1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Worms, Viruses and Trojans - Oh My! Please Help

Discussion in 'Virus & Other Malware Removal' started by powell1294, Nov 11, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. powell1294

    powell1294 Guest Thread Starter

    Joined:
    Nov 11, 2007
    Messages:
    10
    Hello all,

    I have been working on cleaning this bleep, bleep computer and am still not sure what all still needs to be fixed.

    The operating system is Windows 2000 Pro. I know for sure that I have/had WinAntiVirusPro, Winsock2 and Generic Renos (those should be cleaned from the system now). I have run SuperAntiSypware and is shows clean. AdAware is coming up clean as well.

    I have included the HJT and SmitFraud Logs for your viewing:

    HJT:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:44:53 AM, on 11/11/2007
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\WINNT\SYSTEM32\DNTUS26.EXE
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\drivers\KodakCCS.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\hypertrm.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\FireDaemon.EXE
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\system32\cmd.exe
    C:\HIPAAmail\HIPAAmail.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\NavNT\vptray.exe
    C:\PROGRA~1\LeapFrogMessenger\LeapFrogMessenger.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
    C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    C:\Program Files\STOPzilla!\STOPzilla.exe
    C:\Program Files\STOPzilla!\SZScanner.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
    O4 - HKLM\..\Run: [HideRun.exe] c:\winnt\system32\HideRun.exe c:\winnt\system32\svhost.exe c:\winnt\system32\pro.gif
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
    O4 - Global Startup: RtlWake.lnk = C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
    O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
    O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX 5.5 Basic) - http://www.bestmark.com/support/ScriptX.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
    O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/19874957e8714d79c021/netzip/RdxIE601.cab
    O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02a.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    O16 - DPF: {ED4E6F97-FA1A-4634-B550-AABFEB8DA009} (TulipPlayer Class) - http://www.exstream.to/tulip/cab/3,0,5,19/TulipPlayer2.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4283/mcfscan.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development - C:\WINNT\SYSTEM32\DNTUS26.EXE
    O23 - Service: FireDaemon Service: drvmanager (drvmanager) - Unknown owner - C:\WINNT\system32\FireDaemon.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
    O23 - Service: Microsoft NetWork FireWall Services - Unknown owner - Net_Services.exe (file missing)
    O23 - Service: Microsoft NetWork FireWall Services - Unknown owner - NetServices.exe (file missing)
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
    O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
    O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINNT\system32\hypertrm.exe
    O23 - Service: FireDaemon Service: startupdll (startupdll) - Unknown owner - C:\WINNT\system32\FireDaemon.EXE
    O23 - Service: stunnel - Unknown owner - C:\HIPAAmail\HIPAAmail.exe
    O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

    --
    End of file - 11765 bytes






    SmitFraud Fix:

    SmitFraudFix v2.252

    Scan done at 9:01:17.09, Sun 11/11/2007
    Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
    OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\WINNT\SYSTEM32\DNTUS26.EXE
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\drivers\KodakCCS.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\hypertrm.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\FireDaemon.EXE
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\system32\cmd.exe
    C:\HIPAAmail\HIPAAmail.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\NavNT\vptray.exe
    C:\PROGRA~1\LeapFrogMessenger\LeapFrogMessenger.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
    C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    C:\Program Files\STOPzilla!\STOPzilla.exe
    C:\Program Files\STOPzilla!\SZScanner.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINNT\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="NVDESK32.DLL"


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: NDIS 5.0 driver
    DNS Server Search Order: 209.144.50.124
    DNS Server Search Order: 209.144.50.129

    Description: Belkin 11Mbps Wireless Desktop Network Card
    DNS Server Search Order: 192.168.2.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{243FFAA4-8FC0-4CC7-8FED-A8C5BD1F4742}: DhcpNameServer=192.168.2.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{F6E4447D-E4D6-4CB8-ADE7-8058AFCEA391}: DhcpNameServer=209.144.50.124 209.144.50.129
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{243FFAA4-8FC0-4CC7-8FED-A8C5BD1F4742}: DhcpNameServer=192.168.2.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{F6E4447D-E4D6-4CB8-ADE7-8058AFCEA391}: DhcpNameServer=209.144.50.124 209.144.50.129
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{243FFAA4-8FC0-4CC7-8FED-A8C5BD1F4742}: DhcpNameServer=192.168.2.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{F6E4447D-E4D6-4CB8-ADE7-8058AFCEA391}: DhcpNameServer=209.144.50.124 209.144.50.129
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End



    I will look forward to hearing from anyone who might be able to help. Thanks in advance.

    Take care,
    Michelle
     
  2. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Welcome to TSG :)

    Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
    1. Close all applications and windows.
    2. Double-click on dss.exe to run it, and follow the prompts.
    3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
    4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
    5. Please attach extra.txt to your post.
    To attach a file to a new post, simply
    1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
    2. copy and paste the following into the "Upload File from your Computer" box:
      C:\Deckard\System Scanner\extra.txt
    3. Click Upload.
    What DSS will do:
    • create a new System Restore point in Windows XP and Vista.
    • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
    • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.
     
  3. powell1294

    powell1294 Guest Thread Starter

    Joined:
    Nov 11, 2007
    Messages:
    10
    Main:

    Deckard's System Scanner v20071014.68
    Run by Administrator on 2007-11-12 05:56:26
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    Backed up registry hives.
    Performed disk cleanup.

    Total Physical Memory: 255 MiB (256 MiB recommended).


    -- HijackThis (run as Administrator.exe) ---------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:57:16 AM, on 11/12/2007
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\WINNT\SYSTEM32\DNTUS26.EXE
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\drivers\KodakCCS.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\hypertrm.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\FireDaemon.EXE
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\system32\cmd.exe
    C:\HIPAAmail\HIPAAmail.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
    C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
    C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
    C:\Program Files\STOPzilla!\STOPzilla.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINNT\system32\msiexec.exe
    C:\Documents and Settings\Administrator\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
    O4 - HKLM\..\Run: [HideRun.exe] c:\winnt\system32\HideRun.exe c:\winnt\system32\svhost.exe c:\winnt\system32\pro.gif
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
    O4 - Global Startup: RtlWake.lnk = C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
    O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
    O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX 5.5 Basic) - http://www.bestmark.com/support/ScriptX.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
    O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/19874957e8714d79c021/netzip/RdxIE601.cab
    O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02a.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    O16 - DPF: {ED4E6F97-FA1A-4634-B550-AABFEB8DA009} (TulipPlayer Class) - http://www.exstream.to/tulip/cab/3,0,5,19/TulipPlayer2.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4283/mcfscan.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development - C:\WINNT\SYSTEM32\DNTUS26.EXE
    O23 - Service: FireDaemon Service: drvmanager (drvmanager) - Unknown owner - C:\WINNT\system32\FireDaemon.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
    O23 - Service: Microsoft NetWork FireWall Services - Unknown owner - Net_Services.exe (file missing)
    O23 - Service: Microsoft NetWork FireWall Services - Unknown owner - NetServices.exe (file missing)
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
    O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
    O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINNT\system32\hypertrm.exe
    O23 - Service: FireDaemon Service: startupdll (startupdll) - Unknown owner - C:\WINNT\system32\FireDaemon.EXE
    O23 - Service: stunnel - Unknown owner - C:\HIPAAmail\HIPAAmail.exe
    O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

    --
    End of file - 11807 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R0 szkg - c:\winnt\system32\drivers\szkg.sys <Not Verified; iS3 Inc.; Stopzilla>
    R1 OMCI - c:\winnt\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
    R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
    R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
    R1 VETFDDNT (VET Floppy Boot Sector Monitor) - c:\winnt\system32\drivers\vetfddnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
    R1 VET-FILT (VET File System Filter) - c:\winnt\system32\drivers\vet-filt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
    R1 VETMONNT (VET File Monitor) - c:\winnt\system32\drivers\vetmonnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
    R1 VET-REC (VET File System Recognizer) - c:\winnt\system32\drivers\vet-rec.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
    R3 Eplpdx02 - c:\winnt\system32\drivers\eplpdx02.sys <Not Verified; MK Systems CO., LTD.; MK Systems LPT I/O Driver for Windows2000>
    R3 rtl8180 (Belkin 11Mbps Wireless Desktop Network Card Driver) - c:\winnt\system32\drivers\bel6001.sys <Not Verified; Belkin Corporation; Belkin 11Mbps Wireless Desktop Network Card>
    R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

    S3 ApiMon - c:\winnt\system32\drivers\apimon.sys (file missing)
    S3 SjyPkt - c:\winnt\system32\drivers\sjypkt.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 DNTUS26 (DameWare NT Utilities 2.6) - c:\winnt\system32\dntus26.exe <Not Verified; DameWare Development; DameWare Development Remote Command Server>
    R2 ptssvc - c:\program files\kodak\kodak easyshare software\bin\ptssvc.exe <Not Verified; KODAK; KODAK PTS service>
    R2 r_server (Remote Administrator Service) - "c:\winnt\system32\hypertrm.exe" /service
    R2 startupdll (FireDaemon Service: startupdll) - c:\winnt\system32\firedaemon.exe
    R2 stunnel - "c:\hipaamail\hipaamail.exe" -service
    R2 szserver (STOPzilla Service) - "c:\program files\common files\is3\anti-spyware\szserver.exe" <Not Verified; iS3, Inc.; STOPzilla>

    S2 drvmanager (FireDaemon Service: drvmanager) - c:\winnt\system32\firedaemon.exe
    S2 Microsoft NetWork FireWall Services - net_services.exe (file missing)
    S2 Microsoft NetWork FireWall Services - netservices.exe (file missing)
    S2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" (file missing)


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
    Description: Lexmark X5100 Series
    Device ID: USB\VID_043D&PID_0065&MI_00\6&375DC868&0&0
    Manufacturer:
    Name: Lexmark X5100 Series
    PNP Device ID: USB\VID_043D&PID_0065&MI_00\6&375DC868&0&0
    Service:

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Universal Serial Bus (USB) Controller
    Device ID: PCI\VEN_8086&DEV_24CD&SUBSYS_01321028&REV_01\3&267A616A&0&EF
    Manufacturer:
    Name: Universal Serial Bus (USB) Controller
    PNP Device ID: PCI\VEN_8086&DEV_24CD&SUBSYS_01321028&REV_01\3&267A616A&0&EF
    Service:

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: PCI Simple Communications Controller
    Device ID: PCI\VEN_14F1&DEV_2016&SUBSYS_021913E0&REV_01\4&2AF9ED5&0&08F0
    Manufacturer:
    Name: PCI Simple Communications Controller
    PNP Device ID: PCI\VEN_14F1&DEV_2016&SUBSYS_021913E0&REV_01\4&2AF9ED5&0&08F0
    Service:


    -- Scheduled Tasks -------------------------------------------------------------

    2007-11-12 03:30:01 442 --a------ C:\WINNT\Tasks\RegistrySmart Scheduled Scan.job
    2007-11-11 17:00:11 464 --a------ C:\WINNT\Tasks\XoftSpySE 2.job
    2007-11-11 17:00:11 454 --a------ C:\WINNT\Tasks\RegCure Program Check.job
    2007-11-11 06:42:13 378 --a------ C:\WINNT\Tasks\XoftSpySE.job
    2007-11-09 08:17:00 268 --a------ C:\WINNT\Tasks\Disk Cleanup.job
    2007-11-08 04:53:56 388 --a------ C:\WINNT\Tasks\RegCure.job


    -- Files created between 2007-10-12 and 2007-11-12 -----------------------------

    2007-11-11 09:27:51 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-11-11 09:27:27 0 d-------- C:\Program Files\SUPERAntiSpyware
    2007-11-11 09:27:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
    2007-11-11 09:27:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-11 09:02:14 3180 --a------ C:\WINNT\system32\tmp.reg
    2007-11-11 09:00:07 25600 --a------ C:\WINNT\system32\WS2Fix.exe
    2007-11-11 09:00:07 289144 --a------ C:\WINNT\system32\VCCLSID.exe <Not Verified; S!Ri; >
    2007-11-11 09:00:06 288417 --a------ C:\WINNT\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
    2007-11-11 09:00:06 53248 --a------ C:\WINNT\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
    2007-11-11 09:00:06 51200 --a------ C:\WINNT\system32\dumphive.exe
    2007-11-11 07:54:49 0 d-------- C:\WINNT\winsxs
    2007-11-11 07:54:46 0 d-------- C:\Program Files\STOPzilla!
    2007-11-11 07:54:45 0 d-------- C:\Program Files\Common Files\iS3
    2007-11-11 07:54:45 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
    2007-11-11 07:38:01 0 d-------- C:\Program Files\Trend Micro
    2007-11-11 06:41:55 0 d-------- C:\Program Files\XoftSpySE
    2007-11-10 06:31:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Skype
    2007-11-10 06:00:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\Opera
    2007-11-10 05:59:14 0 d-------- C:\Program Files\Opera
    2007-11-05 19:24:52 0 d-------- C:\Program Files\Skype
    2007-11-05 19:24:50 0 d-------- C:\Program Files\Common Files\Skype
    2007-11-05 19:24:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
    2007-10-23 15:09:33 0 d-------- C:\WINNT\Sun
    2007-10-23 15:09:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
    2007-10-23 15:05:38 0 d-------- C:\Program Files\Java
    2007-10-23 15:04:17 0 d-------- C:\Program Files\Common Files\Java
    2007-10-13 08:56:01 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3b4.dat


    -- Find3M Report ---------------------------------------------------------------

    2007-11-12 05:54:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\FileZilla
    2007-11-11 09:27:03 0 d-a------ C:\Program Files\Common Files
    2007-11-11 09:06:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\WinTouch
    2007-11-11 08:10:51 0 d-------- C:\Program Files\Words
    2007-11-11 08:03:39 662 --a------ C:\WINNT\system32\CommonSharedRsc.dll
    2007-11-11 08:03:36 1350 --ahs---- C:\WINNT\system32\localstartd.dll
    2007-11-11 07:53:25 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-11-11 07:49:08 0 d-------- C:\Program Files\NoAdware
    2007-11-11 07:47:08 0 d-------- C:\Program Files\LeapFrogMessenger
    2007-11-11 07:10:58 0 d-a------ C:\Program Files\WebSearch
    2007-11-04 08:13:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
    2007-10-30 10:30:26 1100248 ---h----- C:\WINNT\ShellIconCache
    2007-10-23 15:07:49 1598 --a------ C:\WINNT\mozver.dat
    2007-10-14 22:59:37 0 d-------- C:\Program Files\Real
    2007-10-10 07:41:57 0 d-------- C:\Program Files\FileZilla Client
    2007-10-09 14:36:38 0 d-------- C:\Program Files\Kodak
    2007-10-09 14:35:56 0 d-------- C:\Program Files\Common Files\Kodak
    2007-10-09 14:34:51 20 --a------ C:\WINNT\´û»
    2007-10-09 13:47:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
    2007-10-05 23:28:18 0 d-------- C:\Program Files\Insider
    2007-10-05 10:11:08 225280 -ra------ C:\WINNT\system32\SZBase5.dll <Not Verified; iS3, Inc.; STOPzilla>
    2007-10-01 07:02:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Leadertech
    2007-09-20 19:02:53 0 d-------- C:\Program Files\RegCure
    2007-09-20 18:38:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\RegistrySmart
    2007-09-14 23:19:07 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_a04.dat
    2007-09-14 23:03:33 0 d-------- C:\Program Files\Google
    2007-09-13 16:36:46 126976 -ra------ C:\WINNT\system32\IS3HTUI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
    2007-09-13 16:36:38 311296 -ra------ C:\WINNT\system32\IS3DBA5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
    2007-09-13 16:35:48 372736 -ra------ C:\WINNT\system32\IS3UI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
    2007-09-13 16:35:32 61440 -ra------ C:\WINNT\system32\IS3Hks5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
    2007-09-13 16:35:14 23040 -ra------ C:\WINNT\system32\IS3XDat5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
    2007-09-13 16:34:54 200704 -ra------ C:\WINNT\system32\IS3Win325.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
    2007-09-13 16:34:36 94208 -ra------ C:\WINNT\system32\IS3Inet5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
    2007-09-13 16:34:24 90112 -ra------ C:\WINNT\system32\IS3Svc5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
    2007-09-13 16:34:00 700416 -ra------ C:\WINNT\system32\IS3Base5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
    2007-09-13 15:52:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
    2007-09-13 15:50:38 0 --a------ C:\WINNT\nsreg.dat
    2007-09-13 15:50:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Synchronization Manager"="mobsync.exe" [12/07/99 07:00a C:\WINNT\system32\mobsync.exe]
    "NvCplDaemon"="NvQTwk" []
    "CreateCD50"="C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" [05/02/02 06:58p]
    "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [04/10/02 04:44p]
    "Lexmark X5100 Series"="C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe" [12/16/02 06:10a]
    "HideRun.exe"="c:\winnt\system32\HideRun.exe" [03/17/97 04:52p]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/04/04 11:38a]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07/21/04 08:37p]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/19/04 03:26p]
    "CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [05/14/06 12:45p]
    "CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [05/14/06 12:45p]
    "YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [04/22/05 06:49p]
    "vptray"="C:\Program Files\NavNT\vptray.exe" [09/24/01 07:59a]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/07 12:11a]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/05/07 05:03p]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [09/13/07 01:31p]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/07 02:06p]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [3/30/2003 1:42:44 PM]
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/30/2003 1:46:30 PM]
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe [3/10/2005 8:40:30 AM]
    Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2/13/2004 1:12:08 PM]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 3:15:54 AM]
    MiniMavis.lnk - C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe [3/5/2006 2:20:08 PM]
    RtlWake.lnk - C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe [4/4/2004 9:49:23 AM]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/06 01:55p 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/07 01:41p 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=NVDESK32.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
    @="Driver"

    *Newly Created Service* - SASDIFSV
    *Newly Created Service* - SASENUM
    *Newly Created Service* - SASKUTIL



    -- End of Deckard's System Scanner: finished at 2007-11-12 05:58:39 ------------



    Thanks again...I'll watch for your next protocol. I sincerely appreciate your time and efforts in helping me with this/these problem(s).

    Michelle
     

    Attached Files:

  4. powell1294

    powell1294 Guest Thread Starter

    Joined:
    Nov 11, 2007
    Messages:
    10
    Aside from the system just really bogging down "speed related", I have not noticed any major issues that are visible to me......until now!

    I just noticed that IE is missing the address bar, so I am assuming that has been hijacked. I primarily use FF but happened to check a website look in IE.

    Also, my Adobe Illustrator must be feeling the effects of something weird as it won't open but once every 10 or so tries. Once it is open, it states that it cannot open a new file as the memory is too low.

    Needless, to say I am going crazy as I need this system to work efficiently with ALL of my programs in tact as I utilize photoshop, illustrator, pagemaker and such all day long.

    I am not sure how relevant these issues are; however, I thought that it might be worth mentioning.

    Since, I am unable to get my "work" done, I have been trying to fix all of the outdated issues that securion/software has shown.

    WOW, there sure is alot to this --- at any rate, I'll be anxiously awaiting a reply as I desperately need this system running correctly.

    Thanks much for your time and assistance.
    MIchelle
     
  5. powell1294

    powell1294 Guest Thread Starter

    Joined:
    Nov 11, 2007
    Messages:
    10
    I ran spybot search and destroy and made some other minimal changes -- I'm not sure how much it changed the logs; however, I have run them again....here they are:


    Here is the new HJT log:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:12:49 PM, on 11/12/2007
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\WINNT\SYSTEM32\DNTUS26.EXE
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\drivers\KodakCCS.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\hypertrm.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\FireDaemon.EXE
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\system32\cmd.exe
    C:\HIPAAmail\HIPAAmail.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\mobsync.exe
    C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
    C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
    C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
    C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Apps\PhotoshopAlbum.exe
    C:\Program Files\STOPzilla!\STOPzilla.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Adobe\Illustrator 10.0.3\Support Files\Contents\Windows\Illustrator.exe
    C:\Program Files\Common Files\Adobe\Web\AOM.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
    O4 - Global Startup: RtlWake.lnk = C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
    O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
    O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX 5.5 Basic) - http://www.bestmark.com/support/ScriptX.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
    O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/19874957e8714d79c021/netzip/RdxIE601.cab
    O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02a.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    O16 - DPF: {ED4E6F97-FA1A-4634-B550-AABFEB8DA009} (TulipPlayer Class) - http://www.exstream.to/tulip/cab/3,0,5,19/TulipPlayer2.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4283/mcfscan.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development - C:\WINNT\SYSTEM32\DNTUS26.EXE
    O23 - Service: FireDaemon Service: drvmanager (drvmanager) - Unknown owner - C:\WINNT\system32\FireDaemon.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
    O23 - Service: Microsoft NetWork FireWall Services - Unknown owner - Net_Services.exe (file missing)
    O23 - Service: Microsoft NetWork FireWall Services - Unknown owner - NetServices.exe (file missing)
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
    O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
    O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINNT\system32\hypertrm.exe
    O23 - Service: FireDaemon Service: startupdll (startupdll) - Unknown owner - C:\WINNT\system32\FireDaemon.EXE
    O23 - Service: stunnel - Unknown owner - C:\HIPAAmail\HIPAAmail.exe
    O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

    --
    End of file - 11603 bytes


    The other logs will follow....

    thanks in advance for your help.
    Michelle
     
  6. powell1294

    powell1294 Guest Thread Starter

    Joined:
    Nov 11, 2007
    Messages:
    10
    Deckard's System Scanner v20071014.68
    Run by Administrator on 2007-11-12 17:19:18
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    Total Physical Memory: 255 MiB (256 MiB recommended).


    -- HijackThis (run as Administrator.exe) ---------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:19:33 PM, on 11/12/2007
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\WINNT\SYSTEM32\DNTUS26.EXE
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\drivers\KodakCCS.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\hypertrm.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\FireDaemon.EXE
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\system32\cmd.exe
    C:\HIPAAmail\HIPAAmail.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\mobsync.exe
    C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
    C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
    C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
    C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\STOPzilla!\STOPzilla.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Documents and Settings\Administrator\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
    O4 - Global Startup: RtlWake.lnk = C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
    O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
    O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX 5.5 Basic) - http://www.bestmark.com/support/ScriptX.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
    O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/19874957e8714d79c021/netzip/RdxIE601.cab
    O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02a.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    O16 - DPF: {ED4E6F97-FA1A-4634-B550-AABFEB8DA009} (TulipPlayer Class) - http://www.exstream.to/tulip/cab/3,0,5,19/TulipPlayer2.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4283/mcfscan.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development - C:\WINNT\SYSTEM32\DNTUS26.EXE
    O23 - Service: FireDaemon Service: drvmanager (drvmanager) - Unknown owner - C:\WINNT\system32\FireDaemon.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
    O23 - Service: Microsoft NetWork FireWall Services - Unknown owner - Net_Services.exe (file missing)
    O23 - Service: Microsoft NetWork FireWall Services - Unknown owner - NetServices.exe (file missing)
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
    O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
    O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINNT\system32\hypertrm.exe
    O23 - Service: FireDaemon Service: startupdll (startupdll) - Unknown owner - C:\WINNT\system32\FireDaemon.EXE
    O23 - Service: stunnel - Unknown owner - C:\HIPAAmail\HIPAAmail.exe
    O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

    --
    End of file - 11379 bytes

    -- Files created between 2007-10-12 and 2007-11-12 -----------------------------

    2007-11-12 16:21:38 0 d-a------ C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-12 14:25:20 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_454.dat
    2007-11-12 14:08:43 0 d-------- C:\Program Files\IObit
    2007-11-12 12:07:28 0 d-------- C:\Documents and Settings\Administrator\.DownloadManager
    2007-11-12 12:03:59 0 d-------- C:\Program Files\The Weather Channel FW
    2007-11-12 12:00:47 0 d-------- C:\Program Files\Common Files\xing shared
    2007-11-12 10:15:40 0 d-------- C:\Program Files\Norton Security Scan
    2007-11-12 06:48:00 0 d-------- C:\Program Files\MSXML 4.0
    2007-11-12 06:34:48 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_95c.dat
    2007-11-12 05:58:34 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_45c.dat
    2007-11-11 09:27:51 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-11-11 09:27:27 0 d-------- C:\Program Files\SUPERAntiSpyware
    2007-11-11 09:27:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
    2007-11-11 09:27:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-11 09:02:14 3180 --a------ C:\WINNT\system32\tmp.reg
    2007-11-11 09:00:07 25600 --a------ C:\WINNT\system32\WS2Fix.exe
    2007-11-11 09:00:07 289144 --a------ C:\WINNT\system32\VCCLSID.exe <Not Verified; S!Ri; >
    2007-11-11 09:00:06 288417 --a------ C:\WINNT\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
    2007-11-11 09:00:06 53248 --a------ C:\WINNT\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
    2007-11-11 09:00:06 51200 --a------ C:\WINNT\system32\dumphive.exe
    2007-11-11 07:54:49 0 d-------- C:\WINNT\winsxs
    2007-11-11 07:54:46 0 d-------- C:\Program Files\STOPzilla!
    2007-11-11 07:54:45 0 d-------- C:\Program Files\Common Files\iS3
    2007-11-11 07:54:45 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
    2007-11-11 07:38:01 0 d-------- C:\Program Files\Trend Micro
    2007-11-11 06:41:55 0 d-------- C:\Program Files\XoftSpySE
    2007-11-10 06:31:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Skype
    2007-11-10 06:00:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\Opera
    2007-11-10 05:59:14 0 d-------- C:\Program Files\Opera
    2007-11-05 19:24:52 0 d-------- C:\Program Files\Skype
    2007-11-05 19:24:50 0 d-------- C:\Program Files\Common Files\Skype
    2007-11-05 19:24:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
    2007-10-23 15:09:33 0 d-------- C:\WINNT\Sun
    2007-10-23 15:09:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
    2007-10-23 15:05:38 0 d-------- C:\Program Files\Java
    2007-10-23 15:04:17 0 d-------- C:\Program Files\Common Files\Java
    2007-10-13 08:56:01 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3b4.dat


    -- Find3M Report ---------------------------------------------------------------

    2007-11-12 17:03:41 0 d-------- C:\Program Files\PAL SPYREM
    2007-11-12 14:57:52 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2007-11-12 14:09:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\FileZilla
    2007-11-12 12:00:47 0 d-a------ C:\Program Files\Common Files
    2007-11-12 12:00:37 0 d-------- C:\Program Files\Common Files\Real
    2007-11-12 06:46:43 0 d-------- C:\Program Files\THQ
    2007-11-12 06:33:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
    2007-11-12 06:33:41 0 d-------- C:\Program Files\Common Files\Adobe
    2007-11-11 09:06:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\WinTouch
    2007-11-11 08:10:51 0 d-------- C:\Program Files\Words
    2007-11-11 08:03:39 662 --a------ C:\WINNT\system32\CommonSharedRsc.dll
    2007-11-11 08:03:36 1350 --ahs---- C:\WINNT\system32\localstartd.dll
    2007-11-11 07:53:25 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-11-11 07:49:08 0 d-------- C:\Program Files\NoAdware
    2007-11-11 07:47:08 0 d-------- C:\Program Files\LeapFrogMessenger
    2007-10-23 15:07:49 1598 --a------ C:\WINNT\mozver.dat
    2007-10-14 22:59:37 0 d-------- C:\Program Files\Real
    2007-10-10 07:41:57 0 d-------- C:\Program Files\FileZilla Client
    2007-10-09 14:36:38 0 d-------- C:\Program Files\Kodak
    2007-10-09 14:35:56 0 d-------- C:\Program Files\Common Files\Kodak
    2007-10-09 14:34:51 20 --a------ C:\WINNT\´û»
    2007-10-09 13:47:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
    2007-10-05 23:28:18 0 d-------- C:\Program Files\Insider
    2007-10-05 10:11:08 225280 -ra------ C:\WINNT\system32\SZBase5.dll <Not Verified; iS3, Inc.; STOPzilla>
    2007-10-01 07:02:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Leadertech
    2007-09-20 19:02:53 0 d-------- C:\Program Files\RegCure
    2007-09-20 18:38:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\RegistrySmart
    2007-09-14 23:19:07 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_a04.dat
    2007-09-14 23:03:33 0 d-------- C:\Program Files\Google
    2007-09-13 16:36:46 126976 -ra------ C:\WINNT\system32\IS3HTUI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
    2007-09-13 16:36:38 311296 -ra------ C:\WINNT\system32\IS3DBA5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
    2007-09-13 16:35:48 372736 -ra------ C:\WINNT\system32\IS3UI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
    2007-09-13 16:35:32 61440 -ra------ C:\WINNT\system32\IS3Hks5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
    2007-09-13 16:35:14 23040 -ra------ C:\WINNT\system32\IS3XDat5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
    2007-09-13 16:34:54 200704 -ra------ C:\WINNT\system32\IS3Win325.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
    2007-09-13 16:34:36 94208 -ra------ C:\WINNT\system32\IS3Inet5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
    2007-09-13 16:34:24 90112 -ra------ C:\WINNT\system32\IS3Svc5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
    2007-09-13 16:34:00 700416 -ra------ C:\WINNT\system32\IS3Base5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
    2007-09-13 15:52:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
    2007-09-13 15:50:38 0 --a------ C:\WINNT\nsreg.dat
    2007-09-13 15:50:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Synchronization Manager"="mobsync.exe" [12/07/99 07:00a C:\WINNT\system32\mobsync.exe]
    "NvCplDaemon"="NvQTwk" []
    "CreateCD50"="C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" [05/02/02 06:58p]
    "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [04/10/02 04:44p]
    "Lexmark X5100 Series"="C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe" [12/16/02 06:10a]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/04/04 11:38a]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07/21/04 08:37p]
    "CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [05/14/06 12:45p]
    "CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [05/14/06 12:45p]
    "YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [04/22/05 06:49p]
    "vptray"="C:\Program Files\NavNT\vptray.exe" [09/24/01 07:59a]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/07 12:11a]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/12/07 11:59a]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/05/07 05:03p]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [09/13/07 01:31p]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/07 02:06p]
    "DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [03/16/07 07:51a]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/07 04:46p]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/30/2003 1:46:30 PM]
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe [3/10/2005 8:40:30 AM]
    Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2/13/2004 1:12:08 PM]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 3:15:54 AM]
    MiniMavis.lnk - C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe [3/5/2006 2:20:08 PM]
    RtlWake.lnk - C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe [4/4/2004 9:49:23 AM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=0 (0x0)
    "NoResolveSearch"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/07 01:41p 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=NVDESK32.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
    @="Driver"




    -- End of Deckard's System Scanner: finished at 2007-11-12 17:20:27 ------------
     
  7. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    In your log, i don't see anything malware related. Lets run an Online scan just to make sure


    Please perform a scan with Kaspersky Webscan Online Virus Scanner
    1. Click the "Kaspersky Online Scanner" button (NOT "Kaspersky File Scanner").
    2. Read the Requirements and Privacy statement, then select "Accept".
    3. A new window will appear promting you to install an ActiveX component from Kaspersky - "Do you want to install this software?".
    4. Click "Yes or select "Install" to download the ActiveX controls that allows ActiveScan to run.
    5. When the download is complete it will say ready, click "Next".
    6. Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard).
    7. Click "Scan Options" and select both "Scan Archives" and "Scan Mail Bases".
    8. Click "OK".
    9. Under "Select a target to scan", click on "My Computer".
    10. When the scan is complete choose to save the results as "Save as Text" named kaspersky.txt to your desktop and post them in your next reply.

    Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for Free Online Virus Scanner. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps here and reboot afterwards if your system does not reboot automatically or it will show 'Kaspersky Online Scanner license key was not found!
     
  8. powell1294

    powell1294 Guest Thread Starter

    Joined:
    Nov 11, 2007
    Messages:
    10
    After I hit accept, nothing happens....no new windows pop up with add'l info. Not sure what that is all about??
     
  9. powell1294

    powell1294 Guest Thread Starter

    Joined:
    Nov 11, 2007
    Messages:
    10
    Since I ran so many other checks and balances, I am wondering if it got everything??

    NO, I guess it didn't...still no address bar in IE, I keep getting pop-ups about low memory and such.

    I did get my illustrator program back though, working again after all of this.

    I still can't get the Kaspersky thing to do anything. It hangs up/stops after hitting the accept button?!?!?

    Please advise....thanks for your patience and support thus far.

    MIchelle
     
  10. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    That's alright. How is everything running???
     
  11. powell1294

    powell1294 Guest Thread Starter

    Joined:
    Nov 11, 2007
    Messages:
    10
    well.....the speed is back to normalcy; however, the IE address bar is still awol, as I think that it had been hijacked?? It's annoying as I use Explorer to double check how sites are looking (compared to FF since there have to be so many IE hacks used for alignment and such -- too much info, I'm sure, lol).

    Also, I think that whatever got into this computer affected the open programs that were running, especially Illustrator, as it is still hit and miss even though I jumped the gun and reported a bit ago that it was fine.

    So, any suggestions on the IE or Illustrator?

    Also, probably off topic; however, I have Zone Alarm on another computer here and I can't get it to work on this one b/c of supposed conflict with "computer associates" any advice there?

    As you can see, I could keep you up for days on end answering questions due to my illiteracy with the technology of computers. Thus, I do sincerely appreciate any help that you may be able to offer.

    Take care...headed out for a bit, be back in a little while and will check then.

    Michelle
     
  12. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Okay, lets see.


    Click HERE to download FindAWF.exe and save it to your desktop.
    Double-click on the FindAWF.exe file to run it.
    It will open a command prompt and ask you to "Press any key to continue".
    You will be presented with a Menu.
    Type 1, then press Enter.
    FindAWF tool will begin scanning.
    It may take a few minutes to complete so be patient.
    When the scan is finished, a text file in notepad called AWF.txt will automatically open.
    Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.
     
  13. powell1294

    powell1294 Guest Thread Starter

    Joined:
    Nov 11, 2007
    Messages:
    10
    It downloaded fine and I pressed any key to continue, went on to press 1 and enter.
    Then, it popped up a window that said:

    16 bit MS-DOS Subsystem
    ---------------------------
    C:\Documents and Settings\Administrator\Desktop\FindAWF.exe
    C:\WINNT\SYSTEM32\AUTOEXEC.NT. The system file is not suitable for running MS-DOS and Microsoft Windows applications. Choose 'Close' to terminate the application.
    ---------------------------
    Close Ignore
    ---------------------------

    I chose Ignore and this is what happened:

    this is what it said in notepad:

    Find AWF report by noahdfear ©2006
    Version 1.40

    The current date is: Tue 11/13/2007
    The current time is: 5:32:41.57


    bak folders found
    ~~~~~~~~~~~



    Duplicate files of bak directory contents
    ~~~~~~~~~~~~~~~~~~~~~~~



    end of report


    I will await your next response. Hope your day is off to a great start.
    Michelle
     
  14. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Download DrWeb-CureIt
    & save it to your desktop. DO NOT perform a scan yet.

    Reboot your computer in "SAFE MODE" using the F8 method so Windows will start with minimal drivers and running processes. To do this restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

    Scan with DrWeb-CureIt as follows:
    1. Double-click on drweb-cureit.exe to start the program.
    2. An "Express Scan of your PC" notice will appear. Under "Start the Express Scan Now", Click "OK" to start.
    3. Click "Select drives" and then click the "Start/Stop Scanning" button (green arrow on the right) to start.
    4. When done a message will be displayed at the bottom advising if any viruses were found.
    5. A log file will be created in C:\Documents and Settings\username\DoctorWeb\CureIt.log
    6. Any quarantined files will be sent to C:\Documents and Settings\username\DoctorWeb\Quarantine.
    7. Exit the program and reboot to normal mode. Don't post the log because it will be rather long. Just take a look and let me know if it found anything that could not be deleted.
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/650556

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice