Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With "warning Spyware Detected On Your Computer" Trojan


  • This topic is locked This topic is locked
7 replies to this topic

#1 BRAD80

BRAD80

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 22 June 2008 - 04:49 PM

Hi, my name is Brad and I was surfing the web last night and encountered some sort of virus after entering a particular site. My desktop screen turned bright blue and had the message "Warning Spyware Detected On Your Computer" centered in the middle. I tried to reset my desktop background through the properties menu, but it didn't display the tab necessary to do this. At this point I didn't notice any other strange things happening. I immediately scanned for viruses with McAfee, but it didn't detect anything. So, I then searched Google for assistance on this type of issue and ended up using Malwarebytes' Anti-Malware, recommended by http://www.theeldergeek.com/forum/index.php?showtopic=30736, to remove any detected corrupt files. The first scan detected around 25 corrupt files, which I deleted, and I was then able to access the desktop properties menu to change the background. However, I restarted my computer today and the blue screen with the same warning message was there again, and again I didn't have access in the desktop properties menu. I reran the Ant-Malware and it now detects 4 corrupt files, which I deleted to give me desktop properties access again. After this reboot, I also got the message "can't find script file c:\documents and settings\brad berry\local settings\temp\.ttf.tmp.vbs" from Windows Script Host, and McAfee warned me of the PUP "c:\windows\system32\blphcetqj0e191.scr" trying to run which I denied. Now, I was turned on to this site through a thread, http://www.bleepingcomputer.com/forums/t/45883/infected-with-warning-spyware-detected-on-your-computer/, which did give me some preparation but I decided to go ahead and start my on thread as that one is quite dated. Miekiemoes on the HJT Team in that thread did recommend an online scan with Panda, which I did perform and will include the Panda results below; figured this report would be equivalent to the Kaspersky report, as it did take quite a long time to scan. So, I will post the DSS main.text and extra.text reports, along with the Panda report below. I would really appreciate any assistance you could give me in resolving this matter.

DSS Main.txt Report
Deckard's System Scanner v20071014.68
Run by Brad Berry on 2008-06-22 15:31:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-06-22 20:31:23 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-06-22 06:04:38 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Brad Berry.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:33:10 PM, on 6/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\AOL\1169364520\ee\AOLSoftware.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\lphcetqj0e191.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Brad Berry\My Documents\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Brad Berry.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1169364520\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [lphcetqj0e191] C:\WINDOWS\system32\lphcetqj0e191.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [EPSON Stylus C80 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P23 "EPSON Stylus C80 Series" /O6 "USB001" /M "Stylus C80"
O4 - HKCU\..\Run: [ISMModule4] "C:\Program Files\ISM\ISMModule4.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10968 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys
R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys

S3 ATICDSDr - c:\program files\ati technologies\ati control panel\atiicdxx.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe"
R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe"
R2 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01881028&REV_02\4&2FA23535&0&00F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01881028&REV_02\4&2FA23535&0&00F0
Service: bcm4sbxp


-- Scheduled Tasks -------------------------------------------------------------

2008-06-22 11:44:41 360 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (COLBY-Brad Berry).job
2008-05-14 17:26:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-22 and 2008-06-22 -----------------------------

2008-06-22 15:07:40 0 d-------- C:\Program Files\Trend Micro
2008-06-22 12:47:02 0 d-------- C:\Program Files\Panda Security
2008-06-22 12:47:00 0 d-------- C:\WINDOWS\LastGood
2008-06-22 00:43:18 0 d-------- C:\Documents and Settings\Brad Berry\Application Data\Malwarebytes
2008-06-22 00:43:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-22 00:43:09 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-21 22:52:28 109056 --a------ C:\WINDOWS\system32\lphcetqj0e191.exe


-- Find3M Report ---------------------------------------------------------------

2008-06-21 03:49:12 0 d-------- C:\Program Files\Common Files\Real
2008-06-21 03:49:11 0 d-------- C:\Documents and Settings\Brad Berry\Application Data\Real
2008-06-21 03:48:48 0 d-------- C:\Program Files\Common Files
2008-05-15 08:36:44 0 d-------- C:\Documents and Settings\Brad Berry\Application Data\Apple Computer
2008-05-05 21:43:41 0 d-------- C:\Program Files\Google
2008-04-24 13:03:07 0 d-------- C:\Program Files\iTunes
2008-04-24 13:02:51 0 d-------- C:\Program Files\iPod
2008-04-24 12:59:33 0 d-------- C:\Program Files\QuickTime
2008-04-24 12:52:44 0 d-------- C:\Program Files\Apple Software Update
2008-04-23 11:41:56 1160 --a----c- C:\WINDOWS\mozver.dat
2008-04-23 11:36:29 0 d-------- C:\Documents and Settings\Brad Berry\Application Data\Mozilla


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/10/2004 04:04 AM]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [09/13/2004 04:33 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 05:48 PM]
"@"="" []
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/30/2004 02:59 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/12/2005 09:00 PM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [03/04/2005 11:26 AM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 04:19 PM]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [09/14/2004 08:50 AM]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [09/14/2004 08:50 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 01:05 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 04:50 PM]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [07/08/2005 07:18 PM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 07:29 PM]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [01/11/2006 01:05 PM]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [08/10/2005 12:49 PM]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [08/11/2005 10:02 PM]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [11/11/2005 06:00 PM]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [10/23/2006 07:50 AM]
"HostManager"="C:\Program Files\Common Files\AOL\1169364520\ee\AOLSoftware.exe" [09/25/2006 07:52 PM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]
"MsgCenterExe"="C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" []
"lphcetqj0e191"="C:\WINDOWS\system32\lphcetqj0e191.exe" [06/21/2008 10:52 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 05:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"EPSON Stylus C80 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.exe" [10/04/2001 03:01 AM]
"Aim6"="" []
"ISMModule4"="C:\Program Files\ISM\ISMModule4.exe" []
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [9/22/2005 4:39:06 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [9/22/2005 4:29:22 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [5/5/2008 9:42:12 PM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [11/11/2004 11:59:36 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 09/07/2004 04:08 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72a9dfb4-897a-11db-bd45-00038a000015}]
AutoRun\command- rundll32.exe url.dll,FileProtocolHandler LapNetWizard.exe

*Newly Created Service* - RKPAVPROC



-- End of Deckard's System Scanner: finished at 2008-06-22 15:34:01 ------------

DSS Extra.txt Report
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.60GHz
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 511.37 MiB / 178.16 MiB
Pagefile Memory (total/avail): 1246.4 MiB / 664.36 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933.47 MiB

C: is Fixed (NTFS) - 69.82 GiB total, 56.95 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2080AH - 74.53 GiB - 3 partitions
\PARTITION0 - Unknown - 62.72 MiB
\PARTITION1 (bootable) - Installable File System - 69.82 GiB - C:
\PARTITION2 - Unknown - 4.64 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall Plus v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1169364520\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1169364520\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"="C:\\Program Files\\QuickTime\\QuickTimePlayer.exe:*:Disabled:QuickTime Player"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Brad Berry\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COLBY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Brad Berry
LOGONSERVER=\\COLBY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\BRADBE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\BRADBE~1\LOCALS~1\Temp
USERDOMAIN=COLBY
USERNAME=Brad Berry
USERPROFILE=C:\Documents and Settings\Brad Berry
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Brad Berry (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
ALPS Touch Pad Driver --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
AOL Coach Version 1.0(Build:20040229.1 en) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Banctec Service Agreement --> MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}
Broadcom Management Programs 2 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64A77F14-0E08-4A97-A859-E93CFF428756} /l1033
Conexant D110 MDC V.9x Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Consumer Complete Care Services Agreement --> MsiExec.exe /X{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}
Corel WordPerfect Suite 8 --> C:\Corel\Suite8\AppMan\Setup\REMOVELAUNCHER.EXE
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Picture Studio v3.0 --> MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
EarthLink setup files --> MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Get High Speed Internet! --> MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Internal Network Card Power Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Jasc Paint Shop Photo Album 5 --> MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC}
Jasc Paint Shop Pro Studio, Dell Editon --> MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee Personal Firewall Plus --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=mpf /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\mpfrem.ui::uninstall.htm
McAfee SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
McAfee VirusScan --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=vso /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA --> MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Brad Berry\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
MyWay Search Assistant --> MsiExec.exe /X{E7559288-223B-453C-9F06-340E3BE21E39}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PartyPoker --> "C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickBooks Simple Start Special Edition --> msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Special Edition" ADDREMOVE=1
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL APPDRVNT4 - ALL
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369) -->
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"


-- Application Event Log -------------------------------------------------------

Event Record #/Type3854 / Error
Event Submitted/Written: 06/22/2008 01:05:10 AM
Event ID/Source: 4689 / COM+
Event Description:
The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in d:\qxp_slp\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007041d: InitEventCollector failed

Event Record #/Type3844 / Error
Event Submitted/Written: 06/21/2008 11:10:29 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application rundll32.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3831 / Error
Event Submitted/Written: 06/21/2008 03:45:47 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3830 / Error
Event Submitted/Written: 06/21/2008 03:45:46 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3828 / Error
Event Submitted/Written: 06/17/2008 11:18:16 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4551 / Error
Event Submitted/Written: 06/22/2008 08:31:35 AM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.

Event Record #/Type4546 / Warning
Event Submitted/Written: 06/22/2008 01:44:25 AM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{62D1626F-D853-48EE-8CB1-5B86CFF6AD4F}.

Event Record #/Type4520 / Error
Event Submitted/Written: 06/22/2008 01:05:17 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The COM+ System Application service failed to start due to the following error:
%%1053

Event Record #/Type4519 / Error
Event Submitted/Written: 06/22/2008 01:05:16 AM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.

Event Record #/Type4514 / Error
Event Submitted/Written: 06/22/2008 01:05:10 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1053" attempting to start the service COMSysApp with arguments ""
in order to run the server:
{ECABAFBC-7F19-11D2-978E-0000F8757E2A}



-- End of Deckard's System Scanner: finished at 2008-06-22 15:34:01 ------------

Panda Report
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-06-22 15:03:07
PROTECTIONS: 1
MALWARE: 99
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Application Data\Mozilla\Firefox\Profiles\eblpurap.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Application Data\Mozilla\Firefox\Profiles\eblpurap.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Application Data\Mozilla\Firefox\Profiles\eblpurap.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@trafficmp[2].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Application Data\Mozilla\Firefox\Profiles\eblpurap.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Application Data\Mozilla\Firefox\Profiles\eblpurap.default\cookies.txt[.trafficmp.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Application Data\Mozilla\Firefox\Profiles\eblpurap.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Application Data\Mozilla\Firefox\Profiles\eblpurap.default\cookies.txt[.atdmt.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@tradedoubler[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@247realmedia[1].txt
00145433 Cookie/Mammamediasolutions TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@targetnet[1].txt
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@bfast[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Application Data\Mozilla\Firefox\Profiles\eblpurap.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Application Data\Mozilla\Firefox\Profiles\eblpurap.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Application Data\Mozilla\Firefox\Profiles\eblpurap.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@tribalfusion[1].txt
00145732 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@as-eu.falkag[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Application Data\Mozilla\Firefox\Profiles\eblpurap.default\cookies.txt[.mediaplex.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@offeroptimizer[2].txt
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@centrport[1].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@linksynergy[1].txt
00147796 Cookie/Entrepreneur TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@entrepreneur[1].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Application Data\Mozilla\Firefox\Profiles\eblpurap.default\cookies.txt[.clickbank.net/]
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@clickbank[2].txt
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@maxserving[2].txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@ccbill[1].txt
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@belnk[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@revenue[1].txt
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@findwhat[1].txt
00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@dist.belnk[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@com[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@yadro[1].txt
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@landing.domainsponsor[2].txt
00167677 Cookie/WebPower TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@webpower[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@xiti[1].txt
00167706 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@counter3.sextracker[1].txt
00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@hotlog[2].txt
00167730 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@ehg.hitbox[1].txt
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@z1.adserver[1].txt
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@gostats[1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@azjmp[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Application Data\Mozilla\Firefox\Profiles\eblpurap.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@statcounter[1].txt
00167759 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@counter9.sextracker[2].txt
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@counter.hitslink[1].txt
00167761 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@counter8.sextracker[1].txt
00167762 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@counter13.sextracker[1].txt
00167763 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@counter1.sextracker[1].txt
00167770 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@counter15.sextracker[1].txt
00167778 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@ehg-sonycomputer.hitbox[1].txt
00167795 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@club.cdfreaks[2].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@perf.overture[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Application Data\Mozilla\Firefox\Profiles\eblpurap.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Application Data\Mozilla\Firefox\Profiles\eblpurap.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Application Data\Mozilla\Firefox\Profiles\eblpurap.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Application Data\Mozilla\Firefox\Profiles\eblpurap.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Application Data\Mozilla\Firefox\Profiles\eblpurap.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Application Data\Mozilla\Firefox\Profiles\eblpurap.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Application Data\Mozilla\Firefox\Profiles\eblpurap.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Application Data\Mozilla\Firefox\Profiles\eblpurap.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@ad.yieldmanager[2].txt
00168057 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@counter10.sextracker[2].txt
00168058 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@counter4.sextracker[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Application Data\Mozilla\Firefox\Profiles\eblpurap.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@burstnet[2].txt
00168077 Cookie/Versiontracker TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@versiontracker[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@bs.serving-sys[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@www.burstbeacon[2].txt
00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@as-us.falkag[2].txt
00168105 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@cdfreaks[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@adtech[2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@server.iad.liveperson[1].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@stat.onestat[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Application Data\Mozilla\Firefox\Profiles\eblpurap.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Application Data\Mozilla\Firefox\Profiles\eblpurap.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Application Data\Mozilla\Firefox\Profiles\eblpurap.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Application Data\Mozilla\Firefox\Profiles\eblpurap.default\cookies.txt[.advertising.com/]
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@sextracker[1].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@adrevolver[2].txt
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@adopt.hbmediapro[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@statse.webtrendslive[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@ads.pointroll[1].txt
00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@fortunecity[2].txt
00170550 Cookie/Humanclick TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@hc2.humanclick[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@realmedia[2].txt
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@cgi-bin[8].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@zedo[2].txt
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@cs.sexcounter[2].txt
00180154 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@counter16.sextracker[1].txt
00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@xxxcounter[1].txt
00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@phg.hitbox[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@adrevolver[1].txt
00186561 Cookie/Banner TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@banner[1].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@bravenet[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@adultfriendfinder[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@go[2].txt
00199983 Cookie/Valueclick TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@valueclick[3].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@searchportal.information[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@target[2].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@did-it[1].txt
00216065 Cookie/Screensavers TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@i.screensavers[1].txt
00247982 Cookie/TargetSaver TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@targetsaver[2].txt
00251542 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@counter5.sextracker[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@atwola[2].txt
00262021 Cookie/Kmpads TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@kmpads[2].txt
00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@cgi-bin[2].txt
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@ehg-dig.hitbox[2].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@ads.addynamix[2].txt
00296582 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@www.drivecleaner[1].txt
00296583 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@stats.drivecleaner[2].txt
00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@drivecleaner[2].txt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@citi.bridgetrack[2].txt
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@adserver.easyad[2].txt
02164907 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\DIGStream\digstream.exe
02261869 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Brad Berry\Cookies\brad berry@counter12.sextracker[2].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location 
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description 
;===================================================================================================================================================================================
108742 MEDIUM MS06-006 
;===================================================================================================================================================================================

Edited by BRAD80, 22 June 2008 - 09:39 PM.


BC AdBot (Login to Remove)

 


m

#2 BRAD80

BRAD80
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 22 June 2008 - 09:01 PM

I will also add that the application lphcetqj0e191.exe in C:\WINDOWS\system32, along side phcetqj0e191.bmp bitmap image of the actual warning sign that keeps displaying on my desktop, was modified around the exact same time of encountering this virus. Tryed to delete this application, but error message "Can not delete: Access is denied; Make sure the disk is not full or write-protected and that the file is not currently in use" appears. I don't even know if this is part of the problem or if it should even be deleted, just thought it was a coincidense.

Edited by BRAD80, 22 June 2008 - 09:35 PM.


#3 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:07 AM

Posted 23 June 2008 - 04:37 PM

Hello Brad80 and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#4 BRAD80

BRAD80
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 23 June 2008 - 11:57 PM

Hey Thunder, I really appreciate your help. I will also note that I received a warning message from McAfee after running ComboFix which looked like this:

Virus Found
File: Av-test.txt
Virus Name: EICAR test file
File Path: c:\Documents and Settings\Brad
Verify that the file is not write-protected and try again.

I tryed to delete/clean/quarantine the file, but it would not allow me. The Malwarebytes' Anti-Malware scan did come up clean, however, I have not restarted my computer since running the Anti-Malware scan yesterday and don't know if the virus will reactivate after shutting down. I would rather wait and let you read through the logs first. The Malwarebytes' Anti-Malware, HijackThis, and ComboFix logs are below.

Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware 1.18
Database version: 876

11:30:24 PM 6/23/2008
mbam-log-6-23-2008 (23-30-24).txt

Scan type: Quick Scan
Objects scanned: 40954
Time elapsed: 8 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:36 PM, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\AOL\1169364520\ee\AOLSoftware.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\lphcetqj0e191.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1169364520\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [lphcetqj0e191] C:\WINDOWS\system32\lphcetqj0e191.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [EPSON Stylus C80 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P23 "EPSON Stylus C80 Series" /O6 "USB001" /M "Stylus C80"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10595 bytes

ComboFix
ComboFix 08-06-20.4 - Brad Berry 2008-06-23 23:04:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.157 [GMT -5:00]
Running from: C:\Documents and Settings\Brad Berry\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Brad Berry\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Brad Berry\Application Data\macromedia\Flash Player\#SharedObjects\JG83VXQL\www.broadcaster.com
C:\Documents and Settings\Brad Berry\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Brad Berry\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-24 to 2008-06-24 )))))))))))))))))))))))))))))))
.

2008-06-22 15:30 . 2008-06-22 15:30 <DIR> d-------- C:\Deckard
2008-06-22 15:07 . 2008-06-22 15:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-22 12:47 . 2008-06-22 12:47 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-22 12:47 . 2008-06-22 12:47 <DIR> d-------- C:\Program Files\Panda Security
2008-06-22 11:45 . 2008-06-22 11:45 90,838 --a------ C:\WINDOWS\system32\phcetqj0e191.bmp
2008-06-22 00:43 . 2008-06-22 00:43 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-22 00:43 . 2008-06-22 00:43 <DIR> d-------- C:\Documents and Settings\Brad Berry\Application Data\Malwarebytes
2008-06-22 00:43 . 2008-06-22 00:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-22 00:43 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-22 00:43 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-21 22:52 . 2008-06-21 22:52 109,056 --a------ C:\WINDOWS\system32\lphcetqj0e191.exe
2008-06-10 18:06 . 2008-06-13 08:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 18:06 . 2008-06-13 08:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-24 03:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-21 08:49 --------- d-----w C:\Program Files\Common Files\Real
2008-05-15 13:36 --------- d-----w C:\Documents and Settings\Brad Berry\Application Data\Apple Computer
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-06 02:43 --------- d-----w C:\Program Files\Google
2008-04-24 18:03 --------- d-----w C:\Program Files\iTunes
2008-04-24 18:02 --------- d-----w C:\Program Files\iPod
2008-04-24 17:59 --------- d-----w C:\Program Files\QuickTime
2008-04-24 17:52 --------- d-----w C:\Program Files\Apple Software Update
2008-04-17 10:46 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"EPSON Stylus C80 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE" [2001-10-04 03:01 69632]
"Aim6"="" []
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 16:33 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48 32881]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 21:00 344064]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 11:26 606208]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 08:50 131072]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 08:50 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 19:18 151552]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 13:05 212992]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 18:00 1005096]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50 71216]
"HostManager"="C:\Program Files\Common Files\AOL\1169364520\ee\AOLSoftware.exe" [2006-09-25 19:52 50736]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"MsgCenterExe"="C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [ ]
"lphcetqj0e191"="C:\WINDOWS\system32\lphcetqj0e191.exe" [2008-06-21 22:52 109056]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-09-22 16:39:06 156784]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-09-22 16:29:22 24576]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-05-05 21:42:12 124400]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 11:59:36 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1169364520\\ee\\aolsoftware.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
S3 ATICDSDr;ATICDSDr;C:\Program Files\ATI Technologies\ATI Control Panel\atiicdxx.sys [2005-05-12 21:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72a9dfb4-897a-11db-bd45-00038a000015}]
\Shell\AutoRun\command - rundll32.exe url.dll,FileProtocolHandler LapNetWizard.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - RKPAVPROC
.
Contents of the 'Scheduled Tasks' folder
"2008-05-14 22:26:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-22 16:44:41 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (COLBY-Brad Berry).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 23:06:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-23 23:08:17
ComboFix-quarantined-files.txt 2008-06-24 04:07:50

Pre-Run: 61,093,769,216 bytes free
Post-Run: 61,562,089,472 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

149 --- E O F --- 2008-06-21 08:41:47

#5 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:07 AM

Posted 24 June 2008 - 12:45 PM

Hello Brad,

It's better to temporarily disable McAfee as it may interfere with malware removal by ComboFix (wrongly seeing it as malware activity). :thumbsup:

Let's clean up some more :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:File::
C:\WINDOWS\system32\phcetqj0e191.bmp
C:\WINDOWS\system32\lphcetqj0e191.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lphcetqj0e191"=-

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh HijackThislog.

Are you still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#6 BRAD80

BRAD80
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 24 June 2008 - 08:00 PM

Hi Thunder, I really can't thank you enough for all your help. My laptop does seem to be running well after the last ComboFix scan you told me to run. I will say that after the last scan, the ComboFix log did pop up but my task bar and desktop icons did not return. However, I just restarted the computer and everything was back to normal; and the desktop background did not change to the warning sign, so that's good. I'll post the two logs you asked for below. Thanks so much.

ComboFix Log
ComboFix 08-06-20.4 - Brad Berry 2008-06-24 19:13:21.2 - NTFSx86
Running from: C:\Documents and Settings\Brad Berry\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Brad Berry\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\WINDOWS\system32\lphcetqj0e191.exe
C:\WINDOWS\system32\phcetqj0e191.bmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Desktop\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\How to Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Uninstall.lnk
C:\Documents and Settings\Brad Berry\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Protector 2008.lnk
C:\Documents and Settings\Brad Berry\Application Data\shc9tqj0e191
C:\Program Files\shc9tqj0e191
C:\WINDOWS\system32\lphcetqj0e191.exe
C:\WINDOWS\system32\phcetqj0e191.bmp

.
((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 )))))))))))))))))))))))))))))))
.

2008-06-24 09:43 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-06-24 09:42 . 2008-06-24 18:57 21,263 --a------ C:\WINDOWS\system32\Config.MPF
2008-06-24 09:39 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-06-24 09:39 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-06-24 09:39 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-06-24 09:39 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-06-24 09:39 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-06-24 09:39 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-06-24 09:38 . 2008-06-24 09:44 <DIR> d-------- C:\Program Files\McAfee
2008-06-24 09:36 . 2008-06-24 09:39 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-06-24 09:26 . 2008-06-24 09:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-22 15:30 . 2008-06-22 15:30 <DIR> d-------- C:\Deckard
2008-06-22 15:07 . 2008-06-22 15:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-22 12:47 . 2008-06-24 09:43 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-22 12:47 . 2008-06-22 12:47 <DIR> d-------- C:\Program Files\Panda Security
2008-06-22 00:43 . 2008-06-22 00:43 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-22 00:43 . 2008-06-22 00:43 <DIR> d-------- C:\Documents and Settings\Brad Berry\Application Data\Malwarebytes
2008-06-22 00:43 . 2008-06-22 00:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-22 00:43 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-22 00:43 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-10 18:06 . 2008-06-13 08:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 18:06 . 2008-06-13 08:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-24 14:37 --------- d-----w C:\Program Files\McAfee.com
2008-06-24 03:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-21 08:49 --------- d-----w C:\Program Files\Common Files\Real
2008-05-15 13:36 --------- d-----w C:\Documents and Settings\Brad Berry\Application Data\Apple Computer
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-06 02:43 --------- d-----w C:\Program Files\Google
2008-04-17 10:46 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-23_23.07.33.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-08-10 16:22:10 114,464 ----a-w C:\WINDOWS\LastGood\system32\drivers\naiavf5x.sys
+ 2004-08-10 10:00:00 23,040 ----a-w C:\WINDOWS\LastGood\system32\psapi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"EPSON Stylus C80 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE" [2001-10-04 03:01 69632]
"Aim6"="" []
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 16:33 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48 32881]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 21:00 344064]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 11:26 606208]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 08:50 131072]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 08:50 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50 71216]
"HostManager"="C:\Program Files\Common Files\AOL\1169364520\ee\AOLSoftware.exe" [2006-09-25 19:52 50736]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"MsgCenterExe"="C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [ ]
"lphcetqj0e191"="C:\WINDOWS\system32\lphcetqj0e191.exe" [ ]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2005-09-22 19:29 303104]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
$McInstBootA5E6DEAA56$.lnk - C:\WINDOWS\system32\cmd.exe [2004-08-19 15:49:19 388608]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-09-22 16:39:06 156784]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-09-22 16:29:22 24576]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-05-05 21:42:12 124400]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 11:59:36 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1169364520\\ee\\aolsoftware.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
S2 0000711214318211mcinstcleanup;McAfee Application Installer Cleanup (0000711214318211);C:\WINDOWS\TEMP\000071~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []
S3 ATICDSDr;ATICDSDr;C:\Program Files\ATI Technologies\ATI Control Panel\atiicdxx.sys [2005-05-12 21:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72a9dfb4-897a-11db-bd45-00038a000015}]
\Shell\AutoRun\command - rundll32.exe url.dll,FileProtocolHandler LapNetWizard.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - MCMSCSVC
*Newly Created Service* - MCNASVC
*Newly Created Service* - MCSYSMON
*Newly Created Service* - MFEAVFK
*Newly Created Service* - MFEBOPK
*Newly Created Service* - MFEHIDK
*Newly Created Service* - MFESMFK
*Newly Created Service* - MPFP
*Newly Created Service* - MPFSERVICE
*Newly Created Service* - RKPAVPROC
.
Contents of the 'Scheduled Tasks' folder
"2008-05-14 22:26:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-24 14:38:46 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-06-24 14:38:44 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 19:16:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-24 19:19:05
ComboFix-quarantined-files.txt 2008-06-25 00:18:43
ComboFix2.txt 2008-06-24 04:08:18

Pre-Run: 61,425,332,224 bytes free
Post-Run: 61,426,905,088 bytes free

175 --- E O F --- 2008-06-21 08:41:47

HijackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:38 PM, on 6/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\AOL\1169364520\ee\AOLSoftware.exe
C:\Program Files\Apoint\Apntex.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1169364520\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [EPSON Stylus C80 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P23 "EPSON Stylus C80 Series" /O6 "USB001" /M "Stylus C80"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O23 - Service: McAfee Application Installer Cleanup (0000711214318211) (0000711214318211mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\000071~1.EXE (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10547 bytes

#7 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:07 AM

Posted 25 June 2008 - 03:37 AM

Hello Brad,

Your logs look fine now. :thumbsup:

You can remove all used tools and folders created in the process.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Your JavaVM is also out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u6.
  • Scroll down to where it says The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the Download button to the right.
  • Check the box that says: Accept License Agreement
  • The page will refresh.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windowsi586-p.exe to install the newest version.
No more problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#8 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:07 AM

Posted 23 July 2008 - 04:38 PM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users