Karl`s PC Help Forums

Hijack This log
moosenbabe - 21-10-2008 at 19:03

I have been having about:blank pop ups.. and once in a while.. a ton of windows will start poping up. I have windows Xp.. If you need anymore info.. please let me know


Logfile of HijackThis v1.99.1
Scan saved at 3:20:23 PM, on 10/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32WLTRYSVC.EXE
C:WINDOWSSystem32bcmwltry.exe
C:Program FilesLavasoftAd-Awareaawservice.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32dlcxcoms.exe
C:Program FilesMcAfeeMBKMBackMonitor.exe
C:WINDOWSsystem32WLTRAY.exe
C:WINDOWSstsystra.exe
C:Program FilesMcAfeeSiteAdvisorMcSACore.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32igfxpers.exe
C:Program FilesCommon FilesMotiveMcciCMService.exe
C:Program FilesMcAfee.comAgentmcagent.exe
C:Program FilesDell Photo AIO Printer 926dlcxmon.exe
C:Program FilesDell Photo AIO Printer 926memcard.exe
C:WINDOWSsystem32igfxsrvc.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
C:Program FilesDellQuickSetquickset.exe
C:Program FilesJavajre1.6.0_07binjusched.exe
C:Program FilesDell Support Centerbinsprtcmd.exe
C:Program FilesMcAfeeMBKMcAfeeDataBackup.exe
c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:Program FilesDNAbtdna.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
C:Program FilesGigaTribegigatribe.exe
C:Program FilesMcAfeeVirusScanMcShield.exe
C:Program FilesMcAfeeMPFMPFSrv.exe
C:Program FilesMcAfeeMSKMskSrver.exe
C:WINDOWSsystem32PSIService.exe
C:Program FilesDell Support Centerbinsprtsvc.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesViewpointCommonViewpointService.exe
C:WINDOWSSystem32svchost.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
C:Program FilesPando NetworksPandopando.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesHijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://dogpile.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:PROGRA~1mcafeemskmcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:Program FilesMcAfeeVirusScanscriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:WINDOWSsystem32TwcToolbarIe7.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O4 - HKLM..Run: [Broadcom Wireless Manager UI] C:WINDOWSsystem32WLTRAY.exe
O4 - HKLM..Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [mcagent_exe] C:Program FilesMcAfee.comAgentmcagent.exe /runkey
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [dlcxmon.exe] "C:Program FilesDell Photo AIO Printer 926dlcxmon.exe"
O4 - HKLM..Run: [MemoryCardManager] "C:Program FilesDell Photo AIO Printer 926memcard.exe"
O4 - HKLM..Run: [FaxCenterServer] "C:Program FilesDell PC Faxfm3032.exe" /s
O4 - HKLM..Run: [ISUSPM Startup] "c:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe" -startup
O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [DLCXCATS] rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM..Run: [Dell QuickSet] C:Program FilesDellQuickSetquickset.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_07binjusched.exe"
O4 - HKLM..Run: [dscactivate] "C:Program FilesDell Support Centergs_agentcustomdsca.exe"
O4 - HKLM..Run: [DellSupportCenter] "C:Program FilesDell Support Centerbinsprtcmd.exe" /P DellSupportCenter
O4 - HKLM..Run: [McAfee Backup] C:Program FilesMcAfeeMBKMcAfeeDataBackup.exe
O4 - HKLM..Run: [MBkLogOnHook] C:Program FilesMcAfeeMBKLogOnHook.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [DLD.EXE] C:Program FilesDownload DirectDLD.exe
O4 - HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 - HKCU..Run: [BitTorrent DNA] "C:Program FilesDNAbtdna.exe"
O4 - HKCU..Run: [DellSupportCenter] "C:Program FilesDell Support Centerbinsprtcmd.exe" /P DellSupportCenter
O4 - HKCU..RunOnce: [FlashPlayerUpdate] C:WINDOWSsystem32MacromedFlashFlashUtil9f.exe
O4 - Startup: GigaTribe.lnk = C:Program FilesGigaTribegigatribe.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - https://care.alltel.com/lwp/static/installers/ALLTELControls.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%System32dimsntfy.dll (file missing)
O20 - Winlogon Notify: GoToAssist - C:Program FilesCitrixGoToAssist514G2AWinLogon.dll
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Awareaawservice.exe
O23 - Service: dlcx_device - - C:WINDOWSsystem32dlcxcoms.exe
O23 - Service: GoToAssist - Unknown owner - C:Program FilesCitrixGoToAssist514g2aservice.exe" Start=service (file missing)
O23 - Service: MBackMonitor - McAfee - C:Program FilesMcAfeeMBKMBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:Program FilesMcAfeeSiteAdvisorMcSACore.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:Program FilesCommon FilesMotiveMcciCMService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:Program FilesMcAfeeVirusScanMcShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:Program FilesMcAfeeMSKMskSrver.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:WINDOWSsystem32PSIService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:Program FilesDell Support Centerbinsprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:WINDOWSSystem32WLTRYSVC.EXE


Pancake - 21-10-2008 at 21:47

[color=red]Run both these programs[/color].


Please download Malwarebytes' Anti-Malware from one of these places:

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


=====================================================================================

=====================================================================================


Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

[color=Red]Go here ======> [/color][color=red]A guide and tutorial on using ComboFix[/color] [color=red]<====== Go here[/color]

[color=blue]Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If youhave SP3 installed you will need to use SP2.Do not use for Vista. [/color]

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:ComboFix.txt
New HijackThis log.


[color=red]Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use ofCombofix. Mal use can cause serious computer problems[/color]

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.


moosenbabe - 21-10-2008 at 23:43

it said nothing found....


Malwarebytes' Anti-Malware 1.29
Database version: 1304
Windows 5.1.2600 Service Pack 3

10/21/2008 7:59:25 PM
mbam-log-2008-10-21 (19-59-25).txt

Scan type: Quick Scan
Objects scanned: 46125
Time elapsed: 6 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Logfile of HijackThis v1.99.1
Scan saved at 8:00:11 PM, on 10/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32WLTRYSVC.EXE
C:WINDOWSSystem32bcmwltry.exe
C:Program FilesLavasoftAd-Awareaawservice.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32dlcxcoms.exe
C:Program FilesMcAfeeMBKMBackMonitor.exe
C:WINDOWSsystem32WLTRAY.exe
C:WINDOWSstsystra.exe
C:Program FilesMcAfeeSiteAdvisorMcSACore.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32igfxpers.exe
C:Program FilesCommon FilesMotiveMcciCMService.exe
C:Program FilesMcAfee.comAgentmcagent.exe
C:Program FilesDell Photo AIO Printer 926dlcxmon.exe
C:Program FilesDell Photo AIO Printer 926memcard.exe
C:WINDOWSsystem32igfxsrvc.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
C:Program FilesDellQuickSetquickset.exe
C:Program FilesJavajre1.6.0_07binjusched.exe
C:Program FilesDell Support Centerbinsprtcmd.exe
C:Program FilesMcAfeeMBKMcAfeeDataBackup.exe
c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesDNAbtdna.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
C:Program FilesMcAfeeVirusScanMcShield.exe
C:Program FilesMcAfeeMPFMPFSrv.exe
C:Program FilesMcAfeeMSKMskSrver.exe
C:WINDOWSsystem32PSIService.exe
C:Program FilesDell Support Centerbinsprtsvc.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesViewpointCommonViewpointService.exe
C:WINDOWSSystem32svchost.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesHijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://dogpile.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:PROGRA~1mcafeemskmcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:Program FilesMcAfeeVirusScanscriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:WINDOWSsystem32TwcToolbarIe7.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O4 - HKLM..Run: [Broadcom Wireless Manager UI] C:WINDOWSsystem32WLTRAY.exe
O4 - HKLM..Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [mcagent_exe] C:Program FilesMcAfee.comAgentmcagent.exe /runkey
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [dlcxmon.exe] "C:Program FilesDell Photo AIO Printer 926dlcxmon.exe"
O4 - HKLM..Run: [MemoryCardManager] "C:Program FilesDell Photo AIO Printer 926memcard.exe"
O4 - HKLM..Run: [FaxCenterServer] "C:Program FilesDell PC Faxfm3032.exe" /s
O4 - HKLM..Run: [ISUSPM Startup] "c:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe" -startup
O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [DLCXCATS] rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM..Run: [Dell QuickSet] C:Program FilesDellQuickSetquickset.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_07binjusched.exe"
O4 - HKLM..Run: [dscactivate] "C:Program FilesDell Support Centergs_agentcustomdsca.exe"
O4 - HKLM..Run: [DellSupportCenter] "C:Program FilesDell Support Centerbinsprtcmd.exe" /P DellSupportCenter
O4 - HKLM..Run: [McAfee Backup] C:Program FilesMcAfeeMBKMcAfeeDataBackup.exe
O4 - HKLM..Run: [MBkLogOnHook] C:Program FilesMcAfeeMBKLogOnHook.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..RunOnce: [Malwarebytes' Anti-Malware] C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe /install /silent
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [DLD.EXE] C:Program FilesDownload DirectDLD.exe
O4 - HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 - HKCU..Run: [BitTorrent DNA] "C:Program FilesDNAbtdna.exe"
O4 - HKCU..Run: [DellSupportCenter] "C:Program FilesDell Support Centerbinsprtcmd.exe" /P DellSupportCenter
O4 - HKCU..RunOnce: [FlashPlayerUpdate] C:WINDOWSsystem32MacromedFlashFlashUtil9f.exe
O4 - Startup: GigaTribe.lnk = C:Program FilesGigaTribegigatribe.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - https://care.alltel.com/lwp/static/installers/ALLTELControls.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%System32dimsntfy.dll (file missing)
O20 - Winlogon Notify: GoToAssist - C:Program FilesCitrixGoToAssist514G2AWinLogon.dll
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Awareaawservice.exe
O23 - Service: dlcx_device - - C:WINDOWSsystem32dlcxcoms.exe
O23 - Service: GoToAssist - Unknown owner - C:Program FilesCitrixGoToAssist514g2aservice.exe" Start=service (file missing)
O23 - Service: MBackMonitor - McAfee - C:Program FilesMcAfeeMBKMBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:Program FilesMcAfeeSiteAdvisorMcSACore.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:Program FilesCommon FilesMotiveMcciCMService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:Program FilesMcAfeeVirusScanMcShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:Program FilesMcAfeeMSKMskSrver.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:WINDOWSsystem32PSIService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:Program FilesDell Support Centerbinsprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:WINDOWSSystem32WLTRYSVC.EXE


moosenbabe - 22-10-2008 at 00:16

ComboFix 08-10-19.04 - Holly 2008-10-21 20:15:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.136 [GMT -4:00]
Running from: C:Documents and SettingsHollyDesktopComboFix.exe
* Created a new restore point
* Resident AV is active


[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:WINDOWSDownloaded Program FilesODCTOOLS
C:WINDOWSDownloaded Program FilesODCTOOLS~tBA.tmp
C:WINDOWSsystem32spuold.exe.exe

.
((((((((((((((((((((((((( Files Created from 2008-09-22 to 2008-10-22 )))))))))))))))))))))))))))))))
.

2008-10-21 19:50 . 2008-10-21 19:50 <DIR> d-------- C:Program FilesMalwarebytes' Anti-Malware
2008-10-21 19:50 . 2008-10-16 20:25 38,496 --a------ C:WINDOWSsystem32driversmbamswissarmy.sys
2008-10-21 19:50 . 2008-10-16 20:25 15,504 --a------ C:WINDOWSsystem32driversmbam.sys
2008-10-14 17:26 . 2008-08-14 06:11 2,189,184 -----c--- C:WINDOWSsystem32dllcachentoskrnl.exe
2008-10-14 17:26 . 2008-08-14 06:09 2,145,280 -----c--- C:WINDOWSsystem32dllcachentkrnlmp.exe
2008-10-14 17:26 . 2008-08-14 05:33 2,066,048 -----c--- C:WINDOWSsystem32dllcachentkrnlpa.exe
2008-10-14 17:26 . 2008-08-14 05:33 2,023,936 -----c--- C:WINDOWSsystem32dllcachentkrpamp.exe
2008-10-14 17:26 . 2008-09-15 08:12 1,846,400 -----c--- C:WINDOWSsystem32dllcachewin32k.sys
2008-10-14 17:00 . 2008-09-08 06:41 333,824 -----c--- C:WINDOWSsystem32dllcachesrv.sys
2008-10-11 11:22 . 2008-10-11 11:22 <DIR> d-------- C:Program FilesQuickTime
2008-09-30 15:49 . 2008-09-30 15:49 <DIR> d-------- C:Program Fileswindstream_act
2008-09-30 14:46 . 2008-09-30 14:46 <DIR> d-------- C:WINDOWSsolcache
2008-09-30 14:44 . 2008-09-30 14:44 <DIR> d-------- C:Documents and SettingsHollyWINDOWS
2008-09-29 20:51 . 2008-09-29 20:51 <DIR> d-------- C:Program FilesTVUPlayer
2008-09-29 20:51 . 2008-09-29 20:51 <DIR> d-------- C:Documents and SettingsHollyApplication DataTVU Networks
2008-09-26 10:44 . 2008-10-15 16:32 <DIR> d-------- C:Documents and SettingsLocalServiceApplication DataSACore
2008-09-23 11:28 . 2008-09-23 11:28 <DIR> d-------- C:Documents and SettingsHollyApplication DataMcAfee
2008-09-23 11:15 . 2008-09-23 11:15 <DIR> d-------- C:Documents and SettingsAll UsersApplication DataSupportSoft
2008-09-23 11:14 . 2008-09-23 11:14 <DIR> d-------- C:Program FilesDell Support Center
2008-09-23 11:14 . 2008-09-23 11:14 <DIR> d-------- C:Program FilesCommon Filessupportsoft
2008-09-23 11:13 . 2008-10-14 22:27 <DIR> d-------- C:Documents and SettingsAll UsersApplication DataDell
2008-09-22 12:50 . 2008-09-23 05:55 <DIR> d-------- C:Program FilesAceMoney
2008-09-22 12:50 . 2008-09-22 12:50 <DIR> d-------- C:Documents and SettingsHollyApplication DataMechCAD

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-22 00:19 --------- d-----w C:Documents and SettingsHollyApplication DataDNA
2008-10-21 16:17 --------- d-----w C:Documents and SettingsHollyApplication DataGigaTribe
2008-10-20 22:24 --------- d-----w C:Program FilesMcAfee
2008-10-20 19:48 --------- d-----w C:Documents and SettingsHollyApplication DataBitTorrent
2008-10-16 03:01 --------- d-----w C:Documents and SettingsHollyApplication DataFrostWire
2008-10-15 01:18 --------- d-----w C:Documents and SettingsHollyApplication DataVso
2008-10-11 18:02 --------- d-----w C:Program FilesDl_cats
2008-10-02 14:50 --------- d-----w C:Program FilesCommon FilesMotive
2008-09-30 19:50 --------- d-----w C:Documents and SettingsAll UsersApplication DataMotive
2008-09-26 20:06 --------- d-----w C:Documents and SettingsAll UsersApplication DataSiteAdvisor
2008-09-26 19:05 --------- d-----w C:Documents and SettingsAll UsersApplication DataYahoo!
2008-09-26 10:04 --------- d-----w C:Documents and SettingsAll UsersApplication DataMcAfee
2008-09-19 00:41 --------- d-----w C:Documents and SettingsHollyApplication Datadvdcss
2008-09-18 21:18 --------- d-----w C:Program FilesCommon FilesAOL
2008-09-17 17:41 --------- d-----w C:Program FilesDNA
2008-09-16 18:22 --------- d-----w C:Program FilesSUPERAntiSpyware
2008-09-15 12:12 1,846,400 ----a-w C:WINDOWSsystem32win32k.sys
2008-09-12 01:18 --------- d-----w C:Documents and SettingsHollyApplication DataQQ Games Plugin
2008-09-11 22:12 --------- d-----w C:Program FilesTencent
2008-09-11 22:11 --------- d-----w C:Documents and SettingsAll UsersApplication DataAOL Downloads
2008-09-11 22:10 --------- d-----w C:Documents and SettingsAll UsersApplication DataViewpoint
2008-09-09 21:37 61,440 ----a-w C:WINDOWSwnUninstall.exe
2008-09-08 10:41 333,824 ----a-w C:WINDOWSsystem32driverssrv.sys
2008-09-05 21:45 --------- d-----w C:Program FilesWondershare
2008-09-02 18:36 --------- d-----w C:Program FilesDesksware
2008-08-27 00:07 --------- d-----w C:Program FilesBitTorrent
2008-08-26 07:24 826,368 ----a-w C:WINDOWSsystem32wininet.dll
2008-08-14 10:11 2,189,184 ----a-w C:WINDOWSsystem32ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w C:WINDOWSsystem32ntkrnlpa.exe
2008-08-06 14:47 5,852 --sha-w C:WINDOWSsystem32KGyGaAvL.sys
2008-08-01 00:36 87,608 ----a-w C:Documents and SettingsHollyApplication Dataezpinst.exe
2008-08-01 00:36 47,360 ----a-w C:Documents and SettingsHollyApplication Datapcouffin.sys
2008-07-29 23:07 155,995 ----a-w C:WINDOWSjavaPackagesLJ5J5JDN.ZIP
2008-07-22 17:31 327,680 ----a-w C:WINDOWSsystem32TwcToolbarIe7.dll
2008-07-22 17:24 98,304 ----a-w C:WINDOWSsystem32TwcToolbarBho.dll
2008-07-18 00:16 61,224 ----a-w C:Documents and SettingsHollyGoToAssistDownloadHelper.exe
2008-06-10 01:31 88 --sh--r C:WINDOWSsystem32797F8A822E.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2008-04-13 15360]
"SUPERAntiSpyware"="C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe" [2008-09-16 1576176]
"BitTorrent DNA"="C:Program FilesDNAbtdna.exe" [2008-09-17 289088]
"DellSupportCenter"="C:Program FilesDell Support Centerbinsprtcmd.exe" [2008-08-14 206064]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"Broadcom Wireless Manager UI"="C:WINDOWSsystem32WLTRAY.exe" [2006-11-01 1392640]
"igfxtray"="C:WINDOWSsystem32igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="C:WINDOWSsystem32hkcmd.exe" [2005-10-14 77824]
"igfxpers"="C:WINDOWSsystem32igfxpers.exe" [2005-10-14 114688]
"mcagent_exe"="C:Program FilesMcAfee.comAgentmcagent.exe" [2007-11-01582992]
"Adobe Reader Speed Launcher"="C:Program FilesAdobeReader 8.0ReaderReader_sl.exe" [2008-01-11 39792]
"dlcxmon.exe"="C:Program FilesDell Photo AIO Printer 926dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="C:Program FilesDell Photo AIO Printer 926memcard.exe" [2006-11-03 304008]
"FaxCenterServer"="C:Program FilesDell PC Faxfm3032.exe" [2006-11-03312200]
"ISUSScheduler"="C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" [2005-06-10 81920]
"DLCXCATS"="C:WINDOWSSystem32spoolDRIVERSW32X863DLCXtime.dll" [2006-10-16 106496]
"Dell QuickSet"="C:Program FilesDellQuickSetquickset.exe" [2007-02-201191936]
"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_07binjusched.exe" [2008-06-10 144784]
"dscactivate"="C:Program FilesDell Support Centergs_agentcustomdsca.exe" [2008-03-11 16384]
"DellSupportCenter"="C:Program FilesDell Support Centerbinsprtcmd.exe" [2008-08-14 206064]
"McAfee Backup"="C:Program FilesMcAfeeMBKMcAfeeDataBackup.exe" [2007-01-16 4838952]
"MBkLogOnHook"="C:Program FilesMcAfeeMBKLogOnHook.exe" [2007-01-0820480]
"QuickTime Task"="C:Program FilesQuickTimeqttask.exe" [2008-10-11413696]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 C:WINDOWSstsystra.exe]

C:Documents and SettingsHollyStart MenuProgramsStartup
GigaTribe.lnk - C:Program FilesGigaTribegigatribe.exe [2008-07-141070592]

[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:Program FilesSUPERAntiSpywareSASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]
2008-09-16 14:22 352256 C:Program FilesSUPERAntiSpywareSASWINLO.DLL

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyGoToAssist]
2008-07-17 20:16 10536 C:Program FilesCitrixGoToAssist514g2awinlogon.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%\system32\sessmgr.exe"=
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"=
"C:\Program Files\Pando Networks\Pando\pando.exe"=
"C:\WINDOWS\system32\dlcxcoms.exe"=
"C:\Program Files\FrostWire\FrostWire.exe"=
"C:\Program Files\DNA\btdna.exe"=
"C:\Program Files\BitTorrent\bittorrent.exe"=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
"56898:TCP"= 56898:TCP:Pando P2P TCP Listening Port
"56898:UDP"= 56898:UDP:Pando P2P UDP Listening Port
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R2 dlcx_device;dlcx_device;C:WINDOWSsystem32dlcxcoms.exe [2006-11-03 537480]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:Program FilesMcAfeeSiteAdvisorMcSACore.exe [2008-09-08 198944]
R2 McciCMService;McciCMService;C:Program FilesCommon FilesMotiveMcciCMService.exe [2007-11-16 303104]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:Program FilesViewpointCommonViewpointService.exe [2007-01-04 24652]
S3 dcdbas;System Management Driver;C:WINDOWSsystem32DRIVERSdcdbas32.sys [ ]
S3 GoToAssist;GoToAssist;C:Program FilesCitrixGoToAssist514g2aservice.exe Start=service [ ]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:PROGRA~1COMMON~1MotiveMREMP50.SYS [2007-11-16 19712]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:PROGRA~1COMMON~1MotiveMREMP50a64.SYS [ ]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:PROGRA~1COMMON~1MotiveMRESP50.SYS [2007-11-16 18304]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:PROGRA~1COMMON~1MotiveMRESP50a64.SYS [ ]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-10-15 C:WINDOWSTasksMcDefragTask.job
- c:PROGRA~1mcafeemqcQcConsol.exe [2007-12-04 13:32]

2008-10-01 C:WINDOWSTasksMcQcTask.job
- c:PROGRA~1mcafeemqcQcConsol.exe [2007-12-04 13:32]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DLD.EXE - C:Program FilesDownload DirectDLD.exe
HKCU-Run-<NO NAME> - (no file)
HKLM-Run-ISUSPM Startup - c:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:Documents and SettingsHollyApplication DataMozillaFirefoxProfilesh9f2pukd.default
FireFox -: prefs.js - STARTUP.HOMEPAGE - dogpile.com
FF -: plugin - C:Program FilesDNApluginsnpbtdna.dll
FF -: plugin - C:Program FilesMozilla Firefoxpluginsnpbittorrent.dll
FF -: plugin - C:Program FilesMozilla FirefoxpluginsnpPandoWebInst.dll
FF -: plugin - C:Program FilesMozilla FirefoxpluginsnpViewpoint.dll
FF -: plugin - C:Program FilesViewpointViewpoint Media PlayernpViewpoint.dll
FF -: plugin - C:Program FilesYahoo!SharednpYState.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-21 20:18:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLMSoftwareMicrosoftWindowsCurrentVersionRun
DLCXCATS = rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863DLCXtime.dll,_RunDLLEntry@16?????????????????????????????????????????????????????????????????????????????????????? ?????????????????????????????????????????????????????????????????????????????????????????????
McAfee Backup = C:Program FilesMcAfeeMBKMcAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-21 20:20:41
ComboFix-quarantined-files.txt 2008-10-22 00:20:36

Pre-Run: 10,774,700,032 bytes free
Post-Run: 10,789,285,888 bytes free

213 --- E O F --- 2008-10-15 07:03:33







Logfile of HijackThis v1.99.1
Scan saved at 8:34:39 PM, on 10/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32WLTRYSVC.EXE
C:WINDOWSSystem32bcmwltry.exe
C:Program FilesLavasoftAd-Awareaawservice.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32dlcxcoms.exe
C:Program FilesMcAfeeMBKMBackMonitor.exe
C:WINDOWSsystem32WLTRAY.exe
C:WINDOWSstsystra.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32igfxpers.exe
C:Program FilesMcAfee.comAgentmcagent.exe
C:Program FilesDell Photo AIO Printer 926dlcxmon.exe
C:Program FilesDell Photo AIO Printer 926memcard.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:WINDOWSsystem32igfxsrvc.exe
C:Program FilesDellQuickSetquickset.exe
C:Program FilesJavajre1.6.0_07binjusched.exe
C:Program FilesDell Support Centerbinsprtcmd.exe
C:Program FilesMcAfeeMBKMcAfeeDataBackup.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:Program FilesMcAfeeSiteAdvisorMcSACore.exe
C:Program FilesDNAbtdna.exe
C:Program FilesGigaTribegigatribe.exe
C:Program FilesCommon FilesMotiveMcciCMService.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
C:Program FilesMcAfeeVirusScanMcShield.exe
C:Program FilesMcAfeeMPFMPFSrv.exe
C:Program FilesMcAfeeMSKMskSrver.exe
C:WINDOWSsystem32PSIService.exe
C:Program FilesDell Support Centerbinsprtsvc.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesViewpointCommonViewpointService.exe
C:WINDOWSSystem32svchost.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
C:Program Filesinternet exploreriexplore.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:Program FilesHijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://dogpile.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:PROGRA~1mcafeemskmcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:Program FilesMcAfeeVirusScanscriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:WINDOWSsystem32TwcToolbarIe7.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O4 - HKLM..Run: [Broadcom Wireless Manager UI] C:WINDOWSsystem32WLTRAY.exe
O4 - HKLM..Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [mcagent_exe] C:Program FilesMcAfee.comAgentmcagent.exe /runkey
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [dlcxmon.exe] "C:Program FilesDell Photo AIO Printer 926dlcxmon.exe"
O4 - HKLM..Run: [MemoryCardManager] "C:Program FilesDell Photo AIO Printer 926memcard.exe"
O4 - HKLM..Run: [FaxCenterServer] "C:Program FilesDell PC Faxfm3032.exe" /s
O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [DLCXCATS] rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM..Run: [Dell QuickSet] C:Program FilesDellQuickSetquickset.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_07binjusched.exe"
O4 - HKLM..Run: [dscactivate] "C:Program FilesDell Support Centergs_agentcustomdsca.exe"
O4 - HKLM..Run: [DellSupportCenter] "C:Program FilesDell Support Centerbinsprtcmd.exe" /P DellSupportCenter
O4 - HKLM..Run: [McAfee Backup] C:Program FilesMcAfeeMBKMcAfeeDataBackup.exe
O4 - HKLM..Run: [MBkLogOnHook] C:Program FilesMcAfeeMBKLogOnHook.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 - HKCU..Run: [BitTorrent DNA] "C:Program FilesDNAbtdna.exe"
O4 - HKCU..Run: [DellSupportCenter] "C:Program FilesDell Support Centerbinsprtcmd.exe" /P DellSupportCenter
O4 - Startup: GigaTribe.lnk = C:Program FilesGigaTribegigatribe.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - https://care.alltel.com/lwp/static/installers/ALLTELControls.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%System32dimsntfy.dll (file missing)
O20 - Winlogon Notify: GoToAssist - C:Program FilesCitrixGoToAssist514G2AWinLogon.dll
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Awareaawservice.exe
O23 - Service: dlcx_device - - C:WINDOWSsystem32dlcxcoms.exe
O23 - Service: GoToAssist - Unknown owner - C:Program FilesCitrixGoToAssist514g2aservice.exe" Start=service (file missing)
O23 - Service: MBackMonitor - McAfee - C:Program FilesMcAfeeMBKMBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:Program FilesMcAfeeSiteAdvisorMcSACore.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:Program FilesCommon FilesMotiveMcciCMService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:Program FilesMcAfeeVirusScanMcShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:Program FilesMcAfeeMSKMskSrver.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:WINDOWSsystem32PSIService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:Program FilesDell Support Centerbinsprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:WINDOWSSystem32WLTRYSVC.EXE

Think that was all you asked for. If you need something else.. let me know! Thanks


Pancake - 22-10-2008 at 00:17

Thats fixed some malware. We now need to install the Windows Recovery Console.

The Windows Recovery Console will allow you to boot up into a special recovery(repair) mode, if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Download the file from this Microsoft page:

For XP Home >> http://www.microsoft.com/downloads/details.aspx?FamilyId=15491F07-99F7-4A2D-983D-81C2137FF464&displaylang=en

For XP Pro >> http://www.microsoft.com/downloads/details.aspx?FamilyId=535D248D-5E10-49B5-B80C-0A0205368124&displaylang=en

Do not be concerned that this file is for SP2 and you have SP3. It will work just fine on your system.


[bad img]http://i254.photobucket.com/albums/hh103/velta911/KB310994.gif[/bad img]


Download the file & save it as it's originally named, next to ComboFix.exe.



[bad img]http://i254.photobucket.com/albums/hh103/velta911/rc1.gif[/bad img]


Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.

  • At the next prompt, click 'Yes' to run the full ComboFix scan.

    [bad img]http://i254.photobucket.com/albums/hh103/velta911/RC_whatnext.gif[/bad img]

  • When the tool is finished, it will produce a report for you.
    Please post the C:ComboFix.txt along with a new HijackThis log for further review.


    moosenbabe - 22-10-2008 at 00:18

    I didnt install the Recovery Console because I dont have the cd.. and i was getting crazy about blanks trying to get to the page you had for it.


    Pancake - 22-10-2008 at 04:33

    You dont need a CD.Its a download that installs it for you.


    moosenbabe - 22-10-2008 at 10:25

    I know.. but I tried to get to the page.. and my computer went crazy.. and windows kept poping up. They said about:blank.. and a few were the page I was trying to go to. They wouldnt stop, like always, so I had to hard shut down. Thats why I didnt install it. And I just went ahead and did the combo fix. It made me so fustraded I thoutght about making my computer go back to day one.. with the Fn and F11 thing.. but I hate to start over and lose everything. But if you want me to download and install that recovery thing.. I will try again. Thanks for the help!


    Daz - 22-10-2008 at 10:42

    Here is the DIRECT LINK should want it. For XP HOME


    moosenbabe - 22-10-2008 at 10:42

    ComboFix 08-10-21.03 - Holly 2008-10-22 6:52:42.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.135 [GMT -4:00]
    Running from: C:Documents and SettingsHollyDesktopComboFix.exe
    Command switches used :: C:Documents and SettingsHollyDesktopWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    * Created a new restore point
    * Resident AV is active

    .

    ((((((((((((((((((((((((( Files Created from 2008-09-22 to 2008-10-22 )))))))))))))))))))))))))))))))
    .

    2008-10-21 19:50 . 2008-10-21 19:50 <DIR> d-------- C:Program FilesMalwarebytes' Anti-Malware
    2008-10-21 19:50 . 2008-10-16 20:25 38,496 --a------ C:WINDOWSsystem32driversmbamswissarmy.sys
    2008-10-21 19:50 . 2008-10-16 20:25 15,504 --a------ C:WINDOWSsystem32driversmbam.sys
    2008-10-14 17:26 . 2008-08-14 06:11 2,189,184 -----c--- C:WINDOWSsystem32dllcachentoskrnl.exe
    2008-10-14 17:26 . 2008-08-14 06:09 2,145,280 -----c--- C:WINDOWSsystem32dllcachentkrnlmp.exe
    2008-10-14 17:26 . 2008-08-14 05:33 2,066,048 -----c--- C:WINDOWSsystem32dllcachentkrnlpa.exe
    2008-10-14 17:26 . 2008-08-14 05:33 2,023,936 -----c--- C:WINDOWSsystem32dllcachentkrpamp.exe
    2008-10-14 17:26 . 2008-09-15 08:12 1,846,400 -----c--- C:WINDOWSsystem32dllcachewin32k.sys
    2008-10-14 17:00 . 2008-09-08 06:41 333,824 -----c--- C:WINDOWSsystem32dllcachesrv.sys
    2008-10-11 11:22 . 2008-10-11 11:22 <DIR> d-------- C:Program FilesQuickTime
    2008-09-30 15:49 . 2008-09-30 15:49 <DIR> d-------- C:Program Fileswindstream_act
    2008-09-30 14:46 . 2008-09-30 14:46 <DIR> d-------- C:WINDOWSsolcache
    2008-09-30 14:44 . 2008-09-30 14:44 <DIR> d-------- C:Documents and SettingsHollyWINDOWS
    2008-09-29 20:51 . 2008-09-29 20:51 <DIR> d-------- C:Program FilesTVUPlayer
    2008-09-29 20:51 . 2008-09-29 20:51 <DIR> d-------- C:Documents and SettingsHollyApplication DataTVU Networks
    2008-09-26 10:44 . 2008-10-15 16:32 <DIR> d-------- C:Documents and SettingsLocalServiceApplication DataSACore
    2008-09-23 11:28 . 2008-09-23 11:28 <DIR> d-------- C:Documents and SettingsHollyApplication DataMcAfee
    2008-09-23 11:15 . 2008-09-23 11:15 <DIR> d-------- C:Documents and SettingsAll UsersApplication DataSupportSoft
    2008-09-23 11:14 . 2008-09-23 11:14 <DIR> d-------- C:Program FilesDell Support Center
    2008-09-23 11:14 . 2008-09-23 11:14 <DIR> d-------- C:Program FilesCommon Filessupportsoft
    2008-09-23 11:13 . 2008-10-14 22:27 <DIR> d-------- C:Documents and SettingsAll UsersApplication DataDell
    2008-09-22 12:50 . 2008-09-23 05:55 <DIR> d-------- C:Program FilesAceMoney
    2008-09-22 12:50 . 2008-09-22 12:50 <DIR> d-------- C:Documents and SettingsHollyApplication DataMechCAD

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-22 10:55 --------- d-----w C:Documents and SettingsHollyApplication DataDNA
    2008-10-21 16:17 --------- d-----w C:Documents and SettingsHollyApplication DataGigaTribe
    2008-10-20 22:24 --------- d-----w C:Program FilesMcAfee
    2008-10-20 19:48 --------- d-----w C:Documents and SettingsHollyApplication DataBitTorrent
    2008-10-16 03:01 --------- d-----w C:Documents and SettingsHollyApplication DataFrostWire
    2008-10-15 01:18 --------- d-----w C:Documents and SettingsHollyApplication DataVso
    2008-10-11 18:02 --------- d-----w C:Program FilesDl_cats
    2008-10-02 14:50 --------- d-----w C:Program FilesCommon FilesMotive
    2008-09-30 19:50 --------- d-----w C:Documents and SettingsAll UsersApplication DataMotive
    2008-09-26 20:06 --------- d-----w C:Documents and SettingsAll UsersApplication DataSiteAdvisor
    2008-09-26 19:05 --------- d-----w C:Documents and SettingsAll UsersApplication DataYahoo!
    2008-09-26 10:04 --------- d-----w C:Documents and SettingsAll UsersApplication DataMcAfee
    2008-09-19 00:41 --------- d-----w C:Documents and SettingsHollyApplication Datadvdcss
    2008-09-18 21:18 --------- d-----w C:Program FilesCommon FilesAOL
    2008-09-17 17:41 --------- d-----w C:Program FilesDNA
    2008-09-16 18:22 --------- d-----w C:Program FilesSUPERAntiSpyware
    2008-09-15 12:12 1,846,400 ----a-w C:WINDOWSsystem32win32k.sys
    2008-09-12 01:18 --------- d-----w C:Documents and SettingsHollyApplication DataQQ Games Plugin
    2008-09-11 22:12 --------- d-----w C:Program FilesTencent
    2008-09-11 22:11 --------- d-----w C:Documents and SettingsAll UsersApplication DataAOL Downloads
    2008-09-11 22:10 --------- d-----w C:Documents and SettingsAll UsersApplication DataViewpoint
    2008-09-09 21:37 61,440 ----a-w C:WINDOWSwnUninstall.exe
    2008-09-08 10:41 333,824 ----a-w C:WINDOWSsystem32driverssrv.sys
    2008-09-05 21:45 --------- d-----w C:Program FilesWondershare
    2008-09-02 18:36 --------- d-----w C:Program FilesDesksware
    2008-08-27 00:07 --------- d-----w C:Program FilesBitTorrent
    2008-08-26 07:24 826,368 ----a-w C:WINDOWSsystem32wininet.dll
    2008-08-14 10:11 2,189,184 ----a-w C:WINDOWSsystem32ntoskrnl.exe
    2008-08-14 09:33 2,066,048 ----a-w C:WINDOWSsystem32ntkrnlpa.exe
    2008-08-06 14:47 5,852 --sha-w C:WINDOWSsystem32KGyGaAvL.sys
    2008-08-01 00:36 87,608 ----a-w C:Documents and SettingsHollyApplication Dataezpinst.exe
    2008-08-01 00:36 47,360 ----a-w C:Documents and SettingsHollyApplication Datapcouffin.sys
    2008-07-29 23:07 155,995 ----a-w C:WINDOWSjavaPackagesLJ5J5JDN.ZIP
    2008-07-22 17:31 327,680 ----a-w C:WINDOWSsystem32TwcToolbarIe7.dll
    2008-07-22 17:24 98,304 ----a-w C:WINDOWSsystem32TwcToolbarBho.dll
    2008-07-18 00:16 61,224 ----a-w C:Documents and SettingsHollyGoToAssistDownloadHelper.exe
    2008-06-10 01:31 88 --sh--r C:WINDOWSsystem32797F8A822E.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-10-21_20.20.00.08 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-10-21 22:31:49 32,768 ----a-w C:WINDOWSsystem32configsystemprofileCookiesindex.dat
    + 2008-10-22 07:57:45 32,768 ----a-w C:WINDOWSsystem32configsystemprofileCookiesindex.dat
    - 2008-10-21 22:31:49 32,768 ----a-w C:WINDOWSsystem32configsystemprofileLocal SettingsHistoryHistory.IE5index.dat
    + 2008-10-22 07:57:45 32,768 ----a-w C:WINDOWSsystem32configsystemprofileLocal SettingsHistoryHistory.IE5index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
    "ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2008-04-13 15360]
    "SUPERAntiSpyware"="C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe" [2008-09-16 1576176]
    "BitTorrent DNA"="C:Program FilesDNAbtdna.exe" [2008-09-17 289088]
    "DellSupportCenter"="C:Program FilesDell Support Centerbinsprtcmd.exe" [2008-08-14 206064]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
    "Broadcom Wireless Manager UI"="C:WINDOWSsystem32WLTRAY.exe" [2006-11-01 1392640]
    "igfxtray"="C:WINDOWSsystem32igfxtray.exe" [2005-10-14 94208]
    "igfxhkcmd"="C:WINDOWSsystem32hkcmd.exe" [2005-10-14 77824]
    "igfxpers"="C:WINDOWSsystem32igfxpers.exe" [2005-10-14 114688]
    "mcagent_exe"="C:Program FilesMcAfee.comAgentmcagent.exe" [2007-11-01582992]
    "Adobe Reader Speed Launcher"="C:Program FilesAdobeReader 8.0ReaderReader_sl.exe" [2008-01-11 39792]
    "dlcxmon.exe"="C:Program FilesDell Photo AIO Printer 926dlcxmon.exe" [2007-01-12 292336]
    "MemoryCardManager"="C:Program FilesDell Photo AIO Printer 926memcard.exe" [2006-11-03 304008]
    "FaxCenterServer"="C:Program FilesDell PC Faxfm3032.exe" [2006-11-03312200]
    "ISUSScheduler"="C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" [2005-06-10 81920]
    "DLCXCATS"="C:WINDOWSSystem32spoolDRIVERSW32X863DLCXtime.dll" [2006-10-16 106496]
    "Dell QuickSet"="C:Program FilesDellQuickSetquickset.exe" [2007-02-201191936]
    "SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_07binjusched.exe" [2008-06-10 144784]
    "dscactivate"="C:Program FilesDell Support Centergs_agentcustomdsca.exe" [2008-03-11 16384]
    "DellSupportCenter"="C:Program FilesDell Support Centerbinsprtcmd.exe" [2008-08-14 206064]
    "McAfee Backup"="C:Program FilesMcAfeeMBKMcAfeeDataBackup.exe" [2007-01-16 4838952]
    "MBkLogOnHook"="C:Program FilesMcAfeeMBKLogOnHook.exe" [2007-01-0820480]
    "QuickTime Task"="C:Program FilesQuickTimeqttask.exe" [2008-10-11413696]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 C:WINDOWSstsystra.exe]

    C:Documents and SettingsHollyStart MenuProgramsStartup
    GigaTribe.lnk - C:Program FilesGigaTribegigatribe.exe [2008-07-141070592]

    [hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:Program FilesSUPERAntiSpywareSASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]
    2008-09-16 14:22 352256 C:Program FilesSUPERAntiSpywareSASWINLO.DLL

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyGoToAssist]
    2008-07-17 20:16 10536 C:Program FilesCitrixGoToAssist514g2awinlogon.dll

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
    "%windir%\system32\sessmgr.exe"=
    "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"=
    "%windir%\Network Diagnostic\xpnetdiag.exe"=
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"=
    "C:\Program Files\Pando Networks\Pando\pando.exe"=
    "C:\WINDOWS\system32\dlcxcoms.exe"=
    "C:\Program Files\FrostWire\FrostWire.exe"=
    "C:\Program Files\DNA\btdna.exe"=
    "C:\Program Files\BitTorrent\bittorrent.exe"=

    [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
    "56898:TCP"= 56898:TCP:Pando P2P TCP Listening Port
    "56898:UDP"= 56898:UDP:Pando P2P UDP Listening Port
    "135:TCP"= 135:TCP:TCP Port 135
    "5000:TCP"= 5000:TCP:TCP Port 5000
    "5001:TCP"= 5001:TCP:TCP Port 5001
    "5002:TCP"= 5002:TCP:TCP Port 5002
    "5003:TCP"= 5003:TCP:TCP Port 5003
    "5004:TCP"= 5004:TCP:TCP Port 5004
    "5005:TCP"= 5005:TCP:TCP Port 5005
    "5006:TCP"= 5006:TCP:TCP Port 5006
    "5007:TCP"= 5007:TCP:TCP Port 5007
    "5008:TCP"= 5008:TCP:TCP Port 5008
    "5009:TCP"= 5009:TCP:TCP Port 5009
    "5010:TCP"= 5010:TCP:TCP Port 5010
    "5011:TCP"= 5011:TCP:TCP Port 5011
    "5012:TCP"= 5012:TCP:TCP Port 5012
    "5013:TCP"= 5013:TCP:TCP Port 5013
    "5014:TCP"= 5014:TCP:TCP Port 5014
    "5015:TCP"= 5015:TCP:TCP Port 5015
    "5016:TCP"= 5016:TCP:TCP Port 5016
    "5017:TCP"= 5017:TCP:TCP Port 5017
    "5018:TCP"= 5018:TCP:TCP Port 5018
    "5019:TCP"= 5019:TCP:TCP Port 5019
    "5020:TCP"= 5020:TCP:TCP Port 5020

    R2 dlcx_device;dlcx_device;C:WINDOWSsystem32dlcxcoms.exe [2006-11-03 537480]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:Program FilesMcAfeeSiteAdvisorMcSACore.exe [2008-09-08 198944]
    R2 McciCMService;McciCMService;C:Program FilesCommon FilesMotiveMcciCMService.exe [2007-11-16 303104]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;C:Program FilesViewpointCommonViewpointService.exe [2007-01-04 24652]
    S3 dcdbas;System Management Driver;C:WINDOWSsystem32DRIVERSdcdbas32.sys [ ]
    S3 GoToAssist;GoToAssist;C:Program FilesCitrixGoToAssist514g2aservice.exe Start=service [ ]
    S3 MREMP50;MREMP50 NDIS Protocol Driver;C:PROGRA~1COMMON~1MotiveMREMP50.SYS [2007-11-16 19712]
    S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:PROGRA~1COMMON~1MotiveMREMP50a64.SYS [ ]
    S3 MRESP50;MRESP50 NDIS Protocol Driver;C:PROGRA~1COMMON~1MotiveMRESP50.SYS [2007-11-16 18304]
    S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:PROGRA~1COMMON~1MotiveMRESP50a64.SYS [ ]
    .
    Contents of the 'Scheduled Tasks' folder

    2008-10-15 C:WINDOWSTasksMcDefragTask.job
    - c:PROGRA~1mcafeemqcQcConsol.exe [2007-12-04 13:32]

    2008-10-01 C:WINDOWSTasksMcQcTask.job
    - c:PROGRA~1mcafeemqcQcConsol.exe [2007-12-04 13:32]
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:Documents and SettingsHollyApplication DataMozillaFirefoxProfilesh9f2pukd.default
    FireFox -: prefs.js - STARTUP.HOMEPAGE - dogpile.com
    FF -: plugin - C:Program FilesDNApluginsnpbtdna.dll
    FF -: plugin - C:Program FilesMozilla Firefoxpluginsnpbittorrent.dll
    FF -: plugin - C:Program FilesMozilla FirefoxpluginsnpPandoWebInst.dll
    FF -: plugin - C:Program FilesMozilla FirefoxpluginsnpViewpoint.dll
    FF -: plugin - C:Program FilesViewpointViewpoint Media PlayernpViewpoint.dll
    FF -: plugin - C:Program FilesYahoo!SharednpYState.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-22 06:55:23
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLMSoftwareMicrosoftWindowsCurrentVersionRun
    DLCXCATS = rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863DLCXtime.dll,_RunDLLEntry@16?????????????????????????????????????????????????????????????????????????????????????? ?????????????????????????????????????????????????????????????????????????????????????????????
    McAfee Backup = C:Program FilesMcAfeeMBKMcAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:WINDOWSexplorer.exe
    -> C:Program FilesMcAfeeSiteAdvisorsaHook.dll
    .
    Completion time: 2008-10-22 6:57:55
    ComboFix-quarantined-files.txt 2008-10-22 10:57:46
    ComboFix2.txt 2008-10-22 00:20:44

    Pre-Run: 10,752,573,440 bytes free
    Post-Run: 10,753,630,208 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
    [operating systems]
    C:CMDCONSBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    multi(0)disk(0)rdisk(0)partition(2)WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    221 --- E O F --- 2008-10-15 07:03:33




    Logfile of HijackThis v1.99.1
    Scan saved at 7:00:34 AM, on 10/22/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)

    Running processes:
    C:WINDOWSSystem32smss.exe
    C:WINDOWSsystem32winlogon.exe
    C:WINDOWSsystem32services.exe
    C:WINDOWSsystem32lsass.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSSystem32svchost.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSSystem32WLTRYSVC.EXE
    C:WINDOWSSystem32bcmwltry.exe
    C:Program FilesLavasoftAd-Awareaawservice.exe
    C:WINDOWSsystem32spoolsv.exe
    C:WINDOWSsystem32dlcxcoms.exe
    C:Program FilesMcAfeeMBKMBackMonitor.exe
    C:Program FilesMcAfeeSiteAdvisorMcSACore.exe
    C:Program FilesCommon FilesMotiveMcciCMService.exe
    C:PROGRA~1McAfeeMSCmcmscsvc.exe
    c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
    c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
    C:Program FilesMcAfeeVirusScanMcShield.exe
    C:Program FilesMcAfeeMPFMPFSrv.exe
    C:Program FilesMcAfeeMSKMskSrver.exe
    C:WINDOWSsystem32PSIService.exe
    C:Program FilesDell Support Centerbinsprtsvc.exe
    C:WINDOWSsystem32svchost.exe
    C:Program FilesViewpointCommonViewpointService.exe
    C:WINDOWSsystem32WLTRAY.exe
    C:WINDOWSstsystra.exe
    C:WINDOWSsystem32hkcmd.exe
    C:WINDOWSsystem32igfxsrvc.exe
    C:WINDOWSsystem32igfxpers.exe
    C:Program FilesMcAfee.comAgentmcagent.exe
    C:Program FilesDell Photo AIO Printer 926dlcxmon.exe
    C:Program FilesDell Photo AIO Printer 926memcard.exe
    C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
    C:Program FilesDellQuickSetquickset.exe
    C:Program FilesJavajre1.6.0_07binjusched.exe
    C:Program FilesDell Support Centerbinsprtcmd.exe
    C:Program FilesMcAfeeMBKMcAfeeDataBackup.exe
    C:WINDOWSsystem32ctfmon.exe
    C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
    C:Program FilesDNAbtdna.exe
    C:WINDOWSSystem32svchost.exe
    C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
    C:WINDOWSsystem32ssstars.scr
    C:WINDOWSexplorer.exe
    C:WINDOWSsystem32notepad.exe
    C:Program FilesGigaTribegigatribe.exe
    C:Program Filesinternet exploreriexplore.exe
    C:Program FilesHijackthisHijackThis.exe

    R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://dogpile.com/
    R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:PROGRA~1mcafeemskmcapbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:Program FilesMcAfeeVirusScanscriptsn.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
    O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:WINDOWSsystem32TwcToolbarIe7.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
    O4 - HKLM..Run: [Broadcom Wireless Manager UI] C:WINDOWSsystem32WLTRAY.exe
    O4 - HKLM..Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe
    O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe
    O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe
    O4 - HKLM..Run: [mcagent_exe] C:Program FilesMcAfee.comAgentmcagent.exe /runkey
    O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
    O4 - HKLM..Run: [dlcxmon.exe] "C:Program FilesDell Photo AIO Printer 926dlcxmon.exe"
    O4 - HKLM..Run: [MemoryCardManager] "C:Program FilesDell Photo AIO Printer 926memcard.exe"
    O4 - HKLM..Run: [FaxCenterServer] "C:Program FilesDell PC Faxfm3032.exe" /s
    O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
    O4 - HKLM..Run: [DLCXCATS] rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863DLCXtime.dll,_RunDLLEntry@16
    O4 - HKLM..Run: [Dell QuickSet] C:Program FilesDellQuickSetquickset.exe
    O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_07binjusched.exe"
    O4 - HKLM..Run: [dscactivate] "C:Program FilesDell Support Centergs_agentcustomdsca.exe"
    O4 - HKLM..Run: [DellSupportCenter] "C:Program FilesDell Support Centerbinsprtcmd.exe" /P DellSupportCenter
    O4 - HKLM..Run: [McAfee Backup] C:Program FilesMcAfeeMBKMcAfeeDataBackup.exe
    O4 - HKLM..Run: [MBkLogOnHook] C:Program FilesMcAfeeMBKLogOnHook.exe
    O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
    O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
    O4 - HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
    O4 - HKCU..Run: [BitTorrent DNA] "C:Program FilesDNAbtdna.exe"
    O4 - HKCU..Run: [DellSupportCenter] "C:Program FilesDell Support Centerbinsprtcmd.exe" /P DellSupportCenter
    O4 - Startup: GigaTribe.lnk = C:Program FilesGigaTribegigatribe.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
    O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
    O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - https://care.alltel.com/lwp/static/installers/ALLTELControls.cab
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
    O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.DLL
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%System32dimsntfy.dll (file missing)
    O20 - Winlogon Notify: GoToAssist - C:Program FilesCitrixGoToAssist514G2AWinLogon.dll
    O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxdev.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Awareaawservice.exe
    O23 - Service: dlcx_device - - C:WINDOWSsystem32dlcxcoms.exe
    O23 - Service: GoToAssist - Unknown owner - C:Program FilesCitrixGoToAssist514g2aservice.exe" Start=service (file missing)
    O23 - Service: MBackMonitor - McAfee - C:Program FilesMcAfeeMBKMBackMonitor.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:Program FilesMcAfeeSiteAdvisorMcSACore.exe
    O23 - Service: McciCMService - Motive Communications, Inc. - C:Program FilesCommon FilesMotiveMcciCMService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:Program FilesMcAfeeVirusScanMcShield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:Program FilesMcAfeeMSKMskSrver.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:WINDOWSsystem32PSIService.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:Program FilesDell Support Centerbinsprtsvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:WINDOWSSystem32WLTRYSVC.EXE



    I got to the page that time.. theres the new logs. Thanks again!


    Pancake - 22-10-2008 at 21:14

    That shows no malware.Run CWShredder from one of these links.
    http://www.merijn.org/cwschronicles.html
    http://www.merijn.org/files/cwshredder.zip


    moosenbabe - 22-10-2008 at 22:13

    Ok.. it showed nothing infected there either. Must be my computer. Thanks for all the help!


    Pancake - 22-10-2008 at 22:15

    Ok.No problem.