This is a detailed description [for the most part] of what has happened to my computer. 5 days ago when everything was normal, I downloaded a movie clip from a website that I don’t know. That’s when things started going downhill. As soon as I had it on my computer everything became really slow, and I was flooded with pop-ups although I had clicked on nothing. I logged off and since I have a wireless internet connection going from my desktop [the one going nuts] to my laptop I didn’t bother getting back onto my desktop for about 4 days. Last night I decided to get on again, just so I could edit some photos in Adobe Photoshop, but as soon as my background and icons appeared I seen an alert from Norton Security telling me I have spy ware on my computer. I clicked on the icon so it could scan and delete it, but it told me it couldn’t run the scan and it gave me a link to go to so I could read how to fix that problem, but it told me I didn’t have an internet connection which obviously struck me as odd because it was working just a few days ago and it was still up and running on my laptop. Before I had a chance to look into that, windows sent me an alert saying basically the same thing Norton did except worded it differently. Then It sent me a popup telling me that my computer was making unauthorized copies of my files and system. It continued to say all those three things over and over again. It also would not let me access my Photoshop and whenever I would click on anything it would freeze. I tried system restore to where it took me back till before I downloaded that movie clip but the spy ware was still there. I got on my laptop and went to Yahoo-Answers and asked about my problem. I was told to go into safe mode and download antivirus protection which is exactly what I did. I searched and I searched till I found every available scan that I could, some of which when I tried to install , my computer told me and I quote “the administrator has set polices to prevent this installation” which did not make sense because I was in the administrator account and I have never set such polices. I also couldn’t click on my add/remove programs because it told me I didn’t no longer have access to it and to contact my system administrator. [which I thought was me considering I’m the only one that uses the computer] The ones I did manage to install/do were the following: VundoFix SDFix RenV Housecall Panda Kaspersky CWShredder SpyBotS&D Ad-Aware It took all of those to remove every spy ware, and Trojan on my computer. All in all I had 32viruses, and 500 files had to be deleted. Some of the infected ones were fixed. I ran a few of the scans over just to make sure. Then I figured since Norton didn’t help get rid of some of the viruses automatically that I needed to download another antivirus program which is exactly what I did. Since I have AOL I installed their version of McAfee After that, I turned off my computer. Today I turn it on in normal mode and everything seemed to be up to speed again, and I was getting no pop-ups telling me I was infected. Until about 10minutes later when McAfee alerts me that it has defected a file by the name of 'C:/windows/system32/jkhfc.exe. Then as soon as I exit out of the alert, I get a windows popup telling me it cannot open 'C:/windows/system32/jkhfc.exe because it cannot find a path way which doesn’t make sense because I never tried to open it in in the first place. Then a few minutes after that I got another alert from McAfee that a Trojan has been deleted. That same message pops up every 10minutes. If it successfully removed the Trojan then how come it keeps coming back? I restarted my computer 3 times to only go through the same routine. I ran the other scans again and they found nothing. I couldn’t figure out how to fix that so I went on to wondering why I can’t connect to the internet anymore through AOL, I.E, or FireFox in normal/standard mode. I went into safe mode and it worked fine. I could connect, surf and everything else. It also works on my laptop. All the lights on the modem as well as on the router are on. I even went to the routers website and tried to fix the problem and it told me to disconnect the power adapter from both of them then connect them back again and I did that, but still no change. I also had someone tell me open command prop and type in some things for example: config /reset but nothing has worked. I’m only 13 and my parents know nothing about computers so I’m hoping somebody here can help me figure all of this out.
Download HijackThis. Open HJK. Click, Do a system scan and save a logfile. Post the log here for review. I or someone else will get back to you shortly. http://www.download.com/3000-8022_4-10781312.html
I ran a few more scans last night from some of those programs that I had downloaded before and they removed some things before I knew I had to do this logfile , and I haven't got any pop-ups since so all the viruses might be gone. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:33:39 PM, on 1/15/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode with network support Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSExplorer.EXE CROGRA~1McAfeeVIRUSS~1mcods.exe Crogram FilesTrend MicroHijackThisHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://bfc.myway.com/search/de_srchlft.html R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://as.starware.com/dp/search?x=...TinKEUicSbfJxza4jhcCtj4CJOn24PmH46fOq7Vhln4bn R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.dell4me.com/myway R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Crogram FilesMyWaySASrchAsDe1.bindeSrcAs.dll R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - Crogram FilesMorpheusBarSrchAstt1.binMBSRCAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - Crogram FilesMorpheusBarbar1.binMORPHBAR.DLL O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file) O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - Crogram FilesMyWaySASrchAsDe1.bindeSrcAs.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - CROGRA~1SPYBOT~1SDHelper.dll O2 - BHO: (no name) - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll O2 - BHO: (no name) - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - (no file) O2 - BHO: (no name) - {74B97E26-32A6-4C0F-B8D8-F932A1BB5864} - (no file) O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - Crogram FilesAOLAOL Toolbar 3.0aoltb.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - cROGRA~1mcafeeVIRUSS~1scriptcl.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - Crogram FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - Crogram FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - Crogram FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll O2 - BHO: (no name) - {C4E2AB5B-E41A-4168-B2BB-09300536148B} - (no file) O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - Crogram FilesMorpheusBarSrchAstt1.binMBSRCAS.DLL O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - Crogram FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Crogram FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll O3 - Toolbar: (no name) - {4D1C4E89-A32A-416b-BCDB-33B3EF3617D3} - (no file) O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Crogram FilesAOLAOL Toolbar 3.0aoltb.dll O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - Crogram FilesMorpheusBarbar1.binMORPHBAR.DLL O4 - HKLM..Run: [Dell Photo AIO Printer 922] "Crogram FilesDell Photo AIO Printer 922dlbtbmgr.exe" O4 - HKLM..Run: [DLBTCATS] rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863DLBTtime.dll,_RunDLLEntry@16 O4 - HKLM..Run: [AOLDialer] Crogram FilesCommon FilesAOLACSAOLDial.exe O4 - HKCU..Run: [DellSupport] "Crogram FilesDellSupportDSAgnt.exe" /startup O4 - HKCU..Run: [AdobeUpdater] Crogram FilesCommon FilesAdobeUpdater5AdobeUpdater.exe O4 - HKCU..Run: [EasyLinkAdvisor] "Crogram FilesLinksys EasyLink AdvisorLinksysAgent.exe" /startup O4 - Startup: MyWebSearch Email Plugin.lnk = Crogram FilesMyWebSearchbar2.binMWSOEMON.EXE O4 - Global Startup: America Online 9.0 Tray Icon.lnk = Crogram FilesAmerica Online 9.0aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Kodak EasyShare software.lnk = Crogram FilesKodakKodak EasyShare softwarebinEasyShare.exe O8 - Extra context menu item: &AOL Toolbar Search - crogram filesaolaol toolbar 3.0resourcesen-USlocalsearch.html O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm492YYUS O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_04binnpjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_04binnpjpi150_04.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - Crogram FilesAOLAOL Toolbar 3.0aoltb.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINDOWSbdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINDOWSbdoscandel.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - Crogram FilesAIMaim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - CROGRA~1SPYBOT~1SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - CROGRA~1SPYBOT~1SDHelper.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - CROGRA~1Yahoo!MESSEN~1YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - CROGRA~1Yahoo!MESSEN~1YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:WINDOWSsystem32shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:WINDOWSsystem32shdocvw.dll O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPluginNOSSO.ocx O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab O16 - DPF: {49A3DCEE-FC3C-11D4-83E5-0050DA33C619} (BVXPlayer Class) - http://www.eminem.net/xplayer/xplayer.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - CROGRA~1COMMON~1AOLACSAOLacsd.exe O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - Crogram FilesSymantecLiveUpdateALUSchedulerSvc.exe (file missing) O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - Crogram FilesBonjourmDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - Crogram FilesCanonCALCALMAIN.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedccSetMgr.exe O23 - Service: dlbt_device - Dell - C:WINDOWSsystem32dlbtcoms.exe O23 - Service: DSBrokerService - Unknown owner - Crogram FilesDellSupportbrkrsvc.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - CROGRA~1COMMON~1McAfeeEmProxyemproxy.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - Crogram FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Crogram FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - Crogram FilesNorton Internet SecurityISSVC.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:WINDOWSsystem32driversKodakCCS.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - Crogram FilesCommon FilesMcAfeeHackerWatchHWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - CROGRA~1McAfeeMSCmcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - CROGRA~1McAfeeMSCmcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - cROGRA~1COMMON~1mcafeemnamcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - CROGRA~1McAfeeVIRUSS~1mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - CROGRA~1McAfeeMSCmcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - cROGRA~1COMMON~1mcafeemcproxymcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - cROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - CROGRA~1McAfeeVIRUSS~1mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - CROGRA~1McAfeeVIRUSS~1mcsysmon.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - CROGRA~1McAfeeMPSmps.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - Crogram FilesNorton Internet SecurityNorton AntiVirusnavapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - Crogram FilesIntelPROSetWiredNCSSyncNetSvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:WINDOWSsystem32PSIService.exe O23 - Service: SAVScan - Symantec Corporation - Crogram FilesNorton Internet SecurityNorton AntiVirusSAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - CROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedSNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:WINDOWSwanmpsvc.exe -- End of file - 12841 bytes
Man! Your HJK log is a complete mess! I think all those cleaner you ran did a number! I recommend you reformat and reinstall windows XP. However, if you don't want to do this it my take several steps to remove all the infections and problems. Before we can continue your going to need to remove some programs. You have two Anti-Virus programs, you need to completely remove both, then reinstall one. I can assist you with whatever you decide to do. Hold off on any changes until you contact me.
Its really that bad? I thought all those scans were meant to help. :/ & I seriously do NOT want to reformat. I don't want to lose all my information and start over from scratch. Besides, I don't remember where I put the CD that came with my computer. I'll take whatever steps I need to besides that. So, I uninstall both of my antivirus protections? Then install only one again? I think I'll keep McAfee.
Which ever, Anti-Virus program your already paying for would be the one to reinstall. Use both of these removal tools. http://www.majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039 Download and run this registry cleaner. Follow the instructions. Be sure to create a backup, you will be prompted during the process. Note: Run it a couple of times to make sure all is removed. http://www.ccleaner.com/ Download and run ComboFix. Post log here. http://forums.majorgeeks.com/showthread.php?t=134965 Run Disc Cleanup and Disc Defragmenter. Download and install McAfee Internet Security 2008 from AOL. Run HijackThis and post a new log.
ComboFix 08-01-17.3 - Ashley Stanton 2008-01-17 17:41:02.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.216 [GMT -6:00] Running from: C:-Documents and SettingsAdministrator.NEBULADesktopComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))) . 2008-01-16 16:19 . 2000-08-31 08:00 51,200 --a------ C:WINDOWSNirCmd.exe 2008-01-16 16:12 . 2008-01-16 16:12 d-------- Crogram FilesCCleaner 2008-01-15 14:17 . 2008-01-15 14:17 d-------- Crogram FilesTrend Micro 2008-01-15 01:14 . 2008-01-15 01:14 d-------- Crogram FilesWindows Live Safety Center 2008-01-14 06:16 . 2008-01-14 06:16 d-------- C:eaf1a803610c78113b6d2f 2008-01-14 05:58 . 2006-03-03 11:07 143,360 --a------ C:WINDOWSsystem32dunzip32.dll 2008-01-14 05:56 . 2008-01-14 05:56 d-------- C:mcafee_mcpr 2008-01-14 05:12 . 2008-01-14 05:12 d-------- C:-Documents and SettingsAshley StantonApplication Dataspy-rid.com 2008-01-14 05:12 . 2008-01-14 05:32 19,080 --a------ C:WINDOWSsystem32ctfmona .exe 2008-01-14 04:45 . 2008-01-15 01:31 d-------- C:-Documents and SettingsAll UsersApplication DataViewpoint 2008-01-14 04:22 . 2008-01-14 04:22 d-------- C:-Documents and SettingsAdministrator.NEBULAApplication DataViewpoint 2008-01-14 04:10 . 2008-01-14 04:10 d-------- C:-Documents and SettingsAdministrator.NEBULAApplication DataAdobeUM 2008-01-14 03:36 . 2008-01-14 03:36 d-------- Crogram FilesBelarc 2008-01-14 03:36 . 2005-04-07 16:18 3,840 --a------ C:WINDOWSsystem32driversBANTExt.sys 2008-01-14 03:11 . 2008-01-14 03:45 d-------- C:-Documents and SettingsAll UsersApplication DataSpybot - Search & Destroy 2008-01-14 02:45 . 2008-01-14 02:45 d-------- C:KAV 2008-01-14 02:31 . 2008-01-14 02:55 d-------- C:WINDOWSsystem32ActiveScan 2008-01-14 02:31 . 2008-01-14 02:31 30,590 --a------ C:WINDOWSsystem32pavas.ico 2008-01-14 02:31 . 2008-01-14 02:31 2,550 --a------ C:WINDOWSsystem32Uninstall.ico 2008-01-14 02:31 . 2008-01-14 02:31 1,406 --a------ C:WINDOWSsystem32Help.ico 2008-01-14 02:29 . 2008-01-14 02:29 1,167 --a------ C:WINDOWSmozver.dat 2008-01-14 02:27 . 2008-01-14 02:57 d-------- C:-Documents and SettingsAdministrator.NEBULA.housecall6.6 2008-01-14 02:04 . 2008-01-14 02:04 d-------- C:WINDOWSERUNT 2008-01-14 01:38 . 2008-01-14 03:58 d-------- C:VundoFix Backups 2008-01-13 22:01 . 2008-01-14 01:12 d-------- C:WINDOWSBDOSCAN8 2008-01-13 21:56 . 2008-01-13 21:56 d---s---- C:-Documents and SettingsAdministrator.NEBULAUserData 2008-01-13 21:07 . 2008-01-13 21:07 dr------- C:-Documents and SettingsAll UsersApplication DataSalesMon 2008-01-13 21:07 . 2001-03-08 18:30 24,064 --a------ C:WINDOWSsystem32msxml3a.dll 2008-01-13 20:57 . 2008-01-15 01:30 d-------- Crogram FilesSpy-Rid 2008-01-13 20:57 . 2008-01-13 20:57 d-------- C:-Documents and SettingsAdministrator.NEBULAApplication Dataspy-rid.com 2008-01-13 20:44 . 2005-07-21 20:21 d-------- C:-Documents and SettingsAdministrator.NEBULAApplication DataSymantec 2008-01-13 20:44 . 2005-07-21 20:13 d-------- C:-Documents and SettingsAdministrator.NEBULAApplication DataJasc Software Inc 2008-01-13 20:44 . 2008-01-07 12:00 d-------- C:-Documents and SettingsAdministrator.NEBULAApplication DataGtek 2008-01-13 20:20 . 2005-07-21 20:21 d-------- C:-Documents and SettingsAdministratorApplication DataSymantec 2008-01-13 20:20 . 2005-07-21 20:13 d-------- C:-Documents and SettingsAdministratorApplication DataJasc Software Inc 2008-01-13 20:20 . 2008-01-07 12:00 d-------- C:-Documents and SettingsAdministratorApplication DataGtek 2008-01-13 19:40 . 2008-01-13 19:40 664 --a------ C:WINDOWSsystem32d3d9caps.dat 2008-01-13 18:21 . 2008-01-13 19:12 d-------- Crogram FilesCommon FilesWise Installation Wizard 2008-01-13 18:19 . 2008-01-13 18:19 d-------- C:-Documents and SettingsAshley StantonApplication DataEasySpywareCleaner.com 2008-01-13 18:18 . 2008-01-14 00:38 d-------- Crogram FilesEasySpywareCleaner 2008-01-11 17:14 . 2008-01-13 20:31 94,208 --a------ C:WINDOWSsystem32igfxtray .exe 2008-01-11 17:14 . 2008-01-13 20:31 77,824 --a------ C:WINDOWSsystem32hkcmd .exe 2008-01-10 22:19 . 2007-07-16 15:53 48 --a------ C:-Documents and SettingsAshley Stantonreadme.bat 2008-01-07 11:59 . 2008-01-14 00:42 d-------- Crogram FilesLinksys EasyLink Advisor 2007-12-26 18:03 . 2007-12-26 18:06 d-------- C:from_old_computer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-16 21:56 --------- d-----w Crogram FilesCommon FilesSymantec Shared 2008-01-15 07:45 --------- d-----w Crogram FilesCorel 2008-01-15 07:45 --------- d-----w Crogram FilesCommon FilesCorel 2008-01-15 07:45 --------- d-----w C:-Documents and SettingsAshley StantonApplication DataCorel 2008-01-15 07:32 --------- d-----w Crogram FilesGIMP-2.0 2008-01-15 06:46 7,520 --sha-w C:WINDOWSsystem32KGyGaAvL.sys 2008-01-14 09:53 --------- d-----w Crogram FilesBearShare 2008-01-14 08:55 --------- d-----w Crogram FilesBonjour 2008-01-14 06:45 --------- d-----w Crogram FilesQuickTime 2008-01-14 06:36 --------- d-----w Crogram FilesDellSupport 2008-01-14 06:36 --------- d-----w Crogram FilesDell Photo AIO Printer 922 2008-01-14 02:33 --------- d-----w Crogram FilesPlaxo 2008-01-06 11:26 --------- d-----w Crogram FilesMorpheus 2007-12-15 05:40 --------- d-----w Crogram FilesCommon FilesCrystal Decisions 2007-12-15 05:38 --------- d-----w Crogram FilesCommon FilesNova Development 2007-12-15 05:37 --------- d-----w Crogram FilesIdeasoft 2007-12-08 03:24 --------- d--h--w C:-Documents and SettingsAll UsersApplication DataCanonBJ 2007-11-14 07:26 450,560 ------w C:WINDOWSsystem32dllcachejscript.dll 2007-11-07 09:26 721,920 ----a-w C:WINDOWSsystem32lsasrv.dll 2007-11-07 09:26 721,920 ------w C:WINDOWSsystem32dllcachelsasrv.dll 2007-10-30 17:20 360,064 ------w C:WINDOWSsystem32dllcachetcpip.sys 2007-10-30 10:16 3,058,688 ------w C:WINDOWSsystem32dllcachemshtml.dll 2007-10-29 22:43 1,287,680 ----a-w C:WINDOWSsystem32quartz.dll 2007-10-29 22:43 1,287,680 ------w C:WINDOWSsystem32dllcachequartz.dll 2007-10-27 23:40 222,720 ----a-w C:WINDOWSsystem32wmasf.dll 2007-10-27 23:40 222,720 ----a-w C:WINDOWSsystem32dllcachewmasf.dll 2007-10-26 03:36 8,454,656 ------w C:WINDOWSsystem32dllcacheshell32.dll 2007-10-25 16:26 53,248 ----a-w C:WINDOWSbdoscandel.exe . Code: ----a-w 1,404,928 2008-01-14 02:30:57 C:Program FilesAnalog DevicesCoresmax4pnp .exe ----a-w 2,321,600 2008-01-14 02:33:05 C:Program FilesCommon FilesAdobeUpdater5AdobeUpdater .exe ----a-w 50,736 2008-01-14 02:32:59 C:Program FilesCommon FilesAOL1144880704eeAOLSoftware .exe ----a-w 71,216 2008-01-14 02:31:58 C:Program FilesCommon FilesAOLACSAOLDial .exe ----a-w 531,272 2008-01-14 02:08:49 C:Program FilesCommon FilesCorelCorel PhotoDownloaderCorel Photo Downloader .exe ----a-w 531,272 2008-01-14 02:32:20 C:Program FilesCommon FilesCorelCorel PhotoDownloaderCorel Photo Downloader .exe ----a-w 81,920 2008-01-14 02:31:18 C:Program FilesCommon FilesInstallShieldUpdateServiceissch .exe ----a-w 221,184 2008-01-14 02:32:27 C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM .exe ----a-w 185,896 2008-01-14 02:32:09 C:Program FilesCommon FilesRealUpdate_OBrealsched .exe ----a-w 48,752 2008-01-14 02:31:19 C:Program FilesCommon FilesSymantec SharedccApp .exe ----a-w 53,248 2008-01-14 02:30:55 C:Program FilesCyberLinkPowerDVDDVDLauncher .exe ----a-w 86,016 2008-01-14 02:31:18 C:Program FilesDellMedia ExperienceDMXLauncher .exe ----a-w 290,816 2008-01-14 02:31:23 C:Program FilesDell Photo AIO Printer 922dlbtbmgr .exe ----a-w 460,784 2008-01-14 02:32:47 C:Program FilesDellSupportDSAgnt .exe ----a-w 305,490 2008-01-14 02:08:56 C:Program FilesEasySpywareCleanerEasySpywareCleaner .exe ----a-w 36,975 2008-01-14 02:30:53 C:Program FilesJavajre1.5.0_04binjusched .exe ----a-w 454,784 2008-01-14 02:32:56 C:Program FilesLinksys EasyLink AdvisorLinksysAgent .exe ----a-w 1,694,208 2008-01-14 02:39:55 C:Program FilesMessengermsmsgs .exe ----a-w 53,248 2008-01-14 02:32:03 C:Program FilesMUSICMATCHMusicmatch Jukeboxmmtask .exe ----a-w 135,168 2008-01-14 02:31:01 C:Program FilesMUSICMATCHMusicmatch Jukeboxmm_tray .exe ----a-w 227,914 2008-01-14 02:32:44 C:Program FilesPlaxo2.13.1.3PlaxoHelper .exe ----a-w 19,080 2008-01-14 11:32:49 C:WINDOWSsystem32ctfmona .exe ----a-w 77,824 2008-01-14 02:31:42 C:WINDOWSsystem32hkcmd .exe ----a-w 94,208 2008-01-14 02:31:42 C:WINDOWSsystem32igfxtray .exe ----a-w 127,035 2008-01-13 22:06:42 C:WINDOWSsystem32dlatfswctrl .exe ((((((((((((((((((((((((((((( snapshot@2008-01-17_16.30.50.37 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-16 22:19:48 1,417,216 ----a-w C:WINDOWSerdntHiv-backupUsers00000001NTUSER.DAT + 2008-01-17 23:32:11 1,417,216 ----a-w C:WINDOWSerdntHiv-backupUsers00000001NTUSER.DAT - 2008-01-16 22:19:48 8,192 ----a-w C:WINDOWSerdntHiv-backupUsers00000002UsrClass.dat + 2008-01-17 23:32:11 8,192 ----a-w C:WINDOWSerdntHiv-backupUsers00000002UsrClass.dat - 2008-01-16 22:19:48 1,421,312 ----a-w C:WINDOWSerdntHiv-backupUsers00000003NTUSER.DAT + 2008-01-17 23:32:11 1,421,312 ----a-w C:WINDOWSerdntHiv-backupUsers00000003NTUSER.DAT - 2008-01-16 22:19:48 8,192 ----a-w C:WINDOWSerdntHiv-backupUsers00000004UsrClass.dat + 2008-01-17 23:32:11 8,192 ----a-w C:WINDOWSerdntHiv-backupUsers00000004UsrClass.dat - 2008-01-16 22:19:49 1,998,848 ----a-w C:WINDOWSerdntHiv-backupUsers00000005ntuser.dat + 2008-01-17 23:32:11 2,002,944 ----a-w C:WINDOWSerdntHiv-backupUsers00000005ntuser.dat - 2008-01-16 22:19:49 8,192 ----a-w C:WINDOWSerdntHiv-backupUsers00000006UsrClass.dat + 2008-01-17 23:32:11 8,192 ----a-w C:WINDOWSerdntHiv-backupUsers00000006UsrClass.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "DellSupport"="Crogram FilesDellSupportDSAgnt.exe" [ ] "AdobeUpdater"="Crogram FilesCommon FilesAdobeUpdater5AdobeUpdater.exe" [ ] "EasyLinkAdvisor"="Crogram FilesLinksys EasyLink AdvisorLinksysAgent.exe" [ ] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "DLBTCATS"="C:WINDOWSSystem32spoolDRIVERSW32X863DLBTtime.dll" [2004-11-09 15:41 69632] C:-Documents and SettingsAll UsersStart MenuProgramsStartup America Online 9.0 Tray Icon.lnk - Crogram FilesAmerica Online 9.0aoltray.exe [2005-07-21 20:15:48] Digital Line Detect.lnk - Crogram FilesDigital Line DetectDLG.exe [2005-07-21 20:09:46] Kodak EasyShare software.lnk - Crogram FilesKodakKodak EasyShare softwarebinEasyShare.exe [2005-11-04 14:04:48] S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:WINDOWSsystem32DRIVERSusb8023.sys [2004-08-04 04:00] S4 Winspfbsard;Winspfbsard;C:WINDOWSsystem32driversamdk7.sys [2004-08-04 04:00] *Newly Created Service* - PROCEXP90 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-17 17:42:22 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-17 17:43:22 ComboFix-quarantined-files.txt 2008-01-17 23:42:55 ComboFix2.txt 2008-01-17 22:31:09 . 2008-01-14 12:29:59 --- E O F --- --------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:14, on 2008-01-17 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode with network support Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSExplorer.EXE Crogram Filesinternet exploreriexplore.exe Crogram FilesTrend MicroHijackThisHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://bfc.myway.com/search/de_srchlft.html R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.dell4me.com/myway R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://spy-rid.com/stat.php?machine_id={09EB52F5-6287-45E2-B556-7C4952DCAE83} R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Crogram FilesMyWaySASrchAsDe1.bindeSrcAs.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - Crogram FilesMorpheusBarbar1.binMORPHBAR.DLL O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - Crogram FilesMyWaySASrchAsDe1.bindeSrcAs.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - CROGRA~1SPYBOT~1SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - Crogram FilesAOLAOL Toolbar 3.0aoltb.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - cROGRA~1mcafeeVIRUSS~1scriptcl.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - Crogram FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - Crogram FilesMorpheusBarSrchAstt1.binMBSRCAS.DLL O3 - Toolbar: (no name) - {4D1C4E89-A32A-416b-BCDB-33B3EF3617D3} - (no file) O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Crogram FilesAOLAOL Toolbar 3.0aoltb.dll O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - Crogram FilesMorpheusBarbar1.binMORPHBAR.DLL O4 - HKLM..Run: [DLBTCATS] rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863DLBTtime.dll,_RunDLLEntry@16 O4 - HKCU..Run: [SpybotSD TeaTimer] Crogram FilesSpybot - Search & DestroyTeaTimer.exe O4 - HKCU..RunOnce: [SpybotDeletingB8353] command /c del "C:WINDOWSsystem32jkhfc.dll_old" O4 - HKCU..RunOnce: [SpybotDeletingD6281] cmd /c del "C:WINDOWSsystem32jkhfc.dll_old" O4 - HKCU..RunOnce: [SpybotDeletingB8728] command /c del "C:WINDOWSsystem32jkhfc.dll_old" O4 - HKCU..RunOnce: [SpybotDeletingD6970] cmd /c del "C:WINDOWSsystem32jkhfc.dll_old" O4 - HKCU..RunOnce: [] CROGRA~1MOZILL~1FIREFOX.EXE http://www.symantec.com/techsupp/se...9&build=Symantec&a=00000082.00000010.00000030 O4 - Global Startup: America Online 9.0 Tray Icon.lnk = Crogram FilesAmerica Online 9.0aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Kodak EasyShare software.lnk = Crogram FilesKodakKodak EasyShare softwarebinEasyShare.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_04binnpjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_04binnpjpi150_04.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - Crogram FilesAOLAOL Toolbar 3.0aoltb.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINDOWSbdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINDOWSbdoscandel.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - Crogram FilesAIMaim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - CROGRA~1SPYBOT~1SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - CROGRA~1SPYBOT~1SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:WINDOWSsystem32shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:WINDOWSsystem32shdocvw.dll O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPluginNOSSO.ocx O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab O16 - DPF: {49A3DCEE-FC3C-11D4-83E5-0050DA33C619} (BVXPlayer Class) - http://www.eminem.net/xplayer/xplayer.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx O23 - Service: McAfee Application Installer Cleanup (0162481200586125) (0162481200586125mcinstcleanup) - McAfee, Inc. - C:-DOCUME~1ADMINI~1.NEBLOCALS~1Temp016248~1.EXE O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - CROGRA~1COMMON~1AOLACSAOLacsd.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - Crogram FilesBonjourmDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - Crogram FilesCanonCALCALMAIN.exe O23 - Service: dlbt_device - Dell - C:WINDOWSsystem32dlbtcoms.exe O23 - Service: DSBrokerService - Unknown owner - Crogram FilesDellSupportbrkrsvc.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - CROGRA~1COMMON~1McAfeeEmProxyemproxy.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - Crogram FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Crogram FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:WINDOWSsystem32driversKodakCCS.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - Crogram FilesCommon FilesMcAfeeHackerWatchHWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - CROGRA~1McAfeeMSCmcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - CROGRA~1McAfeeMSCmcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - cROGRA~1COMMON~1mcafeemnamcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - CROGRA~1McAfeeVIRUSS~1mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - CROGRA~1McAfeeMSCmcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - cROGRA~1COMMON~1mcafeemcproxymcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - cROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - CROGRA~1McAfeeVIRUSS~1mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - CROGRA~1McAfeeVIRUSS~1mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - Crogram FilesMcAfeeMPFMPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - CROGRA~1McAfeeMPSmps.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - Crogram FilesIntelPROSetWiredNCSSyncNetSvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:WINDOWSsystem32PSIService.exe O23 - Service: Symantec Core LC - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:WINDOWSwanmpsvc.exe -- End of file - 9417 bytes
Let's remove a few programs, you can reinstall them later once the HDD is cleaned up. Remove EasySpyWareCleaner, BearShare, Morpheus, SpyBot, BitDefender, F-Secure Online Scan, Ewido Online Scan, Kodak Easy Share. A few of these programs are conflicting with one another. At this point, I'm not certain which ones. In you log, it appears there is some sort of issue with Spybot. Kodak EasyShare has caused compatibility issues with other softwares as well. Most of these programs can all be removed in ADD/REMOVE programs. Also, uninstall any toolbars found there, too. Run CCleaner, Disc Cleanup and Defragmenter, again. Reboot into Safe Mode. Open HJK. Click, Do a scan only. Place check marks next to all the items listed below. Click, "Fix Checked" Click, Yes. Close HJK. Reboot into Normal Mode. Run HJK and post a new log. R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://bfc.myway.com/search/de_srchlft.html O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - Crogram FilesMyWaySASrchAsDe1.bindeSrcAs.dll O3 - Toolbar: (no name) - {4D1C4E89-A32A-416b-BCDB-33B3EF3617D3} - (no file) Download AVG Anti-Spyware and do a complete scan. fix any issues it finds. http://free.grisoft.com/doc/download-free-anti-spyware/us/frt/0 Run Windows System File Checker. Start>Run>type, sfc /scannow. This will take about 20 to run.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:00, on 2008-01-19 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32spoolsv.exe Crogram FilesGrisoftAVG Anti-Spyware 7.5avgas.exe C:WINDOWSsystem32ctfmon.exe Crogram FilesAmerica Online 9.0aoltray.exe Crogram FilesDigital Line DetectDLG.exe CROGRA~1COMMON~1AOLACSAOLacsd.exe Crogram FilesGrisoftAVG Anti-Spyware 7.5guard.exe Crogram FilesBonjourmDNSResponder.exe C:WINDOWSsystem32dlbtcoms.exe Crogram FilesDellSupportbrkrsvc.exe Crogram FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe Crogram FilesCommon FilesMcAfeeHackerWatchHWAPI.exe CROGRA~1McAfeeMSCmcmscsvc.exe cROGRA~1COMMON~1mcafeemnamcnasvc.exe CROGRA~1McAfeeVIRUSS~1mcods.exe CROGRA~1McAfeeMSCmcpromgr.exe cROGRA~1COMMON~1mcafeemcproxymcproxy.exe cROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe CROGRA~1McAfeeVIRUSS~1mcshield.exe CROGRA~1McAfeeVIRUSS~1mcsysmon.exe Crogram FilesMcAfeeMPFMPFSrv.exe CROGRA~1McAfeeMPSmps.exe C:WINDOWSsystem32PSIService.exe C:WINDOWSsystem32svchost.exe Crogram FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe cROGRA~1mcafee.comagentmcagent.exe C:WINDOWSwanmpsvc.exe Crogram FilesTrend MicroHijackThisHijackThis.exe cROGRA~1mcafeeVIRUSS~1mcvsshld.exe Crogram FilesMcAfeeMPSmpsevh.exe cROGRA~1mcafeempfmcmpfalert.exe C:WINDOWSsystem32wuauclt.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.dell4me.com/myway R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://spy-rid.com/stat.php?machine_id={09EB52F5-6287-45E2-B556-7C4952DCAE83} R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Crogram FilesMyWaySASrchAsDe1.bindeSrcAs.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - cROGRA~1mcafeeVIRUSS~1scriptcl.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - Crogram FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - cROGRA~1mcafeempsmcpopup.dll O4 - HKLM..Run: [!AVG Anti-Spyware] "Crogram FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" /minimized O4 - HKLM..Run: [DLBTCATS] rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863DLBTtime.dll,_RunDLLEntry@16 O4 - HKCU..Run: [DellSupport] "Crogram FilesDellSupportDSAgnt.exe" /startup O4 - HKCU..Run: [AdobeUpdater] Crogram FilesCommon FilesAdobeUpdater5AdobeUpdater.exe O4 - HKCU..Run: [EasyLinkAdvisor] "Crogram FilesLinksys EasyLink AdvisorLinksysAgent.exe" /startup O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - Startup: MyWebSearch Email Plugin.lnk = Crogram FilesMyWebSearchbar2.binMWSOEMON.EXE O4 - Global Startup: America Online 9.0 Tray Icon.lnk = Crogram FilesAmerica Online 9.0aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: &AOL Toolbar Search - crogram filesaolaol toolbar 3.0resourcesen-USlocalsearch.html O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm492YYUS O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - CROGRA~1COMMON~1AOLACSAOLacsd.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - Crogram FilesGrisoftAVG Anti-Spyware 7.5guard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - Crogram FilesBonjourmDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - Crogram FilesCanonCALCALMAIN.exe O23 - Service: dlbt_device - Dell - C:WINDOWSsystem32dlbtcoms.exe O23 - Service: DSBrokerService - Unknown owner - Crogram FilesDellSupportbrkrsvc.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - CROGRA~1COMMON~1McAfeeEmProxyemproxy.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - Crogram FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Crogram FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - Crogram FilesCommon FilesMcAfeeHackerWatchHWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - CROGRA~1McAfeeMSCmcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - CROGRA~1McAfeeMSCmcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - cROGRA~1COMMON~1mcafeemnamcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - CROGRA~1McAfeeVIRUSS~1mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - CROGRA~1McAfeeMSCmcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - cROGRA~1COMMON~1mcafeemcproxymcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - cROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - CROGRA~1McAfeeVIRUSS~1mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - CROGRA~1McAfeeVIRUSS~1mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - Crogram FilesMcAfeeMPFMPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - CROGRA~1McAfeeMPSmps.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - Crogram FilesIntelPROSetWiredNCSSyncNetSvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:WINDOWSsystem32PSIService.exe O23 - Service: Symantec Core LC - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:WINDOWSwanmpsvc.exe -- End of file - 7309 bytes
Dam you got you self in a pickle. I would just reformat everything. I would rather start from scratch than risk security and theft of persona stuff on your computer.
@JAB, I already suggested a reformat in the beginning. BAMBOOM, wanted to try to fix first. My HJK Analyzer log looks like scrambled eggs! LOL A few unknown infections still remain. May have to throw the entire cleaning tool arsenal at it. And at the end of the day, could very well be a waste of good time! But, that's what it's all about when dealing with viruses. Sometimes you win with the use of a few cleaning tools, and sometimes you lose and have to reformat. The infection/s or cleaning tool/s can create unpredictable results. @BAMBOOM, Remove all these cleaners: VundoFix SDFix RenV Housecall Panda Kaspersky CWShredder SpyBotS&D Ad-Aware Reboot and run CCleaner again. Turn off System Restore. Start>R/Click, My Computer>Properties>Click, Restore Tab>Place a tick (check mark) in the box next to, Turn off system Restore on al drives. Note: We will turn this back on later. Download SmitFraudFix. Search, Clean, Post log. Need help? Not hard to figure out. Your a smart kid! http://www.afterdawn.com/software/desktop_software/desktop_security/smitfraudfix.cfm Reboot Disconnect from the Internet. Disable anti-virus, firewall, anti-malware, pop-up stopper, and script blocking. Run ComboFix again. Post a log. Open HJK. Click, Do a system scan and post a logfile. Copy and Paste new log here. Note: We may need to reinstall and rename HJK later. If we continue to have problems with the analyzer. Turn On your anti-virus, firewall, anti-malware, pop-up stopper, and script blocking, before connecting to the Internet. Do all this and we will go to the next step.
For some reason it wont let me post my combo log. It takes forever then says the page cannot be displayed. And also i couldn't find any of those scans in my add/remove program so i had to use the search to delete them so i'm not sure if i got them all. It gave me two different logs from Smit and I didn't know which one you wanted so i'm posting both. SmitFraudFix v2.274 Scan done at 2:14:04.78, 2008-01-20 Run from C:-Documents and SettingsAdministrator.NEBULADesktopSmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32svchost.exe Crogram FilesGrisoftAVG Anti-Spyware 7.5guard.exe CROGRA~1McAfeeVIRUSS~1mcods.exe C:WINDOWSsystem32ctfmon.exe C:WINDOWSsystem32cmd.exe C:WINDOWSNOTEPAD.EXE C:WINDOWSsystem32cleanmgr.exe C:WINDOWSexplorer.exe C:WINDOWSNOTEPAD.EXE »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C: »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSWeb »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem32 »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem32LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:-Documents and SettingsAdministrator.NEBULA »»»»»»»»»»»»»»»»»»»»»»»» C:-Documents and SettingsAdministrator.NEBULAApplication Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:-DOCUME~1ADMINI~1.NEBFAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» Crogram Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix.exe by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon] »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport DNS Server Search Order: 192.168.1.254 HKLMSYSTEMCCSServicesTcpip..{F70E821E-C5B9-4A4B-AB09-9B5F118AA1CC}: DhcpNameServer=192.168.1.254 HKLMSYSTEMCS1ServicesTcpip..{F70E821E-C5B9-4A4B-AB09-9B5F118AA1CC}: DhcpNameServer=192.168.1.254 HKLMSYSTEMCS3ServicesTcpip..{F70E821E-C5B9-4A4B-AB09-9B5F118AA1CC}: DhcpNameServer=192.168.1.254 HKLMSYSTEMCCSServicesTcpipParameters: DhcpNameServer=192.168.1.254 HKLMSYSTEMCS1ServicesTcpipParameters: DhcpNameServer=192.168.1.254 HKLMSYSTEMCS3ServicesTcpipParameters: DhcpNameServer=192.168.1.254 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End ----------------------------------------------- SmitFraudFix v2.274 Scan done at 2:12:45.62, 2008-01-20 Run from C:-Documents and SettingsAdministrator.NEBULADesktopSmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix.exe by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport DNS Server Search Order: 192.168.1.254 HKLMSYSTEMCCSServicesTcpip..{F70E821E-C5B9-4A4B-AB09-9B5F118AA1CC}: DhcpNameServer=192.168.1.254 HKLMSYSTEMCS1ServicesTcpip..{F70E821E-C5B9-4A4B-AB09-9B5F118AA1CC}: DhcpNameServer=192.168.1.254 HKLMSYSTEMCS3ServicesTcpip..{F70E821E-C5B9-4A4B-AB09-9B5F118AA1CC}: DhcpNameServer=192.168.1.254 HKLMSYSTEMCCSServicesTcpipParameters: DhcpNameServer=192.168.1.254 HKLMSYSTEMCS1ServicesTcpipParameters: DhcpNameServer=192.168.1.254 HKLMSYSTEMCS3ServicesTcpipParameters: DhcpNameServer=192.168.1.254 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon] »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End ----------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 03:15, on 2008-01-20 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Safe mode Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe Crogram FilesGrisoftAVG Anti-Spyware 7.5guard.exe C:WINDOWSsystem32svchost.exe CROGRA~1McAfeeVIRUSS~1mcods.exe C:WINDOWSExplorer.EXE Crogram FilesTrend MicroHijackThisHijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - cROGRA~1mcafeeVIRUSS~1scriptcl.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - Crogram FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - cROGRA~1mcafeempsmcpopup.dll O4 - HKLM..Run: [!AVG Anti-Spyware] "Crogram FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" /minimized O4 - HKLM..Run: [DLBTCATS] rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863DLBTtime.dll,_RunDLLEntry@16 O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = Crogram FilesAmerica Online 9.0aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - CROGRA~1COMMON~1AOLACSAOLacsd.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - Crogram FilesGrisoftAVG Anti-Spyware 7.5guard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - Crogram FilesBonjourmDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - Crogram FilesCanonCALCALMAIN.exe O23 - Service: dlbt_device - Dell - C:WINDOWSsystem32dlbtcoms.exe O23 - Service: DSBrokerService - Unknown owner - Crogram FilesDellSupportbrkrsvc.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - CROGRA~1COMMON~1McAfeeEmProxyemproxy.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - Crogram FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Crogram FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - Crogram FilesCommon FilesMcAfeeHackerWatchHWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - CROGRA~1McAfeeMSCmcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - CROGRA~1McAfeeMSCmcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - cROGRA~1COMMON~1mcafeemnamcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - CROGRA~1McAfeeVIRUSS~1mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - CROGRA~1McAfeeMSCmcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - cROGRA~1COMMON~1mcafeemcproxymcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - cROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - CROGRA~1McAfeeVIRUSS~1mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - CROGRA~1McAfeeVIRUSS~1mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - Crogram FilesMcAfeeMPFMPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - CROGRA~1McAfeeMPSmps.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - Crogram FilesIntelPROSetWiredNCSSyncNetSvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:WINDOWSsystem32PSIService.exe O23 - Service: Symantec Core LC - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:WINDOWSwanmpsvc.exe -- End of file - 4503 bytes
