWS\SYSTEM32\tmp88C.tmp.dll
2007-06-27 12:27 2,560 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp88D.tmp.exe
2007-06-27 12:21 128,153 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp886.tmp.exe
2007-06-27 10:56 122,880 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp2B.tmp.exe
2007-06-27 10:51 73,936 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp26.tmp.exe
2007-06-27 10:51 59,427 --a------ C:\WINDOWS\SYSTEM32\tmp26.tmp.dll
2007-06-27 10:51 2,560 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp27.tmp.exe
2007-06-27 10:51 128,153 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp25.tmp.exe
2007-06-27 10:49 122,880 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp24.tmp.exe
2007-06-27 10:33 59,427 --a------ C:\WINDOWS\SYSTEM32\tmp19.tmp.dll
2007-06-27 10:33 2,560 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp1B.tmp.exe
2007-06-27 10:32 128,216 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp19.tmp.exe
2007-06-27 10:29 134,917 --a------ C:\WINDOWS\hgdebx.dll
2007-06-27 10:29 128,153 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp18.tmp.exe
2007-06-27 10:27 122,880 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp17.tmp.exe
2007-06-27 10:18 73,936 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp13.tmp.exe
2007-06-27 10:18 59,427 --a------ C:\WINDOWS\SYSTEM32\tmp13.tmp.dll
2007-06-27 10:18 2,560 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp14.tmp.exe
2007-06-27 10:16 128,153 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp11.tmp.exe
2007-06-27 10:14 122,880 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp10.tmp.exe
2007-06-27 09:13 2,560 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp991.tmp.exe
2007-06-27 09:13 2,560 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp990.tmp.exe
2007-06-27 09:12 73,936 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp98E.tmp.exe
2007-06-27 09:09 134,917 --a------ C:\WINDOWS\ljggff.dll
2007-06-27 09:09 128,153 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp98B.tmp.exe
2007-06-27 09:09 122,880 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp989.tmp.exe
2007-06-27 09:06 73,936 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp983.tmp.exe
2007-06-27 09:06 73,936 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp982.tmp.exe
2007-06-27 09:06 59,427 --a------ C:\WINDOWS\SYSTEM32\tmp983.tmp.dll
2007-06-27 09:06 59,427 --a------ C:\WINDOWS\SYSTEM32\tmp982.tmp.dll
2007-06-27 09:06 2,560 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp985.tmp.exe
2007-06-27 09:06 128,153 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp981.tmp.exe
2007-06-27 09:04 122,880 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp97D.tmp.exe
2007-06-27 09:02 73,936 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp977.tmp.exe
2007-06-27 09:02 59,427 --a------ C:\WINDOWS\SYSTEM32\tmp977.tmp.dll
2007-06-27 09:02 2,560 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp978.tmp.exe
2007-06-27 09:02 128,153 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp976.tmp.exe
2007-06-27 09:01 122,880 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp974.tmp.exe
2007-06-27 08:47 73,936 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp971.tmp.exe
2007-06-27 08:47 59,427 --a------ C:\WINDOWS\SYSTEM32\tmp971.tmp.dll
2007-06-27 08:47 2,560 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp972.tmp.exe
2007-06-27 08:47 134,917 --a------ C:\WINDOWS\nnkige.dll
2007-06-27 08:47 128,153 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp970.tmp.exe
2007-06-27 08:46 122,880 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp96F.tmp.exe
2007-06-26 20:59 73,931 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp95D.tmp.exe
2007-06-26 20:59 59,480 --a------ C:\WINDOWS\SYSTEM32\tmp95D.tmp.dll
2007-06-26 20:59 2,560 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp95E.tmp.exe
2007-06-26 20:58 128,152 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp95C.tmp.exe
2007-06-26 20:58 122,880 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp95B.tmp.exe
2007-06-26 16:28 73,931 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp944.tmp.exe
2007-06-26 16:28 59,480 --a------ C:\WINDOWS\SYSTEM32\tmp944.tmp.dll
2007-06-26 16:28 2,560 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp945.tmp.exe
2007-06-26 16:27 38,126 --a------ C:\WINDOWS\SYSTEM32\CICnt5.dll
2007-06-26 16:27 128,152 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp943.tmp.exe
2007-06-26 16:27 122,880 --a------ C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp942.tmp.exe
2007-06-09 13:16 <DIR> d-------- C:\DOCUME~1\CHRIST~1\APPLIC~1\Google
2007-06-09 10:55 <DIR> d-------- C:\DOCUME~1\Richard\APPLIC~1\Google
2007-06-09 10:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-05-31 22:02 31,616 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-20 17:16:57 -------- d-----w C:\Program Files\Google
2007-06-19 00:53:14 -------- d--h--w C:\Program Files\WindowsUpdate
2007-06-14 01:13:13 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-02 14:06:24 -------- d-----w C:\Program Files\Common Files\AOL
2007-06-01 01:04:20 -------- d-----w C:\Program Files\America Online 9.0
2007-05-20 02:50:06 28,256 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 17:31:03 103,984 ----a-w C:\WINDOWS\system32\AOLDial.dll
2006-05-31 01:14:54 13,325 --sha-w C:\WINDOWS\SYSTEM32\mljgf.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{016b8055-06aa-479f-8343-0c10a00ec104}=C:\WINDOWS\system32\CICnt5.dll [2007-06-26 16:27]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-09-06 10:09]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56]
{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}=c:\program files\mcafee.com\mps\mcbrhlpr.dll [2003-04-28 16:38]
{BDF3E430-B101-42AD-A544-FADC6B084872}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2005-10-19 13:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 21:47]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2003-03-21 14:50]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2003-03-18 15:53]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2003-08-04 18:25]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-10-06 12:05]
"VirusScan Online"="c:\program files\mcafee.com\vso\mcvsshld.exe" [2003-03-21 14:52]
"MPSExe"="C:\Program Files\McAfee.com\MPS\mscifapp.exe" [2003-07-02 17:54]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-04-19 10:29]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-02-17 11:05]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-05-30 12:13]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50]
"HostManager"="C:\Program Files\Common Files\AOL\1139965892\ee\AOLSoftware.exe" [2006-09-25 20:52]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-02-21 11:56]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 15:25]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 15:45]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-02-24 12:57]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe" [2005-05-19 17:59]
"@"="" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="C:\Program Files\ewido anti-malware\shellhook.dll" [2004-09-30 08:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CICnt5]
CICnt5.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LimeWire 3.8.10.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LimeWire 3.8.10.lnk
backup=C:\WINDOWS\pss\LimeWire 3.8.10.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^start.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\start.exe
backup=C:\WINDOWS\pss\start.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1xSvb]
C:\documents and settings\christina\local settings\temp\1xSvb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
C:\Documents and Settings\Christina\Application Data\ttuh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ihtv]
C:\WINDOWS\System32\z191z.exe dummy

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mediamotor.exe]
\mmups.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nIK]
C:\windows\temp\nIK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Stormer]
C:\Program Files\Spyware Stormer\SpywareStormer.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 2]
C:\Program Files\SurfSideKick 2\Ssk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tsl]
C:\PROGRA~1\COMMON~1\tsa\tsl.exe


Contents of the 'Scheduled Tasks' folder
2007-06-23 00:00:00 C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (D5TCC341-Joseph).job
2007-06-29 17:25:49 C:\WINDOWS\tasks\McAfee.com Update Check (D5TCC341-Christina).job
2007-06-29 17:20:00 C:\WINDOWS\tasks\McAfee.com Update Check (D5TCC341-Donna).job
2007-06-29 17:26:00 C:\WINDOWS\tasks\McAfee.com Update Check (D5TCC341-Joseph).job
2007-06-29 17:28:00 C:\WINDOWS\tasks\McAfee.com Update Check (D5TCC341-Owner).job
2007-06-29 17:27:00 C:\WINDOWS\tasks\McAfee.com Update Check (D5TCC341-Richard).job
2007-06-29 17:26:00 C:\WINDOWS\tasks\McAfee.com Update Check (D5TCC341-Steven).job
2007-06-23 00:00:00 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Christina.job
2007-06-23 00:00:00 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Richard.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-29 13:25:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

svchctrl.exe [1984]


scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
svchctrl = c:\windows\system\svchctrl.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
svchctrl = c:\windows\system\svchctrl.exe

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"svchctrl"="c:\\windows\\system\\svchctrl.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"svchctrl"="c:\\windows\\system\\svchctrl.exe"

Completion time: 2007-06-29 13:28:53 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-29 13:28

--- E O F ---




Hijack This

Logfile of HijackThis v1.99.1
Scan saved at 3:12:44 PM, on 6/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1139965892\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\program files\common files\aol\1139965892\ee\services\antiSpywareApp\ver2_0_25_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1139965892\ee\aolsoftware.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\YTBSDK.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell.myway.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {016b8055-06aa-479f-8343-0c10a00ec104} - C:\WINDOWS\system32\CICnt5.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139965892\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\CICnt5.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\CICnt5.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\CICnt5.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\CICnt5.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.easports.com/downloads/games ... /ieell.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLa ... uncher.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID98.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/a ... _en_dl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zy ... player.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/diner ... 0.0.72.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol hijack: mhtml -
O20 - Winlogon Notify: CICnt5 - C:\WINDOWS\SYSTEM32\CICnt5.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
ross_rachel4life
Regular Member
 
Posts: 15
Joined: June 28th, 2007, 7:42 pm

Unread postby SNOWHITE » July 1st, 2007, 6:16 am

Hello ross_rachel4life,

Please go to UploadMalware to upload a suspicious file for analysis.
  • Enter your username from this forum
  • Copy and paste the link to this thread
  • In the Browse empty box, copy&paste this file path:
      C:\WINDOWS\hgdebx.dll
  • Repeat the same for this file:
      C:\WINDOWS\SYSTEM32\CICnt5.dll
  • In the comments, please mention that I asked you to upload this file
  • Click on Send File


The computer is much more infected then i thought :(

Please let me know for what purpose is used this computer, means also do you keep confidential data on it?

Do you have banking or personal information on this computer?

If this is a company computer, then i suggest clean reformat as a best solution.

The reason why i am asking you these questions is because, the last report shows a hidden process, which may mean a presence of undetected backdoor and rootkit. At this point i cant say what is the real threat, why is this process hidden or what is hiding it. We will do more research, but i would also like you to take your time and read the recommendations below:

1) use a known secure computer to change all of your online passwords
2) contact your bank and credit card company for possible unauthorised transactions

more info can be found here:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

some further reading:

Security Management - May 2004
Help: I Got Hacked. Now What Do I Do?
http://www.microsoft.com/technet/community...gmt/sm0504.mspx

Security Management - July 2004
Help: I Got Hacked. Now What Do I Do? Part II
http://www.microsoft.com/technet/community...gmt/sm0704.mspx

and finally some more considerations:

When should I re-format? How should I reinstall?
http://www.dslreports.com/faq/10063

if you choose to format and reinstall see this link for instructions:
http://www.cyberwalker.net/faqs/how-tos/reinstall-faq.html

We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.

Run, new scan with combofix, following the same instructions as in my previous post. Post the contents of the report back here.

Download GMER from here:
http://www.gmer.net/files.php

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

Post back with new combofix report, gmer report and fresh HijackThis log.

Should you have any questions, please feel free to ask.


Regards,
User avatar
SNOWHITE
Regular Member
 
Posts: 94
Joined: February 12th, 2007, 2:06 pm

Unread postby ross_rachel4life » July 2nd, 2007, 12:07 am

Your file (hgdebx.dll) was successfully submitted. If someone requested you submit this file please let them know that you have submitted the file.

Your file (CICnt5.dll) was successfully submitted. If someone requested you submit this file please let them know that you have submitted the file.


My family uses the same computer, we have other ones but this is the main computer. Mostly on my desktop I have my passwords stored and on sites such as Amazon or Fandango we have credit card numbers stored.

ComboFix:
"Christina" - 2007-07-01 2:26:20 - ComboFix 07-06-27.7 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp976.tmp.exe
C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp977.tmp.exe
C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp978.tmp.exe
C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp97D.tmp.exe
C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp981.tmp.exe
C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp982.tmp.exe
C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp983.tmp.exe
C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp985.tmp.exe
C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp989.tmp.exe
C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp98B.tmp.exe
C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp98E.tmp.exe
C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp990.tmp.exe
C:\DOCUME~1\CHRIST~1\APPLIC~1\tmp991.tmp.exe
C:\DOCUME~1\CHRIST~1\APPLIC~1\tmpD.tmp.exe


((((((((((((((((((((((((( Files Created from 2007-06-01 to 2007-07-01 )))))))))))))))))))))))))))))))


2007-06-29 13:09 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-29 08:07 59,368 --a------ C:\WINDOWS\SYSTEM32\tmp8C4.tmp.dll
2007-06-29 08:07 134,887 --a------ C:\WINDOWS\gebaya.dll
2007-06-28 23:40 975,175 ---hs---- C:\WINDOWS\svvxxx.ini2
2007-06-28 23:40 59,457 --a------ C:\WINDOWS\SYSTEM32\tmp8A6.tmp.dll
2007-06-28 23:40 134,903 --a------ C:\WINDOWS\xxxvvs.dll
2007-06-28 23:30 59,457 --a------ C:\WINDOWS\SYSTEM32\tmp8A2.tmp.dll
2007-06-28 18:14 59,457 --a------ C:\WINDOWS\SYSTEM32\tmp1A.tmp.dll
2007-06-28 14:00 59,457 --a------ C:\WINDOWS\SYSTEM32\tmp8.tmp.dll
2007-06-28 08:46 <DIR> d--hs---- C:\DOCUME~1\CHRIST~1\APPLIC~1\wsnpoem
2007-06-28 08:45 166,104 --a------ C:\WINDOWS\SYSTEM32\pentnt.dll
2007-06-28 08:42 59,457 --a------ C:\WINDOWS\SYSTEM32\tmp922.tmp.dll
2007-06-28 08:42 134,903 --a------ C:\WINDOWS\ljghgf.dll
2007-06-27 12:37 59,427 --a------ C:\WINDOWS\SYSTEM32\tmp890.tmp.dll
2007-06-27 12:37 134,917 --a------ C:\WINDOWS\nnkhih.dll
2007-06-27 12:27 59,457 --a------ C:\WINDOWS\SYSTEM32\tmp88C.tmp.dll
2007-06-27 10:51 59,427 --a------ C:\WINDOWS\SYSTEM32\tmp26.tmp.dll
2007-06-27 10:33 59,427 --a------ C:\WINDOWS\SYSTEM32\tmp19.tmp.dll
2007-06-27 10:29 134,917 --a------ C:\WINDOWS\hgdebx.dll
2007-06-27 10:18 59,427 --a------ C:\WINDOWS\SYSTEM32\tmp13.tmp.dll
2007-06-27 09:09 134,917 --a------ C:\WINDOWS\ljggff.dll
2007-06-27 09:06 59,427 --a------ C:\WINDOWS\SYSTEM32\tmp983.tmp.dll
2007-06-27 09:06 59,427 --a------ C:\WINDOWS\SYSTEM32\tmp982.tmp.dll
2007-06-27 09:02 59,427 --a------ C:\WINDOWS\SYSTEM32\tmp977.tmp.dll
2007-06-27 08:47 59,427 --a------ C:\WINDOWS\SYSTEM32\tmp971.tmp.dll
2007-06-27 08:47 134,917 --a------ C:\WINDOWS\nnkige.dll
2007-06-26 20:59 59,480 --a------ C:\WINDOWS\SYSTEM32\tmp95D.tmp.dll
2007-06-26 16:28 59,480 --a------ C:\WINDOWS\SYSTEM32\tmp944.tmp.dll
2007-06-26 16:27 38,126 --a------ C:\WINDOWS\SYSTEM32\CICnt5.dll
2007-06-09 13:16 <DIR> d-------- C:\DOCUME~1\CHRIST~1\APPLIC~1\Google
2007-06-09 10:55 <DIR> d-------- C:\DOCUME~1\Richard\APPLIC~1\Google
2007-06-09 10:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-29 23:19:10 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-20 17:16:57 -------- d-----w C:\Program Files\Google
2007-06-19 00:53:14 -------- d--h--w C:\Program Files\WindowsUpdate
2007-06-02 14:06:24 -------- d-----w C:\Program Files\Common Files\AOL
2007-06-01 01:04:20 -------- d-----w C:\Program Files\America Online 9.0
2007-05-20 02:50:06 28,256 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 17:31:03 103,984 ----a-w C:\WINDOWS\system32\AOLDial.dll
2006-05-31 01:14:54 13,325 --sha-w C:\WINDOWS\SYSTEM32\mljgf.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{016b8055-06aa-479f-8343-0c10a00ec104}=C:\WINDOWS\system32\CICnt5.dll [2007-06-26 16:27]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-09-06 10:09]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56]
{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}=c:\program files\mcafee.com\mps\mcbrhlpr.dll [2003-04-28 16:38]
{BDF3E430-B101-42AD-A544-FADC6B084872}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2005-10-19 13:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 21:47]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2003-03-21 14:50]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2003-03-18 15:53]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2003-08-04 18:25]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-10-06 12:05]
"VirusScan Online"="c:\program files\mcafee.com\vso\mcvsshld.exe" [2003-03-21 14:52]
"MPSExe"="C:\Program Files\McAfee.com\MPS\mscifapp.exe" [2003-07-02 17:54]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-04-19 10:29]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-02-17 11:05]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-05-30 12:13]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50]
"HostManager"="C:\Program Files\Common Files\AOL\1139965892\ee\AOLSoftware.exe" [2006-09-25 20:52]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-02-21 11:56]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 15:25]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 15:45]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-02-24 12:57]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe" [2005-05-19 17:59]
"@"="" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="C:\Program Files\ewido anti-malware\shellhook.dll" [2004-09-30 08:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CICnt5]
CICnt5.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LimeWire 3.8.10.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LimeWire 3.8.10.lnk
backup=C:\WINDOWS\pss\LimeWire 3.8.10.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^start.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\start.exe
backup=C:\WINDOWS\pss\start.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1xSvb]
C:\documents and settings\christina\local settings\temp\1xSvb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
C:\Documents and Settings\Christina\Application Data\ttuh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ihtv]
C:\WINDOWS\System32\z191z.exe dummy

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mediamotor.exe]
\mmups.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nIK]
C:\windows\temp\nIK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Stormer]
C:\Program Files\Spyware Stormer\SpywareStormer.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 2]
C:\Program Files\SurfSideKick 2\Ssk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tsl]
C:\PROGRA~1\COMMON~1\tsa\tsl.exe


Contents of the 'Scheduled Tasks' folder
2007-06-30 00:00:00 C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (D5TCC341-Joseph).job
2007-07-01 18:06:30 C:\WINDOWS\tasks\McAfee.com Update Check (D5TCC341-Christina).job
2007-07-01 06:35:00 C:\WINDOWS\tasks\McAfee.com Update Check (D5TCC341-Donna).job
2007-07-01 06:36:00 C:\WINDOWS\tasks\McAfee.com Update Check (D5TCC341-Joseph).job
2007-07-01 06:33:00 C:\WINDOWS\tasks\McAfee.com Update Check (D5TCC341-Owner).job
2007-07-01 18:07:00 C:\WINDOWS\tasks\McAfee.com Update Check (D5TCC341-Richard).job
2007-07-01 06:36:00 C:\WINDOWS\tasks\McAfee.com Update Check (D5TCC341-Steven).job
2007-06-30 00:00:00 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Christina.job
2007-06-30 00:00:00 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Richard.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-01 02:36:33
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwQuerySystemInformation

scanning hidden processes ...

svchctrl.exe [584]


scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
svchctrl = c:\windows\system\svchctrl.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
svchctrl = c:\windows\system\svchctrl.exe

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"svchctrl"="c:\\windows\\system\\svchctrl.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"svchctrl"="c:\\windows\\system\\svchctrl.exe"

Completion time: 2007-07-01 2:37:54
C:\ComboFix-quarantined-files.txt ... 2007-07-01 02:37
C:\ComboFix2.txt ... 2007-06-29 13:28

--- E O F ---
ross_rachel4life
Regular Member
 
Posts: 15
Joined: June 28th, 2007, 7:42 pm

Unread postby ross_rachel4life » July 2nd, 2007, 12:08 am

gmer:

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-07-02 00:04:23
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT 82C6F130 ZwConnectPort

---- Kernel code sections - GMER 1.0.13 ----

? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified.

---- User IAT/EAT - GMER 1.0.13 ----

IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00DC43CE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQuerySystemInformation] [00DC4B2C] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [00DC556E] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [00DC1A0A] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [00DC2D36] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [00DC2BB6] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00DC53EE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [00DC5602] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [00DC5464] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtQuerySystemInformation] [00DC4B2C] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00DC556E] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00DC53EE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [00DC5602] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00DC5464] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] [00DC2E92] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] [00DC2FEE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegEnumValueW] [00DC3224] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] [00DC2DD0] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileA] [00DC2AB7] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FindNextFileA] [00DC2C7A] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileExW] [00DC29E7] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00DC53EE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [00DC1A0A] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00DC5464] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [00DC5602] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [00DC2BB6] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [00DC2D36] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00DC556E] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [00DC54DA] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtQuerySystemInformation] [00DC4B2C] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeviceIoControlFile] [00DC43CE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtQuerySystemInformation] [00DC4B2C] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00DC556E] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FindFirstFileExW] [00DC29E7] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FindNextFileW] [00DC2D36] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00DC5464] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00DC53EE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00DC5602] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FindFirstFileW] [00DC2BB6] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!NtDeviceIoControlFile] [00DC43CE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!NtQuerySystemInformation] [00DC4B2C] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00DC53EE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [00DC5464] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [00DC5602] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegEnumValueW] [00DC3224] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegEnumValueA] [00DC3088] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExW] [00DC2E92] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExA] [00DC2DD0] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [00DC3224] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [00DC2E92] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [00DC2FEE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueA] [00DC2F32] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [00DC3088] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [00DC2DD0] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [00DC2C7A] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [00DC2AB7] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [00DC2D36] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [00DC2BB6] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00DC54DA] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00DC556E] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00DC5464] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [00DC1912] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [00DC1A0A] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00DC53EE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00DC5602] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExA] [00DC2DD0] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [00DC5602] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00DC53EE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtDeviceIoControlFile] [00DC43CE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegQueryValueExA] [00DC2DD0] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00DC53EE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Digital Line Detect\DLG.exe[288] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [00DC5602] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [100043CE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQuerySystemInformation] [10004B2C] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [10003224] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [10002E92] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [10002FEE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueA] [10002F32] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [10003088] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [10002DD0] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [10002C7A] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [10002AB7] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [10002D36] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [10002BB6] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [100054DA] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000556E] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10005464] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10001912] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10001A0A] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100053EE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [10005602] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeviceIoControlFile] [100043CE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtQuerySystemInformation] [10004B2C] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000556E] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FindFirstFileExW] [100029E7] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FindNextFileW] [10002D36] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10005464] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100053EE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [10005602] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FindFirstFileW] [10002BB6] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!NtDeviceIoControlFile] [100043CE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!NtQuerySystemInformation] [10004B2C] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100053EE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10005464] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [10005602] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegEnumValueW] [10003224] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegEnumValueA] [10003088] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExW] [10002E92] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExA] [10002DD0] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000556E] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100053EE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [10005602] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10005464] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000556E] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10001A0A] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [10002D36] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [10002BB6] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100053EE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [10005602] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10005464] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtQuerySystemInformation] [10004B2C] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] [10002E92] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] [10002FEE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegEnumValueW] [10003224] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] [10002DD0] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileA] [10002AB7] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FindNextFileA] [10002C7A] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileExW] [100029E7] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100053EE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10001A0A] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10005464] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10005602] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [10002BB6] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [10002D36] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000556E] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [100054DA] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtQuerySystemInformation] [10004B2C] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] [10002DD0] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] [10002F32] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegEnumValueW] [10003224] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] [10002E92] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] [10002FEE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [10005602] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100053EE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10005464] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [10002BB6] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000556E] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [100054DA] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10001A0A] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtQuerySystemInformation] [10004B2C] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [100053EE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10005464] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [10005602] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegEnumValueW] [10003224] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegQueryValueExW] [10002E92] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExA] [10002DD0] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [10005602] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100053EE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtDeviceIoControlFile] [100043CE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegQueryValueExA] [10002DD0] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [100053EE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\Dell\Media Experience\PCMService.exe[332] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [10005602] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01CB43CE] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQuerySystemInformation] [01CB4B2C] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [01CB556E] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [01CB1A0A] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [01CB2D36] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [01CB2BB6] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [01CB53EE] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [01CB5602] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [01CB5464] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtQuerySystemInformation] [01CB4B2C] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [01CB556E] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [01CB53EE] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [01CB5602] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [01CB5464] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeviceIoControlFile] [01CB43CE] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtQuerySystemInformation] [01CB4B2C] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [01CB556E] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FindFirstFileExW] [01CB29E7] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FindNextFileW] [01CB2D36] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [01CB5464] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [01CB53EE] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [01CB5602] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FindFirstFileW] [01CB2BB6] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!NtDeviceIoControlFile] [01CB43CE] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!NtQuerySystemInformation] [01CB4B2C] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [01CB53EE] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [01CB5464] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [01CB5602] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegEnumValueW] [01CB3224] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegEnumValueA] [01CB3088] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExW] [01CB2E92] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExA] [01CB2DD0] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] [01CB2E92] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] [01CB2FEE] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegEnumValueW] [01CB3224] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] [01CB2DD0] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileA] [01CB2AB7] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FindNextFileA] [01CB2C7A] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileExW] [01CB29E7] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01CB53EE] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [01CB1A0A] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [01CB5464] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [01CB5602] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [01CB2BB6] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [01CB2D36] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [01CB556E] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [01CB54DA] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtQuerySystemInformation] [01CB4B2C] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [01CB3224] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [01CB2E92] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [01CB2FEE] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueA] [01CB2F32] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [01CB3088] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [01CB2DD0] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [01CB2C7A] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [01CB2AB7] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [01CB2D36] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [01CB2BB6] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [01CB54DA] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [01CB556E] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [01CB5464] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [01CB1912] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [01CB1A0A] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [01CB53EE] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [01CB5602] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] [01CB2DD0] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] [01CB2F32] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegEnumValueW] [01CB3224] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] [01CB2E92] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] [01CB2FEE] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [01CB5602] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [01CB53EE] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [01CB5464] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [01CB2BB6] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [01CB556E] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [01CB54DA] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [01CB1A0A] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtQuerySystemInformation] [01CB4B2C] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegQueryValueExW] [01CB2E92] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExA] [01CB2DD0] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [01CB5602] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [01CB53EE] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtDeviceIoControlFile] [01CB43CE] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegQueryValueExA] [01CB2DD0] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [01CB53EE] C:\windows\system\svchctrl.dll
IAT C:\PROGRA~1\mcafee.com\agent\mcagent.exe[400] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [01CB5602] C:\windows\system\svchctrl.dll
IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [015043CE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQuerySystemInformation] [01504B2C] C:\windows\system\svchctrl.dll
IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlGetNativeSystemInformation] [01504B2C] C:\windows\system\svchctrl.dll
IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[416] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeviceIoControlFile] [015043CE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[416] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtQuerySystemInformation] [01504B2C] C:\windows\system\svchctrl.dll
IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[416] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0150556E] C:\windows\system\svchctrl.dll
IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[416] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FindFirstFileExW] [015029E7] C:\windows\system\svchctrl.dll
IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[416] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FindNextFileW] [01502D36] C:\windows\system\svchctrl.dll
IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[416] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [01505464] C:\windows\system\svchctrl.dll
IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[416] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [015053EE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[416] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [01505602] C:\windows\system\svchctrl.dll
IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[416] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FindFirstFileW] [01502BB6] C:\windows\system\svchctrl.dll
IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[416] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!NtDeviceIoControlFile] [015043CE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[416] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!NtQuerySystemInformation] [01504B2C] C:\windows\system\svchctrl.dll
IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[416] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [015053EE] C:\windows\system\svchctrl.dll
IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[416] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [01505464] C:\windows\system\svchctrl.dll
IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[416] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [01505602] C:\windows\system\svchctrl.dll
IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[416] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegEnumValueW] [01503224] C:\windows\system\svchctrl.dll
IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[416] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegEnumValueA] [01503088] C:\windows\system\svchctrl.dll
IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[416] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExW]
ross_rachel4life
Regular Member
 
Posts: 15
Joined: June 28th, 2007, 7:42 pm

Unread postby ross_rachel4life » July 2nd, 2007, 12:09 am

hijackthis


Logfile of HijackThis v1.99.1
Scan saved at 12:06:02 AM, on 7/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1139965892\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1139965892\ee\services\antiSpywareApp\ver2_0_25_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1139965892\ee\aolsoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\YTBSDK.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell.myway.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {016b8055-06aa-479f-8343-0c10a00ec104} - C:\WINDOWS\system32\CICnt5.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139965892\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\CICnt5.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\CICnt5.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\CICnt5.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\CICnt5.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.easports.com/downloads/games ... /ieell.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLa ... uncher.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID98.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/a ... _en_dl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zy ... player.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/diner ... 0.0.72.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol hijack: mhtml -
O20 - Winlogon Notify: CICnt5 - C:\WINDOWS\SYSTEM32\CICnt5.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
ross_rachel4life
Regular Member
 
Posts: 15
Joined: June 28th, 2007, 7:42 pm

Unread postby SNOWHITE » July 2nd, 2007, 10:58 am

Hello ross_rachel4life,

Thanks for the files :)

My family uses the same computer, we have other ones but this is the main computer. Mostly on my desktop I have my passwords stored and on sites such as Amazon or Fandango we have credit card numbers stored.


I suggest changing all of the passwords using a known secure computer, also
contact your bank and credit card company for possible unauthorized transactions. Read my previous post for more information.

Looking at your logs it seems that you are running two antivirus programs at a time. It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time. Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Norton or McAfee.

Also, you are using outdated version of Ewido. Ewido is being sold to Grisoft and the latest version is named AVG Antispyware, therefor, go to add/remove in the control panel and remove Ewido. I will give you instructions for downloading AVG Antispyware in my next instructions.

PLEASE READ THIS POST COMPLETELY, IT MAY MAKE IT EASIER FOR YOU IF YOU COPY AND PASTE THIS POST INTO A NEW TEXT DOCUMENT OR PRINT IT FOR REFERENCE LATER

Please follow the steps below exactly in the order they are written:

Step #1

Please re-open HiJackThis and click on "Do a system scan only". Check the boxes next to all the entries listed below.


O2 - BHO: (no name) - {016b8055-06aa-479f-8343-0c10a00ec104} - C:\WINDOWS\system32\CICnt5.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\CICnt5.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\CICnt5.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\CICnt5.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\CICnt5.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLa ... uncher.cab
O18 - Protocol hijack: mhtml -
O20 - Winlogon Notify: CICnt5 - C:\WINDOWS\SYSTEM32\CICnt5.dll

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Step #2

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\SYSTEM32\tmp8C4.tmp.dll
C:\WINDOWS\gebaya.dll
C:\WINDOWS\svvxxx.ini2
C:\WINDOWS\SYSTEM32\tmp8A6.tmp.dll
C:\WINDOWS\xxxvvs.dll
C:\WINDOWS\SYSTEM32\tmp8A2.tmp.dll
C:\WINDOWS\SYSTEM32\tmp1A.tmp.dll
C:\WINDOWS\SYSTEM32\tmp8.tmp.dll
C:\WINDOWS\SYSTEM32\pentnt.dll
C:\WINDOWS\SYSTEM32\tmp922.tmp.dll
C:\WINDOWS\ljghgf.dll
C:\WINDOWS\SYSTEM32\tmp890.tmp.dll
C:\WINDOWS\nnkhih.dll
C:\WINDOWS\SYSTEM32\tmp88C.tmp.dll
C:\WINDOWS\SYSTEM32\tmp26.tmp.dll
C:\WINDOWS\SYSTEM32\tmp19.tmp.dll
C:\WINDOWS\hgdebx.dll
C:\WINDOWS\SYSTEM32\tmp13.tmp.dll
C:\WINDOWS\ljggff.dll
C:\WINDOWS\SYSTEM32\tmp983.tmp.dll
C:\WINDOWS\SYSTEM32\tmp982.tmp.dll
C:\WINDOWS\SYSTEM32\tmp977.tmp.dll
C:\WINDOWS\SYSTEM32\tmp971.tmp.dll
C:\WINDOWS\nnkige.dll
C:\WINDOWS\SYSTEM32\tmp95D.tmp.dll
C:\WINDOWS\SYSTEM32\tmp944.tmp.dll
C:\WINDOWS\SYSTEM32\CICnt5.dll
C:\WINDOWS\SYSTEM32\mljgf.dll
C:\windows\system\svchctrl.dll

Folder::
C:\DOCUME~1\CHRIST~1\APPLIC~1\wsnpoem

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"svchctrl"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"svchctrl"=-



Save this as ComboFix-Do.txt

Then drag the ComboFix-Do.txt into ComboFix.exe as you see in the screenshot below.

Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Step #3

a.) Download AVG Anti-Spyware from HERE and save that file to your desktop.
  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  6. Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

NOTE: if you are unable to update the definition files, you can perform manual update by going to the following site http://www.ewido.net/en/download/updates/

NOTE: if you are unable to run scan with AVG Anti-Spyware in Safe Mode, Click the next link http://fileserver.ewido.net/public.cgi?id=20990 and download AVG_Anti-Spyware_7.5.1.36_Safe_Mode_Registry_Patch.reg to your desktop. It should look like this -> Image double click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

b.) Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

  1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

      Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  5. If you have any infections you will prompted, then select "Apply all actions"
  6. Next select the "Reports" icon at the top.
  7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  8. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

Step #4

    Open HijackThis, click Config, click Misc Tools
    Click "Open Uninstall Manager"
    Click "Save List" (generates uninstall_list.txt)
    Click Save, copy and paste the results in your next post.

In your next post please include the following reports:
  • ComboFix report
  • AVG Anti-Spyware report
  • Uninstall list
  • New HijackThis log
Let me know how the things went.

Regards,
User avatar
SNOWHITE
Regular Member
 
Posts: 94
Joined: February 12th, 2007, 2:06 pm

Unread postby ross_rachel4life » July 4th, 2007, 9:38 pm

SNOWHITE wrote:Looking at your logs it seems that you are running two antivirus programs at a time. It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time. Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Norton or McAfee.


I'm not sure which one we purchased or which one is running currently, I will have to check with the family and get back to you. Is there any way to keep both while only running one at a time?

[*]Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
[*]Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
[*]AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
[*]If you have any infections you will prompted, then select "Apply all actions"
[*]Next select the "Reports" icon at the top.
[*]Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
[*]Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
[/list]


It listed 13 something infections and everything was fine when I clicked "Apply All Actions" but there was no report to display/save?


combofix report
"Christina" - 2007-07-04 13:36:21 - ComboFix 07-06-27.7 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Christina\My Documents\Christina\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\CHRIST~1\APPLIC~1\wsnpoem
C:\DOCUME~1\CHRIST~1\APPLIC~1\wsnpoem\audio.dll
C:\DOCUME~1\CHRIST~1\APPLIC~1\wsnpoem\video.dll
C:\WINDOWS\gebaya.dll
C:\WINDOWS\hgdebx.dll
C:\WINDOWS\ljggff.dll
C:\WINDOWS\ljghgf.dll
C:\WINDOWS\nnkhih.dll
C:\WINDOWS\nnkige.dll
C:\WINDOWS\svvxxx.ini2
C:\WINDOWS\SYSTEM32\CICnt5.dll
C:\WINDOWS\SYSTEM32\mljgf.dll
C:\WINDOWS\SYSTEM32\pentnt.dll
C:\WINDOWS\SYSTEM32\tmp13.tmp.dll
C:\WINDOWS\SYSTEM32\tmp19.tmp.dll
C:\WINDOWS\SYSTEM32\tmp1A.tmp.dll
C:\WINDOWS\SYSTEM32\tmp26.tmp.dll
C:\WINDOWS\SYSTEM32\tmp8.tmp.dll
C:\WINDOWS\SYSTEM32\tmp88C.tmp.dll
C:\WINDOWS\SYSTEM32\tmp890.tmp.dll
C:\WINDOWS\SYSTEM32\tmp8A2.tmp.dll
C:\WINDOWS\SYSTEM32\tmp8A6.tmp.dll
C:\WINDOWS\SYSTEM32\tmp8C4.tmp.dll
C:\WINDOWS\SYSTEM32\tmp922.tmp.dll
C:\WINDOWS\SYSTEM32\tmp944.tmp.dll
C:\WINDOWS\SYSTEM32\tmp95D.tmp.dll
C:\WINDOWS\SYSTEM32\tmp971.tmp.dll
C:\WINDOWS\SYSTEM32\tmp977.tmp.dll
C:\WINDOWS\SYSTEM32\tmp982.tmp.dll
C:\WINDOWS\SYSTEM32\tmp983.tmp.dll
C:\WINDOWS\xxxvvs.dll


((((((((((((((((((((((((( Files Created from 2007-06-04 to 2007-07-04 )))))))))))))))))))))))))))))))


2007-06-29 13:09 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-28 08:45 66,048 -r-hs---- C:\WINDOWS\SYSTEM\regserv.exe
2007-06-28 08:45 23,552 -r-hs---- C:\WINDOWS\SYSTEM\regserv.dll
2007-06-09 13:16 <DIR> d-------- C:\DOCUME~1\CHRIST~1\APPLIC~1\Google
2007-06-09 10:55 <DIR> d-------- C:\DOCUME~1\Richard\APPLIC~1\Google
2007-06-09 10:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-04 17:25:09 -------- d-----w C:\Program Files\ewido anti-malware
2007-06-29 23:19:10 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-20 17:16:57 -------- d-----w C:\Program Files\Google
2007-06-19 00:53:14 -------- d--h--w C:\Program Files\WindowsUpdate
2007-06-02 14:06:24 -------- d-----w C:\Program Files\Common Files\AOL
2007-06-01 01:04:20 -------- d-----w C:\Program Files\America Online 9.0
2007-05-20 02:50:06 28,256 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 17:31:03 103,984 ----a-w C:\WINDOWS\system32\AOLDial.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-09-06 10:09]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56]
{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}=c:\program files\mcafee.com\mps\mcbrhlpr.dll [2003-04-28 16:38]
{BDF3E430-B101-42AD-A544-FADC6B084872}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2005-10-19 13:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 21:47]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2003-03-21 14:50]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2003-03-18 15:53]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2003-08-04 18:25]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-10-06 12:05]
"VirusScan Online"="c:\program files\mcafee.com\vso\mcvsshld.exe" [2003-03-21 14:52]
"MPSExe"="C:\Program Files\McAfee.com\MPS\mscifapp.exe" [2003-07-02 17:54]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-04-19 10:29]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-02-17 11:05]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-05-30 12:13]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50]
"HostManager"="C:\Program Files\Common Files\AOL\1139965892\ee\AOLSoftware.exe" [2006-09-25 20:52]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-02-21 11:56]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 15:25]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 15:45]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-02-24 12:57]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe" [2005-05-19 17:59]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CICnt5]
CICnt5.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LimeWire 3.8.10.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LimeWire 3.8.10.lnk
backup=C:\WINDOWS\pss\LimeWire 3.8.10.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^start.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\start.exe
backup=C:\WINDOWS\pss\start.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1xSvb]
C:\documents and settings\christina\local settings\temp\1xSvb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
C:\Documents and Settings\Christina\Application Data\ttuh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ihtv]
C:\WINDOWS\System32\z191z.exe dummy

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mediamotor.exe]
\mmups.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nIK]
C:\windows\temp\nIK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Stormer]
C:\Program Files\Spyware Stormer\SpywareStormer.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 2]
C:\Program Files\SurfSideKick 2\Ssk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tsl]
C:\PROGRA~1\COMMON~1\tsa\tsl.exe


Contents of the 'Scheduled Tasks' folder
2007-06-30 00:00:00 C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (D5TCC341-Joseph).job
2007-07-04 17:45:47 C:\WINDOWS\tasks\McAfee.com Update Check (D5TCC341-Christina).job
2007-07-04 17:40:00 C:\WINDOWS\tasks\McAfee.com Update Check (D5TCC341-Donna).job
2007-07-04 17:46:06 C:\WINDOWS\tasks\McAfee.com Update Check (D5TCC341-Joseph).job
2007-07-04 17:48:00 C:\WINDOWS\tasks\McAfee.com Update Check (D5TCC341-Owner).job
2007-07-04 17:40:00 C:\WINDOWS\tasks\McAfee.com Update Check (D5TCC341-Richard).job
2007-07-04 17:46:09 C:\WINDOWS\tasks\McAfee.com Update Check (D5TCC341-Steven).job
2007-06-30 00:00:00 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Christina.job
2007-06-30 00:00:00 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Richard.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-04 13:45:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-04 13:48:44 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-04 13:48
C:\ComboFix2.txt ... 2007-07-01 02:37
C:\ComboFix3.txt ... 2007-06-29 13:28

--- E O F ---

more reports in next post
ross_rachel4life
Regular Member
 
Posts: 15
Joined: June 28th, 2007, 7:42 pm

Unread postby ross_rachel4life » July 4th, 2007, 9:39 pm

uninstall list

Ad-aware 6 Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player ActiveX
Adobe Reader 7.0
Adobe Shockwave Player
AOL Coach Version 1.0(Build:20030807.3)
AOL Coach Version 1.0(Build:20040201.2 de)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deutschland
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
AVG Anti-Spyware 7.5
ccCommon
CCleaner (remove only)
Chicken Invaders 2 Xmas de
Conexant D850 56K V.9x DFVc Modem
Dell Digital Jukebox Driver
Dell Media Experience
Dell Solution Center
DellSupport
Digital Line Detect
DivX
DS21Patch
DVDSentry
EarthLink Setup Files
EPSON Printer Software
HijackThis 1.99.1
hp deskjet 5100
HP Memories Disc
HP Photo and Imaging 2.0 - Deskjet Series
hp print screen utility
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
InterActual Player
Internet Explorer Default Page
Internet Worm Protection
iPod for Windows 2005-03-23
iTunes
Jasc Paint Shop Photo Album
Java 2 Runtime Environment, SE v1.4.2
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
McAfee Personal Firewall Express
McAfee Privacy Service
McAfee SecurityCenter
McAfee VirusScan Online
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office Professional Edition 2003
Modem Helper
MSXML 4.0 SP2 (KB927978)
MUSICMATCH® Jukebox
NetWaiting
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SCSSDist MSI
Norton AntiVirus SYMLT MSI
Norton Spyware Scan provided by Yahoo!
Norton WMI Update
Panda ActiveScan
PaperPort
Pixelus Deluxe
PowerDVD
PrimaScan 2400 U Scanner Driver
Pure Networks Port Magic
QuickTime
RealPlayer
SafeCast Shared Components
Scientific Atlanta WebSTAR 2000 series Cable Modem
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
SPBBC
Spybot - Search & Destroy 1.3
Symantec
Symantec Script Blocking Installer
SymNet
TurboTax Deluxe 2004
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Walgreens PhotoShow Express
Web Sudoku Deluxe 1.1.1
WebCyberCoach 3.2 Dell
WexTech AnswerWorks
WildTangent Web Driver
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Toolbar for Internet Explorer


new hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 9:40:59 PM, on 7/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\AOL\1139965892\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\common files\aol\1139965892\ee\services\antiSpywareApp\ver2_0_25_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1139965892\ee\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\YTBSDK.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell.myway.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139965892\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.easports.com/downloads/games ... /ieell.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID98.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/a ... _en_dl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zy ... player.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/diner ... 0.0.72.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O20 - Winlogon Notify: CICnt5 - CICnt5.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
ross_rachel4life
Regular Member
 
Posts: 15
Joined: June 28th, 2007, 7:42 pm

Unread postby SNOWHITE » July 6th, 2007, 3:12 am

Hello ross_rachel4life

ross_rachel4life wrote:I'm not sure which one we purchased or which one is running currently, I will have to check with the family and get back to you. Is there any way to keep both while only running one at a time?


The best would be if you disable one of them. When you find which one you paid for, uninstall the other one, it is not good for the computer running two antivirus programs especially when it comes to combination of Norton and McAfee.

Please follow the steps below exactly in the order they are written:

Step #1

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\start.exe
C:\WINDOWS\pss\start.exe
C:\documents and settings\christina\local settings\temp\1xSvb.exe
C:\Documents and Settings\Christina\Application Data\ttuh.exe
C:\WINDOWS\System32\z191z.exe
C:\windows\temp\nIK.exe
C:\PROGRA~1\COMMON~1\tsa\tsl.exe

Folder::
C:\Program Files\Spyware Stormer
C:\Program Files\SurfSideKick 2

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LimeWire 3.8.10.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^start.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1xSvb]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ihtv]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mediamotor.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nIK]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Stormer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 2]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tsl]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CICnt5]



Save this as ComboFix-Do.txt

Then drag the ComboFix-Do.txt into ComboFix.exe as you see in the screenshot below.

Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

Step #2

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):
* Optionals
Viewpoint Manager (Remove Only) - This program is used to update the Viewpoint Media Player. This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware as it is installed without your consent through programs like AOl, AIM, Compuserve, etc.

WildTangent Web Driver - Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although its not technically considered spyware it does have built in components to update itself and gather information about the computer system including

Operating System Version
CPU Type and Speed
Memory Amount
Video Card type and Driver Version
Sound Card type and Driver Version
DirectX Version
Location that the Web Driver was installed from
It is also a MAJOR resource hog.


Please note any other programs that you don't recognize in that list in your next response


Step #3

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 2 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u2...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.

Step #4

Please do an online scan with Kaspersky WebScanner

NOTE: This Scanner will work with Internet Explorer Only!


Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases

  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save Report As... button:
  • Under Save as type select Text file write name for the file and save it to your Desktop.
  • Locate the file at the Desktop, open it, then copy and paste that information in your next post.

In your next post please include the following reports:
  • Combofix report
  • Kaspersky report
  • New HijackThis log
Let me know how the things went.


Regards,
User avatar
SNOWHITE
Regular Member
 
Posts: 94
Joined: February 12th, 2007, 2:06 pm

Unread postby ross_rachel4life » July 6th, 2007, 4:10 pm

combofix
"Christina" - 2007-07-06 12:59:05 - ComboFix 07-06-27.7 - Service Pack 2 NTFS
Command switches used :: C:\ComboFix-Do.txt


((((((((((((((((((((((((( Files Created from 2007-06-06 to 2007-07-06 )))))))))))))))))))))))))))))))


2007-07-04 13:55 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-06-29 13:09 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-09 13:16 <DIR> d-------- C:\DOCUME~1\CHRIST~1\APPLIC~1\Google
2007-06-09 10:55 <DIR> d-------- C:\DOCUME~1\Richard\APPLIC~1\Google
2007-06-09 10:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-06 08:20:59 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-05 02:14:33 28,256 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
2007-07-04 17:25:09 -------- d-----w C:\Program Files\ewido anti-malware
2007-06-20 17:16:57 -------- d-----w C:\Program Files\Google
2007-06-19 00:53:14 -------- d--h--w C:\Program Files\WindowsUpdate
2007-06-02 14:06:24 -------- d-----w C:\Program Files\Common Files\AOL
2007-06-01 01:04:20 -------- d-----w C:\Program Files\America Online 9.0
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 17:31:03 103,984 ----a-w C:\WINDOWS\system32\AOLDial.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-09-06 10:09]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56]
{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}=c:\program files\mcafee.com\mps\mcbrhlpr.dll [2003-04-28 16:38]
{BDF3E430-B101-42AD-A544-FADC6B084872}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2005-10-19 13:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 21:47]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2003-03-21 14:50]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2003-03-18 15:53]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2003-08-04 18:25]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-10-06 12:05]
"VirusScan Online"="c:\program files\mcafee.com\vso\mcvsshld.exe" [2003-03-21 14:52]
"MPSExe"="C:\Program Files\McAfee.com\MPS\mscifapp.exe" [2003-07-02 17:54]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-04-19 10:29]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-02-17 11:05]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-05-30 12:13]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50]
"HostManager"="C:\Program Files\Common Files\AOL\1139965892\ee\AOLSoftware.exe" [2006-09-25 20:52]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-02-21 11:56]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 15:25]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 15:45]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-04 13:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-02-24 12:57]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe" [2005-05-19 17:59]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-07-04 13:56]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r


Contents of the 'Scheduled Tasks' folder
2007-06-30 00:00:00 C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (D5TCC341-Joseph).job
2007-07-06 17:04:00 C:\WINDOWS\tasks\McAfee.com Update Check (D5TCC341-Christina).job
2007-07-06 17:05:00 C:\WINDOWS\tasks\McAfee.com Update Check (D5TCC341-Donna).job
2007-07-06 17:06:00 C:\WINDOWS\tasks\McAfee.com Update Check (D5TCC341-Joseph).job
2007-07-06 17:03:00 C:\WINDOWS\tasks\McAfee.com Update Check (D5TCC341-Owner).job
2007-07-06 17:05:00 C:\WINDOWS\tasks\McAfee.com Update Check (D5TCC341-Richard).job
2007-07-06 17:06:00 C:\WINDOWS\tasks\McAfee.com Update Check (D5TCC341-Steven).job
2007-06-30 00:00:00 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Christina.job
2007-06-30 00:00:00 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Richard.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-06 13:06:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-06 13:07:50
C:\ComboFix-Do.txt ... 2007-07-06 12:58
C:\ComboFix-quarantined-files.txt ... 2007-07-06 13:07
C:\ComboFix2.txt ... 2007-07-04 13:48
C:\ComboFix3.txt ... 2007-07-01 02:37

--- E O F ---


hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 1:10:49 PM, on 7/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\AOL\1139965892\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\common files\aol\1139965892\ee\services\antiSpywareApp\ver2_0_25_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1139965892\ee\aolsoftware.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\YTBSDK.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell.myway.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139965892\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.easports.com/downloads/games ... /ieell.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID98.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/a ... _en_dl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zy ... player.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/diner ... 0.0.72.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
ross_rachel4life
Regular Member
 
Posts: 15
Joined: June 28th, 2007, 7:42 pm

Unread postby ross_rachel4life » July 6th, 2007, 4:11 pm

KASPERSKY

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, July 06, 2007 4:10:51 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 6/07/2007
Kaspersky Anti-Virus database records: 359148
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 84723
Number of viruses found: 28
Number of infected objects: 178
Number of suspicious objects: 0
Duration of the scan process: 01:22:39

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9797cc75d505991df8f23c20def034b4_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb2f04e68ab348f06fc2f5c38dc43a21_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-07-06_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\Christina\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Christina\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Christina\Application Data\GTek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Christina\Application Data\ntos.exe Infected: Trojan-Spy.Win32.Bancos.aam skipped
C:\Documents and Settings\Christina\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Christina\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Christina\Local Settings\Application Data\Apple Computer\QuickTime\downloads\09\06\96d22963-dc0f9122-d2ab5935-75e4dbf3.qtch Object is locked skipped
C:\Documents and Settings\Christina\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Christina\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Christina\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Christina\Local Settings\History\History.IE5\MSHist012007070620070707\index.dat Object is locked skipped
C:\Documents and Settings\Christina\Local Settings\Temporary Internet Files\Content.IE5\AJOUDDJD\OddpawnMainTitle[1].mp3 Object is locked skipped
C:\Documents and Settings\Christina\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Christina\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Christina\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Donna\Local Settings\Temp\hsperfdata_Donna\7024 Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\HJT\backups\backup-20070704-133141-551.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ke skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\074D5471.dll Infected: not-a-virus:AdWare.Win32.Midadle.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\079047E3.dll Infected: not-a-virus:AdWare.Win32.Midadle.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\079047E3.zip/web.exe/WISE0006.BIN Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\079047E3.zip/web.exe Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\079047E3.zip ZIP: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\079047E3.zip CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\079371DF.zip/web.exe/WISE0006.BIN Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\079371DF.zip/web.exe Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\079371DF.zip ZIP: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\079371DF.zip CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\07961BDB.zip/web.exe/WISE0006.BIN Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\07961BDB.zip/web.exe Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\07961BDB.zip ZIP: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\07961BDB.zip CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\079945D8.exe/data0002 Infected: not-a-virus:AdWare.Win32.BookedSpace.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\079945D8.exe NSIS: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\079945D8.exe CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\07A343CD.ocx Infected: Trojan-Downloader.Win32.Agent.ex skipped
C:\Program Files\Norton AntiVirus\Quarantine\07A343CD.tmp Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\Program Files\Norton AntiVirus\Quarantine\07A66DC9.dll Infected: not-a-virus:AdWare.Win32.Midadle.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\07AD41C2.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.Relevance.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\07AD41C2.exe/stream Infected: not-a-virus:AdWare.Win32.Relevance.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\07AD41C2.exe NSIS: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\07AD41C2.exe CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\07BA69B4.tmp Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\09A07267.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\09A07267.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\09A07267.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\09A07267.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\09A07267.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\09A07267.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\112F1305.tmp/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.TotalVelocity.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\112F1305.tmp/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.TotalVelocity.aj skipped
C:\Program Files\Norton AntiVirus\Quarantine\112F1305.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.TotalVelocity.aj skipped
C:\Program Files\Norton AntiVirus\Quarantine\112F1305.tmp/InpB Infected: not-a-virus:AdWare.Win32.TotalVelocity.aj skipped
C:\Program Files\Norton AntiVirus\Quarantine\112F1305.tmp CAB: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\112F1305.tmp CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\112F1305.zip/web.exe/WISE0006.BIN Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\112F1305.zip/web.exe Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\112F1305.zip ZIP: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\112F1305.zip CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\164D20A5.zip/web.exe/WISE0006.BIN Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\164D20A5.zip/web.exe Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\164D20A5.zip ZIP: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\164D20A5.zip CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\186D4A5E.tmp Infected: Trojan-Dropper.Java.Cliper.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\2AAC3BD1.EXE/WISE0001.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\2AAC3BD1.EXE/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\2AAC3BD1.EXE WiseSFX: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\2AAC3BD1.EXE CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\38FE54A1.exe/WISE0001.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\38FE54A1.exe/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\38FE54A1.exe WiseSFX: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\38FE54A1.exe CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\3B6D76F6.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\3B6D76F6.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\3B6D76F6.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\3B6D76F6.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\3B6D76F6.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\3B6D76F6.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\3FD94CE9.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\3FD94CE9.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\3FD94CE9.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\3FD94CE9.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\3FD94CE9.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\3FD94CE9.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\4326263C.zip/web.exe/WISE0006.BIN Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\4326263C.zip/web.exe Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\4326263C.zip ZIP: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\4326263C.zip CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\44630863.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\44630863.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\44630863.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\44630863.zip ZIP: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\44630863.zip CryptFF: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\45275F8C.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\45275F8C.zip ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\45275F8C.zip CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\4B795F95.exe/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\4B795F95.exe/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\4B795F95.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\4B795F95.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\4B795F95.exe CAB: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\4B795F95.exe CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\4DFA2302.zip/web.exe/WISE0006.BIN Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\4DFA2302.zip/web.exe Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\4DFA2302.zip ZIP: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\4DFA2302.zip CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\4F685066.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\4F685066.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\4F685066.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\4F685066.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\4F685066.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\4F685066.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\508442A6.zip/web.exe/WISE0006.BIN Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\508442A6.zip/web.exe Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\508442A6.zip ZIP: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\508442A6.zip CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\561062D5.tmp Infected: Trojan-Dropper.Java.Cliper.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\596B65AC.tmp/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\596B65AC.tmp/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.i skipped
C:\Program Files\Norton AntiVirus\Quarantine\596B65AC.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\596B65AC.tmp/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\596B65AC.tmp CAB: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\596B65AC.tmp CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\62122DB9.exe/data0003 Infected: not-a-virus:AdWare.Win32.Midadle.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\62122DB9.exe/data0004 Infected: not-a-virus:AdWare.Win32.Midadle.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\62122DB9.exe/data0005 Infected: not-a-virus:AdWare.Win32.Midadle.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\62122DB9.exe NSIS: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\62122DB9.exe CryptFF: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\621657B5.dll Infected: not-a-virus:AdWare.Win32.Midadle.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\621657B5.EXE/WISE0001.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\621657B5.EXE/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\621657B5.EXE WiseSFX: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\621657B5.EXE CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\72AB31F9.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\72AB31F9.zip ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\72AB31F9.zip CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\72AE5BF5.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\72AE5BF5.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\72AE5BF5.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\72AE5BF5.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\72AE5BF5.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\72AE5BF5.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7597669E.zip/web.exe/WISE0006.BIN Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\7597669E.zip/web.exe Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\7597669E.zip ZIP: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7597669E.zip CryptFF: infected - 2 skipped
C:\QooBox\Quarantine\C\DOCUME~1\CHRIST~1\APPLIC~1\tmp11.tmp.exe.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\DOCUME~1\CHRIST~1\APPLIC~1\tmp18.tmp.exe.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\DOCUME~1\CHRIST~1\APPLIC~1\tmp25.tmp.exe.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\DOCUME~1\CHRIST~1\APPLIC~1\tmp886.tmp.exe.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\DOCUME~1\CHRIST~1\APPLIC~1\tmp88F.tmp.exe.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\DOCUME~1\CHRIST~1\APPLIC~1\tmp970.tmp.exe.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\DOCUME~1\CHRIST~1\APPLIC~1\tmp976.tmp.exe.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\DOCUME~1\CHRIST~1\APPLIC~1\tmp981.tmp.exe.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\DOCUME~1\CHRIST~1\APPLIC~1\tmp98B.tmp.exe.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\gebaya.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\hgdebx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\ljggff.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\ljghgf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\nnkhih.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\nnkige.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\xxxvvs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\catchme2007-07-04_134532.48.zip/CICnt5.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ke skipped
C:\QooBox\Quarantine\catchme2007-07-04_134532.48.zip ZIP: infected - 1 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1314\A0954843.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1314\A0954844.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1314\A0954845.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1315\A0955843.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1315\A0955844.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1315\A0955845.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1315\A0955846.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1316\A0958843.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1316\A0958844.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1316\A0958845.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1316\A0958846.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1318\A0959895.exe Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1318\A0959899.exe Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1318\A0959904.exe Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1318\A0959910.exe Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1318\A0959916.exe Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1318\A0959943.exe Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1318\A0961941.exe Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1318\A0961945.exe Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1318\A0961950.exe Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1321\A0963959.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1321\A0963961.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1321\A0963967.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1321\A0963969.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1321\A0963973.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1321\A0963975.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1321\A0963980.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1321\A0964093.dll Infected: Backdoor.Win32.ShBot.e skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1321\A0964094.exe Infected: Backdoor.Win32.ShBot.e skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1321\A0964095.exe Infected: Trojan-Downloader.Win32.Lookme.g skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1325\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ329115$\reg00003 Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
ross_rachel4life
Regular Member
 
Posts: 15
Joined: June 28th, 2007, 7:42 pm

Unread postby SNOWHITE » July 7th, 2007, 4:11 am

Hello ross_rachel4life,

Please follow the steps below exactly in the order they are written:

Step #1


Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Documents and Settings\Christina\Application Data\ntos.exe

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Step #2

* Open Norton AntiVirus by double clicking the 'Shield' icon located in the right hand bottom corner of your computer screen.
Double click the 'View' folder. It is located on the left side of the Norton AntiVirus window. This will expand the folder and display the contents. Click on the 'Quarantine' icon. The right side of the Norton AntiVirus window will now list the contents of your quarantine folder.
Select the item you wish to remove and click on RED 'X' icon to delete it. This will open the 'Take Action' window. Click the 'Start Delete' button to remove the infected file from your computer.
Repeat for any other quarantined files you want to remove.
When you are done removing files, click the 'Exit' button in the bottom left hand corner of the Norton AntiVirus window.

* Click start then run, type prefetch then press enter, click edit then select all, (all files will highlight), right click any file, click delete, confirm.


* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.


* Double click OTMoveIt once again and you should see a CleanUp! button, press that button, you may get prompt by your firewall that OTMoveIt tries to contact internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes.

NOTE: This will remove some of the tools we used so far, including OTMoveIt.

Run new scan with Kaspersky and post the scan report back here along with new HijackThis log. Let me know how is the computer running.


Regards,
User avatar
SNOWHITE
Regular Member
 
Posts: 94
Joined: February 12th, 2007, 2:06 pm

Unread postby ross_rachel4life » July 14th, 2007, 11:55 pm

Posting reports soon, I have not had access to a computer for a week.
ross_rachel4life
Regular Member
 
Posts: 15
Joined: June 28th, 2007, 7:42 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 487 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware