1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Lost internet connection

Discussion in 'Networking' started by leebee, Sep 21, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. leebee

    leebee Thread Starter

    Joined:
    Dec 17, 2003
    Messages:
    251
    Cannot log onto internet with wireless router. Plugged it in manually, still can't connect:. Have tried a couple of things (hopefully didn't make matters worse). HELP!
     
  2. leebee

    leebee Thread Starter

    Joined:
    Dec 17, 2003
    Messages:
    251
    Here are the hijack log and combofix log
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:14:36 PM, on 9/21/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Dell AIO 810\dlcgmon.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
    C:\WINDOWS\system32\dlcgcoms.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,[email protected]
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{B838B9B5-09DF-1033-0103-060416200001}] "C:\Program Files\Common Files\{B838B9B5-09DF-1033-0103-060416200001}\Update.exe" mc-110-12-0000488 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{B838B9B5-09DF-1033-0103-060416200001}] "C:\Program Files\Common Files\{B838B9B5-09DF-1033-0103-060416200001}\Update.exe" mc-110-12-0000488 (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 7671 bytes
    ComboFix 08-09-20.05 - John - Admin 2008-09-21 15:22:33.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.230 [GMT -4:00]
    Running from: C:\Documents and Settings\John - Admin\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Dad\Cookies\[email protected][2].txt
    C:\Documents and Settings\John - Admin\Cookies\john - [email protected][1].txt
    C:\Documents and Settings\John - Admin\Cookies\john - [email protected][1].txt
    C:\Documents and Settings\John - Admin\Cookies\john - [email protected][2].txt
    C:\Documents and Settings\John - Admin\Cookies\john - [email protected][3].txt
    C:\kmd.exe
    C:\WINDOWS\Downloaded Program Files\setup.inf
    C:\WINDOWS\system32\battyrun.dll

    .
    ((((((((((((((((((((((((( Files Created from 2008-08-21 to 2008-09-21 )))))))))))))))))))))))))))))))
    .

    2008-09-21 14:15 . 1999-05-07 13:24 645,616 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
    2008-09-21 14:15 . 1999-05-07 13:24 414,944 --a------ C:\WINDOWS\system32\COMCT332.OCX
    2008-09-21 14:15 . 1998-11-10 10:46 328,480 --a------ C:\WINDOWS\system32\ssa3d30.ocx
    2008-09-21 14:15 . 2002-01-08 17:00 176,128 --a------ C:\WINDOWS\system32\RcdScan.dll
    2008-09-21 14:15 . 1998-06-17 23:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
    2008-09-21 14:15 . 2001-08-22 08:42 13,632 --------- C:\WINDOWS\system32\drivers\omci.sys
    2008-09-21 14:13 . 2008-09-21 14:13 <DIR> d-------- C:\Documents and Settings\John - Admin\Application Data\GTek
    2008-09-21 14:13 . 2008-09-21 14:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gtek
    2008-09-20 23:29 . 2008-09-20 23:29 <DIR> d-------- C:\Program Files\Linksys
    2008-09-20 23:29 . 2000-01-31 05:00 1,496,064 --a------ C:\WINDOWS\system32\cc3250mt.dll
    2008-09-20 23:29 . 2000-10-15 17:22 61,440 --a------ C:\WINDOWS\system32\W32N50.dll
    2008-09-20 23:29 . 2000-01-31 05:00 25,600 --a------ C:\WINDOWS\system32\borlndmm.dll
    2008-09-20 23:29 . 2000-10-15 17:38 16,068 --a------ C:\WINDOWS\system32\PCANDIS5.SYS
    2008-09-20 23:29 . 1998-05-13 00:00 4,716 --a------ C:\WINDOWS\system32\VERSION.LIB
    2008-09-20 23:26 . 2008-09-20 23:26 <DIR> d-------- C:\Linksys Driver
    2008-09-20 13:52 . 2008-09-20 13:52 <DIR> d-------- C:\WINDOWS\system32\scripting
    2008-09-20 13:52 . 2008-09-20 13:52 <DIR> d-------- C:\WINDOWS\system32\en
    2008-09-20 13:52 . 2008-09-20 13:52 <DIR> d-------- C:\WINDOWS\system32\bits
    2008-09-20 13:52 . 2008-09-20 13:52 <DIR> d-------- C:\WINDOWS\l2schemas
    2008-09-20 13:48 . 2008-09-20 13:52 <DIR> d-------- C:\WINDOWS\ServicePackFiles
    2008-09-20 13:39 . 2008-09-20 13:39 <DIR> d-------- C:\WINDOWS\EHome
    2008-09-12 01:04 . 2008-04-13 20:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
    2008-09-12 01:03 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
    2008-08-29 16:55 . 2008-08-29 16:55 <DIR> d-------- C:\Logs
    2008-08-28 17:00 . 2008-09-17 16:05 <DIR> d-------- C:\Program Files\World of Warcraft

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-21 18:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-21 02:41 --------- d-----w C:\Program Files\Dl_cats
    2008-09-20 23:08 1,930,240 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
    2008-09-10 23:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-08-30 03:35 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
    2008-08-29 22:35 11,753,660 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
    2008-08-28 21:06 --------- d-----w C:\Program Files\World of Warcraft Trial
    2008-08-27 16:48 --------- d-----w C:\Program Files\TClock
    2008-08-27 15:29 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-08-27 15:26 --------- d-----w C:\Documents and Settings\John - Admin\Application Data\AdobeUM
    2008-08-08 02:19 --------- d-----w C:\Documents and Settings\John - Admin\Application Data\LimeWire
    2008-08-08 01:17 --------- d-----w C:\Program Files\iTunes
    2008-08-08 01:17 --------- d-----w C:\Program Files\iPod
    2008-08-08 00:52 --------- d-----w C:\Program Files\QuickTime
    2008-08-06 18:35 --------- d-----w C:\Program Files\Lavasoft
    2008-08-06 18:35 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-08-06 18:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-10 20:45 23 ----a-w C:\Documents and Settings\John - Admin\jagex_runescape_preferences.dat
    2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
    2008-06-26 08:15 619,520 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
    2008-06-26 08:15 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
    2008-06-24 22:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
    2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
    2008-06-23 15:09 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-06-23 15:09 666,112 ------w C:\WINDOWS\system32\dllcache\wininet.dll
    2008-06-23 15:09 3,067,392 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-08-20 01:30 60,968 ----a-w C:\Documents and Settings\Dad\GoToAssistDownloadHelper.exe
    2006-07-13 22:22 212,849 ----a-w C:\Program Files\hijackthis.zip
    2006-05-04 02:23 2,855,080 ----a-w C:\Documents and Settings\All Users\aawsepersonal.exe
    2007-08-29 12:22 152 --sh--r C:\WINDOWS\system32\6AE5D907A8.sys
    2007-08-29 12:22 7,414 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 94208]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 919280]
    "dlcgmon.exe"="C:\Program Files\Dell AIO 810\dlcgmon.exe" [2005-10-21 425984]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "DLCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2005-09-08 73728]
    "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
    Wireless PCI Card Configuration Utility.lnk - C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe [2008-09-20 4513280]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.vp31"= vp31vfw.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
    backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
    backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Billy^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
    path=C:\Documents and Settings\Billy\Start Menu\Programs\Startup\PowerReg Scheduler.exe
    backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Dad^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=C:\Documents and Settings\Dad\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
    --a------ 2005-09-08 06:20 122940 C:\WINDOWS\system32\DLA\DLACTRLW.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcgmon.exe]
    --a------ 2005-10-21 10:42 425984 C:\Program Files\Dell AIO 810\DLCGmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    --a------ 2005-06-10 11:44 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    --a------ 2005-06-10 11:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
    --a------ 2001-08-23 17:52 331830 C:\Program Files\Microsoft Works\wkssb.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    --a------ 2005-08-12 16:16 1121792 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --a------ 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NNLL]
    --a------ 2005-07-21 10:45 33227 C:\Program Files\Net Nanny\nnll.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
    --------- 2002-02-04 23:32 53248 C:\Program Files\REGSHAVE\REGSHAVE.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    --a------ 2004-07-15 01:07 32768 C:\Program Files\CyberLink\PowerDVD SE\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    --a------ 2004-10-14 20:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
    --a------ 2005-03-24 08:52 94770 C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2006-05-03 02:56 36975 C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    -ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
    --a------ 2001-10-05 20:34 24576 C:\Program Files\Microsoft Works\wkfud.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
    S3 cel90xbe;cel90xbe;C:\DOCUME~1\Billy\LOCALS~1\Temp\cel90xbe.sys [ ]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ee035c9-2fdd-11dc-af66-00038a000015}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    *Newly Created Service* - PROCEXP90
    .
    Contents of the 'Scheduled Tasks' folder
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-Microsoft Works Update Detection - C:\Program Files\Microsoft Works\WkDetect.exe
    HKU-Default-Explorer_Run-{B838B9B5-09DF-1033-0103-060416200001} - C:\Program Files\Common Files\{B838B9B5-09DF-1033-0103-060416200001}\Update.exe
    MSConfigStartUp-AIM - C:\Program Files\AIM\aim.exe
    MSConfigStartUp-bpmlqvlA - C:\WINDOWS\bpmlqvlA.exe
    MSConfigStartUp-Corel Photo Downloader - C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    MSConfigStartUp-defender - C:\\dfndrd_5.exe
    MSConfigStartUp-DellSupport - C:\Program Files\DellSupport\DSAgnt.exe
    MSConfigStartUp-DMXLauncher - C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    MSConfigStartUp-Google Desktop Search - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    MSConfigStartUp-HostManager - C:\Program Files\Common Files\AOL\1145408367\ee\AOLSoftware.exe
    MSConfigStartUp-IpWins - C:\Program Files\ipwins\ipwins.exe
    MSConfigStartUp-Microsoft Works Update Detection - C:\Program Files\Microsoft Works\WkDetect.exe
    MSConfigStartUp-MimBoot - C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    MSConfigStartUp-MMTray - C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    MSConfigStartUp-newname - C:\\nwnmd_5.exe
    MSConfigStartUp-PlaxoUpdate - C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe
    MSConfigStartUp-PSHope - C:\Program Files\PSHope\PSHope.exe
    MSConfigStartUp-QuickTime Task - C:\Program Files\QuickTime Alternative\qttask.exe
    MSConfigStartUp-RealTray - C:\Program Files\Real\RealPlayer\RealPlay.exe
    MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    MSConfigStartUp-TClock - C:\Program Files\TClock\tclock_install.exe
    MSConfigStartUp-Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe


    .
    ------- Supplementary Scan -------
    .
    R0 -: HKLM-Main,Start Page = hxxp://www.dell.com
    R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
    R1 -: HKCU-Internet Settings,ProxyOverride = *.local
    O8 -: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
    O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000

    O16 -: RaptisoftGameLoader - hxxp://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
    C:\WINDOWS\Downloaded Program Files\OSD28E7.OSD
    C:\WINDOWS\Downloaded Program Files\RSGameLoader.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-21 15:30:37
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DLCGCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-09-21 15:34:27
    ComboFix-quarantined-files.txt 2008-09-21 19:34:22

    Pre-Run: 45,188,108,288 bytes free
    Post-Run: 46,561,198,080 bytes free

    241 --- E O F --- 2008-09-20 23:02:41
     
  3. leebee

    leebee Thread Starter

    Joined:
    Dec 17, 2003
    Messages:
    251
  4. JohnWill

    JohnWill Retired Moderator

    Joined:
    Oct 19, 2002
    Messages:
    106,418
    Whatever Update.exe is, running from Program Files\Common Files looks pretty suspicious, I'd look into what that is.
     
  5. leebee

    leebee Thread Starter

    Joined:
    Dec 17, 2003
    Messages:
    251
    what do you suggest?
     
  6. JohnWill

    JohnWill Retired Moderator

    Joined:
    Oct 19, 2002
    Messages:
    106,418
    Well, you can right click on the file and check the properties. See who the publisher is, etc.
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/751996

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice