I have clamwin antivirus do a scan every night. Right now I have windows onecare trial also. I will get one of the virus programs you mentioned to run in "realtime".
I uninstalled limewire and frostwire already before my problems started. Is there more I need to do then just the uninstalling of them?
My explorer quit having pop ups to random sights after you had me run combofix the first time.
If I may ask, what was the extra that you had me paste to combo fix?
I went to the symantec site and removed internet security 2007 since I don't use it anymore.
Here are the logs. Thank you so much for your time!!!!!
ComboFix 08-04-11.8 - Matt Fortuna 2008-04-13 8:41:12.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.199 [GMT -6:00]
Running from: C:\Documents and Settings\Matt Fortuna\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Matt Fortuna\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE ::
C:\fsaua.data
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\hnphbvbx.dll
C:\WINDOWS\system32\kpwlllqj.ini
C:\WINDOWS\system32\mlfcache.dat
C:\WINDOWS\system32\targetedbanner-uninst.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\winpfz33.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\SecTaskMan
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_entreelist.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_enviewlist.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00006FCA9B229EC4896DC2FC53B9CA70
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00006FCA9B229EC4896DC2FC53B9CA70.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_049B766410BBB82489E60ACC6494B77F
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_049B766410BBB82489E60ACC6494B77F.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_05285706FC8CBE74C86B0E3C8BD42870
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_05285706FC8CBE74C86B0E3C8BD42870.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_06E9C39A6B92ad94AB127FA06CAAED02
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_06E9C39A6B92ad94AB127FA06CAAED02.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0B79C053C7D38EE4AB9A00CB3B5D2472
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0B79C053C7D38EE4AB9A00CB3B5D2472.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0C2A386AC128F68458C8AF36D45B8E46
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0C2A386AC128F68458C8AF36D45B8E46.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0EA0DB261BE4BBB4F8346B04C0F8BEC2
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0EA0DB261BE4BBB4F8346B04C0F8BEC2.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_12341
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_12345
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_164AFE3E38BEB3C4C974C2D1850A5155
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_164AFE3E38BEB3C4C974C2D1850A5155.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_192F91FAF22F89746926253550EAE984
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_192F91FAF22F89746926253550EAE984.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_1A9AF58E142C896498B3DD9905B9D80B
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_1A9AF58E142C896498B3DD9905B9D80B.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_1A9CAC34399156F40969C7A9CFB2FB45
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_1A9CAC34399156F40969C7A9CFB2FB45.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_1F52FBE22A8FAE0429EB39C141A2442E
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_1F52FBE22A8FAE0429EB39C141A2442E.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_23DBFBD2BB0087647BB7F8F5278924CB
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_23DBFBD2BB0087647BB7F8F5278924CB.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_24ACF5D6684123E4FA8EB1E7A25AD933
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_24ACF5D6684123E4FA8EB1E7A25AD933.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_2509FC9A0A4FD5740AF08A83C826DD36
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_2509FC9A0A4FD5740AF08A83C826DD36.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_2894BB3325CD68840AB34F5C8CB0EE98
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_2894BB3325CD68840AB34F5C8CB0EE98.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_5AE0493B2787E784FA51FC02BD6DF5B1
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_5AE0493B2787E784FA51FC02BD6DF5B1.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_AA0F1499309B4FA40A55389A18C50C11
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_AA0F1499309B4FA40A55389A18C50C11.dll
C:\WINDOWS\system32\bharebio18
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\ExTmp
C:\WINDOWS\system32\hnphbvbx.dll
C:\WINDOWS\system32\IDE2
C:\WINDOWS\system32\IDE2\mdllcom2.exe
C:\WINDOWS\system32\kpwlllqj.ini
C:\WINDOWS\system32\mlfcache.dat
C:\WINDOWS\system32\pinz1
C:\WINDOWS\system32\targetedbanner-uninst.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\wii
C:\WINDOWS\system32\wii\HTgn1dll.exe
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\TWF0dCBGb3J0dW5h
.
((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.
2008-04-11 17:19 . 2008-04-11 17:19 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-11 17:19 . 2008-04-11 17:19 <DIR> d-------- C:\Documents and Settings\Matt Fortuna\Application Data\Malwarebytes
2008-04-11 17:19 . 2008-04-11 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-11 15:35 . 2008-04-11 15:35 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-10 14:07 . 2008-04-10 14:07 <DIR> d-------- C:\fsaua.data
2008-04-10 13:45 . 2008-04-10 13:45 <DIR> d-------- C:\Program Files\ThreatFire
2008-04-10 13:45 . 2008-02-15 10:20 51,520 --a------ C:\WINDOWS\system32\drivers\TfFsMon.sys
2008-04-10 13:45 . 2008-02-15 10:21 41,280 --a------ C:\WINDOWS\system32\drivers\TfSysMon.sys
2008-04-10 13:45 . 2008-02-15 10:21 33,088 --a------ C:\WINDOWS\system32\drivers\TfNetMon.sys
2008-04-10 13:45 . 2008-02-15 10:21 12,608 --a------ C:\WINDOWS\system32\drivers\TfKbMon.sys
2008-04-10 12:55 . 2008-04-10 12:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-04-10 12:39 . 2008-04-10 12:39 <DIR> d-------- C:\Documents and Settings\Matt Fortuna\Application Data\Simply Super Software
2008-04-10 12:39 . 2008-04-10 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-04-09 14:10 . 2007-11-27 22:56 116,416 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2008-04-09 14:10 . 2007-11-27 22:56 91,328 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2008-04-09 14:09 . 2007-07-06 15:09 70,928 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2008-04-09 14:07 . 2008-04-12 19:15 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-04-09 11:27 . 2008-04-09 11:31 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-04-09 09:41 . 2008-04-09 09:41 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-04-08 20:36 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-08 20:36 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-08 20:36 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-08 20:36 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-08 20:35 . 2008-04-08 21:32 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-04-08 20:35 . 2008-04-08 20:35 <DIR> d-------- C:\Documents and Settings\Matt Fortuna\Application Data\PC Tools
2008-04-08 19:38 . 2008-04-11 19:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-08 14:05 . 2008-04-08 14:05 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-04-08 13:58 . 2008-04-08 13:58 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-04-04 13:39 . 2008-04-12 11:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-04 13:39 . 2008-04-04 13:39 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-04 13:38 . 2008-04-04 13:38 <DIR> d-------- C:\Program Files\iTunes
2008-04-04 13:37 . 2008-04-04 13:37 <DIR> d-------- C:\Program Files\QuickTime
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-21 12:01 . 2008-03-21 12:01 <DIR> d-------- C:\Program Files\Safari
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 14:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-12 18:35 --------- d-----w C:\Program Files\Lx_cats
2008-04-12 17:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-12 01:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-11 19:46 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-10 21:58 --------- d-----w C:\Program Files\East-Tec Eraser 2007
2008-04-08 22:10 --------- d-----w C:\Program Files\RegistryFix
2008-04-08 20:35 --------- d-----w C:\Program Files\FrostWire
2008-04-08 20:18 --------- d-----w C:\Documents and Settings\Matt Fortuna\Application Data\FrostWire
2008-04-04 20:43 --------- d-----w C:\Documents and Settings\Matt Fortuna\Application Data\Apple Computer
2008-04-04 19:38 --------- d-----w C:\Program Files\iPod
2008-03-28 23:11 --------- d-----w C:\Program Files\Java
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-12 00:00 --------- d-----w C:\Program Files\Microsoft Works
2008-03-03 02:38 --------- d-----w C:\Program Files\LimeWire Turbo Accelerator
2008-03-03 02:10 --------- d-----w C:\Program Files\LimeWire
2008-03-02 00:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-13 00:04 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-29 18:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
2006-12-22 22:29 87,608 ----a-w C:\Documents and Settings\Matt Fortuna\Application Data\ezpinst.exe
2006-12-22 22:29 47,360 ----a-w C:\Documents and Settings\Matt Fortuna\Application Data\pcouffin.sys
2006-07-06 04:09 88 --sh--r C:\WINDOWS\system32\1807ACA7C4.sys
2006-07-06 21:52 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2007-11-26 15:47 1206600]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Index Washer"="C:\Program Files\Webroot\Washer\WashIdx.exe" [2007-11-26 15:47 55624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 22:20 339968 C:\WINDOWS\stsystra.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 20:05 344064]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 02:12 94208]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 04:20 122940]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-06 23:56 188416]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 07:03 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-08 12:45 212992]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-05-22 06:55 483328]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-04-19 15:48 319488]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"LXCICATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll" [2005-09-08 12:44 73728]
"lxcimon.exe"="C:\Program Files\Lexmark 7300 Series\lxcimon.exe" [2005-09-30 08:47 200704]
"EzPrint"="C:\Program Files\Lexmark 7300 Series\ezprint.exe" [2005-08-01 06:05 94208]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 19:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 19:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 19:50 114688]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2008-01-20 15:08 77824]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-20 21:29 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-01-22 19:43 67112]
"ThreatFire"="C:\Program Files\ThreatFire\TFTray.exe" [2008-02-15 10:20 1152320]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-25 06:47:36 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
R0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys [2008-02-15 10:20]
R0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys [2008-02-15 10:21]
R2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service []
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 15:47]
R3 lxci_device;lxci_device;C:\WINDOWS\system32\lxcicoms.exe [2005-10-24 06:33]
R3 TfNetMon;TfNetMon;C:\WINDOWS\system32\drivers\TfNetMon.sys [2008-02-15 10:21]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-11 16:58:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-13 08:51:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-13 8:52:49
ComboFix-quarantined-files.txt 2008-04-13 14:52:42
ComboFix2.txt 2008-04-12 17:26:37
Pre-Run: 99,023,470,592 bytes free
Post-Run: 99,017,129,984 bytes free
.
2008-04-09 15:41:23 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:45 AM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} -
http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cabO16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} -
http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cabO16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -
http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcafee.com/molbin/share ... insctl.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/resour ... ase370.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 9135463618O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) -
https://webdl.symantec.com/activex/symdlmgr.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 9633338031O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) -
http://download.sopcast.com/download/SOPCORE.CABO16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) -
http://support.f-secure.com/ols/fscax.cabO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
--
End of file - 11005 bytes