I am have a many problem with my computer. I have window xp. I ran norton scan ,spybot,no lop and ad-ware se

1. getting audio and visual pop ups

2. I am getting pop up for free scan for winanti virus pro which one of my kids did once I did uninstall and deleted it but now I am still getting pop up to try it
3. all web pages are website's security certificate missing and they are in my list of favorite that I have gone to 100s of times

4. I install a new antivirus because it keep say mine was udated even though I have updated it

5. at start up there is a pop up tring to install sonic actavation. I have gone to add/change and remve it but it keeps coming back.

Here is my hijack log Logfile of HijackThis v1.99.1
Scan saved at 7:25:24 PM, on 7/4/2003
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Common Files\AOL\1147899292\ee\AOLSoftware.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Clarice\My Documents\now\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.googlee.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\tmp519.tmp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {868865EC-0295-4C7D-B25D-9F65314145E9} - C:\WINDOWS\system32\gebxxuv.dll (file missing)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {d7398b56-0117-4482-9d48-f9aa5f539ecd} - C:\WINDOWS\system32\igxtup.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1147899292\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\FotomatDeviceConnect.exe
O4 - HKLM\..\Run: [DC6_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwasdc.exe" /min
O4 - HKLM\..\Run: [ERS_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwasers.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [Mecm] "C:\PROGRA~1\RACLE~1\userinit.exe" -vt yazb
O4 - HKCU\..\Run: [Zwvayspn] "C:\Program Files\Common Files\M?crosoft.NET\w?aclt.exe"
O4 - HKCU\..\Run: [Lflb] "C:\Documents and Settings\Clarice\My Documents\s?mbols\l?ass.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\igxtup.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\igxtup.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Clarice\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sd...SL/tgctlcm.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1163614148465
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/game...oadControl.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/game...utLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game...nematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: gebxxuv - gebxxuv.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: igxtup - C:\WINDOWS\SYSTEM32\igxtup.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: opnlllm - opnlllm.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Unknown owner - C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

I forgot to ask we havre the computer set up so everyone has there own account do I have to do the scan on each account
Thank you for your help

pbfjim

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.





Download ComboFix from Here or Here to your Desktop.

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall




It will likely be necessary to check other user profiles once the current profile is completely cleaned up.

combfix

"Clarice" - 2003-07-05 19:12:00 - ComboFix 07-07-04.4 - Service Pack 2


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))) )))))


C:\WINDOWS\system32\ddeeg.bak1
C:\WINDOWS\system32\ddeeg.bak2
C:\WINDOWS\system32\ddeeg.ini
C:\WINDOWS\system32\ddeeg.ini2
C:\WINDOWS\system32\ddeeg.bak1
C:\WINDOWS\system32\ddeeg.bak2
C:\WINDOWS\system32\ddeeg.ini
C:\WINDOWS\system32\ddeeg.ini2
C:\WINDOWS\system32\igxtup.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\Clarice\APPLIC~1.\crosof~1
C:\DOCUME~1\Clarice\APPLIC~1.\sstem3~1
C:\DOCUME~1\Clarice\APPLIC~1\tmp11.tmp.exe
C:\DOCUME~1\Clarice\APPLIC~1\tmp150.tmp.exe
C:\DOCUME~1\Clarice\APPLIC~1\tmp2D.tmp.exe
C:\DOCUME~1\Clarice\APPLIC~1\tmp2E.tmp.exe
C:\DOCUME~1\Clarice\APPLIC~1\tmp57.tmp.exe
C:\DOCUME~1\Clarice\APPLIC~1\tmp6A.tmp.exe
C:\DOCUME~1\Clarice\APPLIC~1\tmp9D.tmp.exe
C:\DOCUME~1\Clarice\APPLIC~1\tmpEE.tmp.exe
C:\DOCUME~1\Clarice\MYDOCU~1.\mbols~1
C:\DOCUME~1\Clarice\MYDOCU~1.\smbols~1
C:\DOCUME~1\Clarice\MYDOCU~1.\sstem~1
C:\Documents and Settings\Clarice.\err.log
C:\Documents and Settings\Clarice.\ResErrors.log
C:\Program Files\Common Files\asks~1
C:\Program Files\Common Files\mcroso~1.net
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
C:\Program Files\Common Files\ystem~1
C:\Program Files\dobe~1
C:\Program Files\MSN\rtejewuartyr.html
C:\Program Files\poolsv
C:\Program Files\poolsv\amp1099.exe
C:\Program Files\smbols~1
C:\Program Files\svhost
C:\Program Files\svhost\amp1099.exe
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\temp\iee
C:\temp\tn3
C:\UWA7P
C:\WINDOWS\asks~1
C:\WINDOWS\cs_cache.ini
C:\WINDOWS\poolsv.exe
C:\WINDOWS\pppatc~1
C:\WINDOWS\rau001978.exe
C:\WINDOWS\sstem3~1
C:\WINDOWS\system32\icroso~1.net
C:\WINDOWS\system32\o02PrEz
C:\WINDOWS\system32\tmp11.tmp.dll
C:\WINDOWS\system32\tmp12.tmp.dll
C:\WINDOWS\system32\tmp150.tmp.dll
C:\WINDOWS\system32\tmp2D.tmp.dll
C:\WINDOWS\system32\tmp2E.tmp.dll
C:\WINDOWS\system32\tmp35A.tmp.dll
C:\WINDOWS\system32\tmp3A6.tmp.dll
C:\WINDOWS\system32\tmp40E.tmp.dll
C:\WINDOWS\system32\tmp47B.tmp.dll
C:\WINDOWS\system32\tmp57.tmp.dll
C:\WINDOWS\system32\tmp6A.tmp.dll
C:\WINDOWS\system32\tmp9D.tmp.dll
C:\WINDOWS\system32\tmpEE.tmp.dll
C:\WINDOWS\system32\wapiit32.exe
C:\WINDOWS\system32\wmvds32.dll
C:\WINDOWS\wr.txt
C:\WINDOWS\ymbols~1


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NET_AGENT
-------\Net Agent


((((((((((((((((((((((((( Files Created from 2003-06-05 to 2003-07-05 )))))))))))))))))))))))))))))))


2003-07-14 22:57 32,584 --a------ C:\WINDOWS\system32\FM20ENU.DLL
2003-07-05 19:11 51,200 --a------ C:\WINDOWS\nircmd.exe
2003-07-05 18:58 <DIR> d-------- C:\VundoFix Backups
2003-07-04 19:51 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2003-07-04 19:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2003-07-04 19:11 <DIR> d-------- C:\Program Files\Yahoo!
2003-07-04 19:11 <DIR> d-------- C:\Program Files\CCleaner
2003-07-04 17:36 <DIR> d-------- C:\DOCUME~1\Clarice\APPLIC~1\SpywareBot
2003-07-04 14:13 <DIR> d-------- C:\DOCUME~1\Clarice\APPLIC~1\Sandlot Games
2003-07-04 14:12 <DIR> d--hs---- C:\WINDOWS\ftpcache
2003-07-04 14:11 <DIR> d-------- C:\Program Files\Burger Island
2003-07-04 12:44 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2003-07-04 09:48 <DIR> d-------- C:\Program Files\Norton AntiVirus
2003-07-04 09:47 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2003-07-04 09:47 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2003-07-03 22:31 73,971 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmp33.tmp.exe
2003-07-03 22:31 128,231 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmp2F.tmp.exe
2003-07-03 07:38 134,972 --a------ C:\WINDOWS\mlmnlj.dll
2003-07-03 07:38 128,222 --a------ C:\DOCUME~1\JAMEST~1\APPLIC~1\tmp522.tmp.exe
2003-07-03 07:37 73,991 --a------ C:\DOCUME~1\JAMEST~1\APPLIC~1\tmp519.tmp.exe
2003-07-03 07:28 128,222 --a------ C:\DOCUME~1\JAMEST~1\APPLIC~1\tmp4B9.tmp.exe
2003-07-03 07:27 73,991 --a------ C:\DOCUME~1\JAMEST~1\APPLIC~1\tmp47B.tmp.exe
2003-07-03 07:18 128,222 --a------ C:\DOCUME~1\JAMEST~1\APPLIC~1\tmp41D.tmp.exe
2003-07-03 07:17 73,991 --a------ C:\DOCUME~1\JAMEST~1\APPLIC~1\tmp40E.tmp.exe
2003-07-03 07:11 128,222 --a------ C:\DOCUME~1\JAMEST~1\APPLIC~1\tmp3E4.tmp.exe
2003-07-02 21:53 73,991 --a------ C:\DOCUME~1\JAMEST~1\APPLIC~1\tmp3A6.tmp.exe
2003-07-02 21:50 128,222 --a------ C:\DOCUME~1\JAMEST~1\APPLIC~1\tmp37F.tmp.exe
2003-07-02 21:46 73,991 --a------ C:\DOCUME~1\JAMEST~1\APPLIC~1\tmp35A.tmp.exe
2003-07-01 21:25 73,892 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmp61.tmp.exe
2003-07-01 21:25 128,074 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmp62.tmp.exe
2003-07-01 14:23 73,892 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmpA5.tmp.exe
2003-07-01 14:23 128,074 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmpA4.tmp.exe
2003-07-01 14:14 <DIR> d-------- C:\DOCUME~1\Corky\APPLIC~1\Lavasoft
2003-06-30 20:08 73,904 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmp2F.tmp.exe
2003-06-30 20:08 128,278 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmp2C.tmp.exe
2003-06-30 18:13 73,904 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmp18C.tmp.exe
2003-06-30 18:11 128,278 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmp18A.tmp.exe
2003-06-30 18:01 73,904 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmp12D.tmp.exe
2003-06-30 17:54 73,904 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmpAC.tmp.exe
2003-06-30 17:54 128,278 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmpA9.tmp.exe
2003-06-30 17:54 128,278 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmpA8.tmp.exe
2003-06-30 13:42 73,904 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmpFD.tmp.exe
2003-06-30 13:42 128,278 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmpF5.tmp.exe
2003-06-30 13:38 73,904 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmpB7.tmp.exe
2003-06-30 13:31 73,904 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmp59.tmp.exe
2003-06-30 13:31 128,278 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmp58.tmp.exe
2003-06-29 09:01 73,982 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmp8F.tmp.exe
2003-06-29 08:55 73,982 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmp38.tmp.exe
2003-06-29 08:55 128,251 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmp37.tmp.exe
2003-06-29 06:47 73,982 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmp509.tmp.exe
2003-06-29 06:47 73,982 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmp508.tmp.exe
2003-06-29 06:47 128,251 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmp506.tmp.exe
2003-06-29 06:37 73,982 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmp4E3.tmp.exe
2003-06-29 06:37 128,251 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmp4E2.tmp.exe
2003-06-29 05:15 73,982 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmp468.tmp.exe
2003-06-29 05:15 73,920 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmp467.tmp.exe
2003-06-29 05:15 128,216 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmp466.tmp.exe
2003-06-28 20:55 73,920 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmp33E.tmp.exe
2003-06-28 20:54 128,216 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmp33D.tmp.exe
2003-06-28 19:33 73,920 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmp29F.tmp.exe
2003-06-28 19:33 128,216 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmp29E.tmp.exe
2003-06-28 19:27 73,920 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmp244.tmp.exe
2003-06-28 19:27 73,920 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmp243.tmp.exe
2003-06-28 19:27 128,216 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmp242.tmp.exe
2003-06-28 18:57 73,920 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmp1C3.tmp.exe
2003-06-28 18:57 73,920 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmp1C2.tmp.exe
2003-06-28 18:57 128,216 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmp1C1.tmp.exe
2003-06-28 18:42 73,920 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmp154.tmp.exe
2003-06-28 18:42 128,216 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmp153.tmp.exe
2003-06-28 18:32 73,920 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmpEF.tmp.exe
2003-06-28 18:32 73,920 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmpEE.tmp.exe
2003-06-28 18:32 128,216 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmpED.tmp.exe
2003-06-28 18:27 73,920 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmp91.tmp.exe
2003-06-28 18:27 128,216 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmp90.tmp.exe
2003-06-28 18:25 <DIR> d-------- C:\DOCUME~1\Corky\APPLIC~1\Motive
2003-06-28 18:21 73,892 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmp3A.tmp.exe
2003-06-28 18:21 128,216 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmp38.tmp.exe
2003-06-28 18:21 128,074 --a------ C:\DOCUME~1\Corky\APPLIC~1\tmp39.tmp.exe
2003-06-28 13:10 73,920 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmp132.tmp.exe
2003-06-28 13:10 128,278 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmp128.tmp.exe
2003-06-28 13:07 73,920 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmpEB.tmp.exe
2003-06-28 13:07 128,216 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmpE1.tmp.exe
2003-06-28 13:03 128,251 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmp8C.tmp.exe
2003-06-28 13:02 73,920 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmp8A.tmp.exe
2003-06-28 13:02 128,216 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmp7F.tmp.exe
2003-06-28 12:59 73,920 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmp48.tmp.exe
2003-06-28 12:58 128,216 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmp27.tmp.exe
2003-06-28 12:57 128,216 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmp1C.tmp.exe
2003-06-27 16:54 134,917 --a------ C:\WINDOWS\rqrrqo.dll
2003-06-27 16:54 128,153 --a------ C:\DOCUME~1\JAMEST~1\APPLIC~1\tmp1BA.tmp.exe
2003-06-26 20:47 73,931 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmp45.tmp.exe
2003-06-26 20:43 73,920 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmp1E.tmp.exe
2003-06-25 20:58 73,931 --a------ C:\DOCUME~1\JAMEST~1\APPLIC~1\tmp12.tmp.exe
2003-06-25 17:58 <DIR> d-------- C:\DOCUME~1\Ryan\APPLIC~1\iWin
2003-06-25 15:14 <DIR> d-------- C:\DOCUME~1\JAMEST~1\APPLIC~1\iWin
2003-06-25 10:57 73,931 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmp11D.tmp.exe
2003-06-25 10:08 73,931 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmpA4.tmp.exe
2003-06-24 19:14 73,929 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmp38F.tmp.exe
2003-06-24 19:08 73,929 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmp2B0.tmp.exe
2003-06-24 19:01 73,929 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmp23F.tmp.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-06-21 15:18:32 -------- d-----w C:\Program Files\Escape From Paradise
2007-06-18 12:18:51 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\iWin
2007-06-13 14:33:12 -------- d-----w C:\Program Files\PlayLinc
2007-06-11 04:50:50 -------- d-----w C:\Program Files\Alice Greenfingers
2007-06-10 17:40:17 -------- d-----w C:\Program Files\verizon
2007-06-09 21:15:10 -------- d-----w C:\Program Files\Zoo Vet
2007-06-08 23:24:56 -------- d-----w C:\Program Files\Common Files\AOL
2007-06-08 2303 -------- d-----w C:\Program Files\Viewpoint
2007-06-08 14:24:12 -------- d-----w C:\Program Files\AIM6
2007-06-04 23:19:49 -------- d-----w C:\Program Files\Pacific Heroes
2007-06-03 06:46:19 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\Magic Academy
2007-06-03 06:16:05 -------- d-----w C:\Program Files\Magic Academy
2007-06-02 19:29:20 -------- d-----w C:\Program Files\Messenger
2007-06-02 19:01:31 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\AdwareAlert
2007-06-02 18:55:44 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\Lavasoft
2007-06-02 18:55:30 -------- d-----w C:\Program Files\Lavasoft
2007-05-29 11:28:52 -------- d-----w C:\Program Files\Burger Rush
2007-05-28 13:05:47 -------- d-----w C:\Program Files\Word Wizard Deluxe
2007-05-27 1431 1 ----a-w C:\WINDOWS\system32\exp16sys.dll
2007-05-17 11:57:16 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\Motive
2007-05-17 11:47:55 -------- d-----w C:\Program Files\Common Files\Motive
2007-05-16 15:12:02 683,520 ------w C:\WINDOWS\system32\inetcomm.dll
2007-05-12 19:30:49 -------- d-----w C:\Program Files\Grimms Hatchery
2007-05-09 22:04:06 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\iolo
2007-05-08 04:20:42 -------- d-----w C:\Program Files\Fairy Godmother Tycoon
2007-05-03 15:24:11 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\IMVU
2007-05-02 17:13:21 -------- d-----w C:\Program Files\Pirates Of The Atlantic
2007-05-02 13:07:17 -------- d-----w C:\Program Files\Mystery Case Files Ravenhearst
2007-04-30 12:05:10 -------- d-----w C:\Program Files\Virtual Villagers 2
2007-04-30 00:57:43 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\bang
2007-04-25 1415 144,896 ------w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 04:02:24 -------- d-----w C:\Program Files\Diner Dash Flo On The Go
2007-04-12 02:37:18 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\Sonic
2007-04-09 13:03:45 -------- d--h--w C:\DOCUME~1\Clarice\APPLIC~1\Gtek
2007-04-09 12:34:05 -------- d-----w C:\Program Files\DellSupport
2007-03-28 00:40:28 -------- d-----w C:\Program Files\Microsoft ActiveSync
2007-03-28 00:38:37 -------- d-----w C:\Program Files\Microsoft.NET
2007-03-26 03:55:20 -------- d-----w C:\Program Files\Feeding Frenzy 2
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-17 12:46:51 -------- d-----w C:\Program Files\War Chess
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ------w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ------w C:\WINDOWS\system32\win32k.sys
2007-02-25 16:10:48 5,376 --s-a-w C:\WINDOWS\system32\drivers\dsunidrv.sys
2007-02-24 1825 -------- d-----w C:\Program Files\Fish Tycoon
2007-02-23 19:29:21 -------- d-----w C:\Program Files\Hidden Expedition Titanic
2007-02-12 12:42:19 -------- d-----w C:\Program Files\Law And Order The Vengeful Heart
2007-02-11 10:13:55 7,520 ----a-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-11 10:13:55 152 --sh--r C:\WINDOWS\system32\9FA3666BCA.sys
2007-02-11 01:11:13 -------- d-----w C:\Program Files\Flower Shop Big City Break
2007-02-09 11:10:35 574,464 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2007-02-05 20:17:02 185,344 ------w C:\WINDOWS\system32\upnphost.dll
2007-02-03 03:52:23 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\funkitron
2007-01-27 19:36:58 -------- d-----w C:\Program Files\Mirror Magic
2007-01-26 02:48:13 -------- d-----w C:\Program Files\Mysteryville
2007-01-19 01:27:00 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\Viewpoint
2007-01-13 18:50:17 -------- d-----w C:\Program Files\Brain Booster
2007-01-12 01:22:20 276,792 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-01-12 01:22:18 25,400 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-01-12 01:22:14 247,608 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-01-10 01:47:37 624,784 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-01-10 01:47:37 242,320 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-01-09 21:32:13 40,120 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-01-09 21:32:13 38,200 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2007-01-09 21:32:13 35,256 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-01-09 21:32:13 27,576 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-01-09 21:32:13 191,544 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-01-09 21:32:13 145,976 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-01-09 21:32:13 12,984 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-01-08 23:01:14 17,408 ----a-w C:\WINDOWS\system32\corpol.dll
2007-01-07 15:37:04 -------- d-----w C:\Program Files\Cash Cow
2007-01-06 01:05:13 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\FunWebProducts
2007-01-01 21:52:32 -------- d-----w C:\Program Files\Virtual Villagers
2007-01-01 18:18:51 -------- d-----w C:\Program Files\Word Krispies
2006-12-30 05:23:37 -------- d-----w C:\Program Files\GameSpy Arcade
2006-12-28 17:12:38 40,960 ----a-w C:\WINDOWS\system32\Fish Tycoon.scr
2006-12-27 15:05:20 -------- d-----w C:\Program Files\Barbie(TM)
2006-12-27 15:05:17 -------- d-----w C:\Program Files\Common Files\Vivendi Universal Games
2006-12-20 22:48:02 1,212,416 ------w C:\WINDOWS\system32\Incinerator.dll
2006-12-17 15:02:42 -------- d-----w C:\Program Files\Westward
2006-12-17 15:00:35 -------- d-----w C:\Program Files\Diamond Detective
2006-12-08 0314 -------- d-----w C:\Program Files\DIGStream
2006-12-08 03:15:58 -------- d-----w C:\Program Files\ESPNMotion
2006-12-07 23:59:54 -------- d-----w C:\Program Files\Teddy Factory
2006-11-13 17:35:54 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2006-11-12 03:34:09 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\Mind Control Software
2006-11-12 03:34:08 -------- d-----w C:\Program Files\Oasis
2006-11-11 13:49:13 34,380 ------w C:\WINDOWS\system32\emptyregdb.dat
2006-11-10 03:27:57 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\Leadertech
2006-11-08 01:03:36 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-10-26 10:28 440384 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 05:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2005-09-08 05:20 110652 --a------ C:\WINDOWS\System32\DLA\DLASHX_W.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
2006-02-22 19:00 94208 --a------ c:\Program Files\BAE\BAE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 03:12]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-04-03 10:01]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2005-05-23 13:20]
"HostManager"="C:\Program Files\Common Files\AOL\1147899292\ee\AOLSoftware.exe" [2006-05-09 20:24]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 12:59]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 17:37]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe " [2006-02-01 18:33]
"ViewpointPhotosDeviceConnect"="C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\FotomatDeviceConnect.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" []
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38]
"My Web Search Bar"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL" []
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 05:04]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 20:46]
"DC6_Check"="C:\Program Files\Common Files\WinAntiSpyware 2007\uwasdc.exe" []
"ERS_Check"="C:\Program Files\Common Files\WinAntiSpyware 2007\uwasers.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" [2006-12-20 18:47]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 12:12]
"Mecm"="C:\PROGRA~1\RACLE~1\userinit.exe" []
"Zwvayspn"="C:\Program Files\Common Files\M?crosoft.NET\w?aclt.exe" []
"Lflb"="C:\Documents and Settings\Clarice\My Documents\s?mbols\l?ass.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\R oyale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale. theme
"DisableCAD"=0 (0x0)
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\MSN\rtejewuartyr.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebxxuv]
gebxxuv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnlllm]
opnlllm.dll


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe


Contents of the 'Scheduled Tasks' folder
2007-06-22 07:00:00 C:\WINDOWS\tasks\AdwareAlert Scheduled Scan.job
2007-06-22 22:30:00 C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (PARENTS-James Tarbert).job
2003-07-04 13:53:12 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Clarice.job
2003-07-04 21:49:29 C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
2003-07-05 18:29:52 C:\WINDOWS\tasks\User_Feed_Synchronization-{36D6EC8E-9771-44E6-9582-1281861AB6DE}.job

************************************************** ************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2003-07-05 19:26:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2003-07-05 19:29:41 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2003-07-05 19:29

--- E O F ---
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))) )))))


C:\WINDOWS\system32\ddeeg.bak1
C:\WINDOWS\system32\ddeeg.bak2
C:\WINDOWS\system32\ddeeg.ini
C:\WINDOWS\system32\ddeeg.ini2
C:\WINDOWS\system32\ddeeg.bak1
C:\WINDOWS\system32\ddeeg.bak2
C:\WINDOWS\system32\ddeeg.ini
C:\WINDOWS\system32\ddeeg.ini2
C:\WINDOWS\system32\igxtup.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\Clarice\APPLIC~1.\crosof~1
C:\DOCUME~1\Clarice\APPLIC~1.\sstem3~1
C:\DOCUME~1\Clarice\APPLIC~1\tmp11.tmp.exe
C:\DOCUME~1\Clarice\APPLIC~1\tmp150.tmp.exe
C:\DOCUME~1\Clarice\APPLIC~1\tmp2D.tmp.exe
C:\DOCUME~1\Clarice\APPLIC~1\tmp2E.tmp.exe
C:\DOCUME~1\Clarice\APPLIC~1\tmp57.tmp.exe
C:\DOCUME~1\Clarice\APPLIC~1\tmp6A.tmp.exe
C:\DOCUME~1\Clarice\APPLIC~1\tmp9D.tmp.exe
C:\DOCUME~1\Clarice\APPLIC~1\tmpEE.tmp.exe
C:\DOCUME~1\Clarice\MYDOCU~1.\mbols~1
C:\DOCUME~1\Clarice\MYDOCU~1.\smbols~1
C:\DOCUME~1\Clarice\MYDOCU~1.\sstem~1
C:\Documents and Settings\Clarice.\err.log
C:\Documents and Settings\Clarice.\ResErrors.log
C:\Program Files\Common Files\asks~1
C:\Program Files\Common Files\mcroso~1.net
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
C:\Program Files\Common Files\ystem~1
C:\Program Files\dobe~1
C:\Program Files\MSN\rtejewuartyr.html
C:\Program Files\poolsv
C:\Program Files\poolsv\amp1099.exe
C:\Program Files\smbols~1
C:\Program Files\svhost
C:\Program Files\svhost\amp1099.exe
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\temp\iee
C:\temp\tn3
C:\UWA7P
C:\WINDOWS\asks~1
C:\WINDOWS\cs_cache.ini
C:\WINDOWS\poolsv.exe
C:\WINDOWS\pppatc~1
C:\WINDOWS\rau001978.exe
C:\WINDOWS\sstem3~1
C:\WINDOWS\system32\icroso~1.net
C:\WINDOWS\system32\o02PrEz
C:\WINDOWS\system32\tmp11.tmp.dll
C:\WINDOWS\system32\tmp12.tmp.dll
C:\WINDOWS\system32\tmp150.tmp.dll
C:\WINDOWS\system32\tmp2D.tmp.dll
C:\WINDOWS\system32\tmp2E.tmp.dll
C:\WINDOWS\system32\tmp35A.tmp.dll
C:\WINDOWS\system32\tmp3A6.tmp.dll
C:\WINDOWS\system32\tmp40E.tmp.dll
C:\WINDOWS\system32\tmp47B.tmp.dll
C:\WINDOWS\system32\tmp57.tmp.dll
C:\WINDOWS\system32\tmp6A.tmp.dll
C:\WINDOWS\system32\tmp9D.tmp.dll
C:\WINDOWS\system32\tmpEE.tmp.dll
C:\WINDOWS\system32\wapiit32.exe
C:\WINDOWS\system32\wmvds32.dll
C:\WINDOWS\wr.txt
C:\WINDOWS\ymbols~1


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NET_AGENT
-------\Net Agent


((((((((((((((((((((((((( Files Created from 2003-06-05 to 2003-07-05 )))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-06-21 15:18:32 -------- d-----w C:\Program Files\Escape From Paradise
2007-06-18 12:18:51 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\iWin
2007-06-13 14:33:12 -------- d-----w C:\Program Files\PlayLinc
2007-06-11 04:50:50 -------- d-----w C:\Program Files\Alice Greenfingers
2007-06-10 17:40:17 -------- d-----w C:\Program Files\verizon
2007-06-09 21:15:10 -------- d-----w C:\Program Files\Zoo Vet
2007-06-08 23:24:56 -------- d-----w C:\Program Files\Common Files\AOL
2007-06-08 2303 -------- d-----w C:\Program Files\Viewpoint
2007-06-08 14:24:12 -------- d-----w C:\Program Files\AIM6
2007-06-04 23:19:49 -------- d-----w C:\Program Files\Pacific Heroes
2007-06-03 06:46:19 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\Magic Academy
2007-06-03 06:16:05 -------- d-----w C:\Program Files\Magic Academy
2007-06-02 19:29:20 -------- d-----w C:\Program Files\Messenger
2007-06-02 19:01:31 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\AdwareAlert
2007-06-02 18:55:44 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\Lavasoft
2007-06-02 18:55:30 -------- d-----w C:\Program Files\Lavasoft
2007-05-29 11:28:52 -------- d-----w C:\Program Files\Burger Rush
2007-05-28 13:05:47 -------- d-----w C:\Program Files\Word Wizard Deluxe
2007-05-27 1431 1 ----a-w C:\WINDOWS\system32\exp16sys.dll
2007-05-17 11:57:16 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\Motive
2007-05-17 11:47:55 -------- d-----w C:\Program Files\Common Files\Motive
2007-05-16 15:12:02 683,520 ------w C:\WINDOWS\system32\inetcomm.dll
2007-05-12 19:30:49 -------- d-----w C:\Program Files\Grimms Hatchery
2007-05-09 22:04:06 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\iolo
2007-05-08 04:20:42 -------- d-----w C:\Program Files\Fairy Godmother Tycoon
2007-05-03 15:24:11 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\IMVU
2007-05-02 17:13:21 -------- d-----w C:\Program Files\Pirates Of The Atlantic
2007-05-02 13:07:17 -------- d-----w C:\Program Files\Mystery Case Files Ravenhearst
2007-04-30 12:05:10 -------- d-----w C:\Program Files\Virtual Villagers 2
2007-04-30 00:57:43 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\bang
2007-04-25 1415 144,896 ------w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 04:02:24 -------- d-----w C:\Program Files\Diner Dash Flo On The Go
2007-04-12 02:37:18 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\Sonic
2007-04-09 13:03:45 -------- d--h--w C:\DOCUME~1\Clarice\APPLIC~1\Gtek
2007-04-09 12:34:05 -------- d-----w C:\Program Files\DellSupport
2007-03-28 00:40:28 -------- d-----w C:\Program Files\Microsoft ActiveSync
2007-03-28 00:38:37 -------- d-----w C:\Program Files\Microsoft.NET
2007-03-26 03:55:20 -------- d-----w C:\Program Files\Feeding Frenzy 2
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-17 12:46:51 -------- d-----w C:\Program Files\War Chess
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ------w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ------w C:\WINDOWS\system32\win32k.sys
2007-02-25 16:10:48 5,376 --s-a-w C:\WINDOWS\system32\drivers\dsunidrv.sys
2007-02-24 1825 -------- d-----w C:\Program Files\Fish Tycoon
2007-02-23 19:29:21 -------- d-----w C:\Program Files\Hidden Expedition Titanic
2007-02-12 12:42:19 -------- d-----w C:\Program Files\Law And Order The Vengeful Heart
2007-02-11 10:13:55 7,520 ----a-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-11 10:13:55 152 --sh--r C:\WINDOWS\system32\9FA3666BCA.sys
2007-02-11 01:11:13 -------- d-----w C:\Program Files\Flower Shop Big City Break
2007-02-09 11:10:35 574,464 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2007-02-05 20:17:02 185,344 ------w C:\WINDOWS\system32\upnphost.dll
2007-02-03 03:52:23 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\funkitron
2007-01-27 19:36:58 -------- d-----w C:\Program Files\Mirror Magic
2007-01-26 02:48:13 -------- d-----w C:\Program Files\Mysteryville
2007-01-19 01:27:00 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\Viewpoint
2007-01-13 18:50:17 -------- d-----w C:\Program Files\Brain Booster
2007-01-12 01:22:20 276,792 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-01-12 01:22:18 25,400 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-01-12 01:22:14 247,608 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-01-10 01:47:37 624,784 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-01-10 01:47:37 242,320 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-01-09 21:32:13 40,120 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-01-09 21:32:13 38,200 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2007-01-09 21:32:13 35,256 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-01-09 21:32:13 27,576 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-01-09 21:32:13 191,544 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-01-09 21:32:13 145,976 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-01-09 21:32:13 12,984 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-01-08 23:01:14 17,408 ----a-w C:\WINDOWS\system32\corpol.dll
2007-01-07 15:37:04 -------- d-----w C:\Program Files\Cash Cow
2007-01-06 01:05:13 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\FunWebProducts
2007-01-01 21:52:32 -------- d-----w C:\Program Files\Virtual Villagers
2007-01-01 18:18:51 -------- d-----w C:\Program Files\Word Krispies
2006-12-30 05:23:37 -------- d-----w C:\Program Files\GameSpy Arcade
2006-12-28 17:12:38 40,960 ----a-w C:\WINDOWS\system32\Fish Tycoon.scr
2006-12-27 15:05:20 -------- d-----w C:\Program Files\Barbie(TM)
2006-12-27 15:05:17 -------- d-----w C:\Program Files\Common Files\Vivendi Universal Games
2006-12-20 22:48:02 1,212,416 ------w C:\WINDOWS\system32\Incinerator.dll
2006-12-17 15:02:42 -------- d-----w C:\Program Files\Westward
2006-12-17 15:00:35 -------- d-----w C:\Program Files\Diamond Detective
2006-12-08 0314 -------- d-----w C:\Program Files\DIGStream
2006-12-08 03:15:58 -------- d-----w C:\Program Files\ESPNMotion
2006-12-07 23:59:54 -------- d-----w C:\Program Files\Teddy Factory
2006-11-13 17:35:54 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2006-11-12 03:34:09 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\Mind Control Software
2006-11-12 03:34:08 -------- d-----w C:\Program Files\Oasis
2006-11-11 13:49:13 34,380 ------w C:\WINDOWS\system32\emptyregdb.dat
2006-11-10 03:27:57 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\Leadertech
2006-11-08 01:03:36 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-10-26 10:28 440384 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 05:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2005-09-08 05:20 110652 --a------ C:\WINDOWS\System32\DLA\DLASHX_W.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
2006-02-22 19:00 94208 --a------ c:\Program Files\BAE\BAE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 03:12]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-04-03 10:01]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2005-05-23 13:20]
"HostManager"="C:\Program Files\Common Files\AOL\1147899292\ee\AOLSoftware.exe" [2006-05-09 20:24]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 12:59]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 17:37]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe " [2006-02-01 18:33]
"ViewpointPhotosDeviceConnect"="C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\FotomatDeviceConnect.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" []
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38]
"My Web Search Bar"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL" []
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 05:04]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 20:46]
"DC6_Check"="C:\Program Files\Common Files\WinAntiSpyware 2007\uwasdc.exe" []
"ERS_Check"="C:\Program Files\Common Files\WinAntiSpyware 2007\uwasers.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" [2006-12-20 18:47]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 12:12]
"Mecm"="C:\PROGRA~1\RACLE~1\userinit.exe" []
"Zwvayspn"="C:\Program Files\Common Files\M?crosoft.NET\w?aclt.exe" []
"Lflb"="C:\Documents and Settings\Clarice\My Documents\s?mbols\l?ass.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\R oyale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale. theme
"DisableCAD"=0 (0x0)
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\MSN\rtejewuartyr.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebxxuv]
gebxxuv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnlllm]
opnlllm.dll


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-06-22 07:00:00 C:\WINDOWS\tasks\AdwareAlert Scheduled Scan.job
2007-06-22 22:30:00 C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (PARENTS-James Tarbert).job
2003-07-04 13:53:12 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Clarice.job
2003-07-04 21:49:29 C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
2003-07-05 18:29:52 C:\WINDOWS\tasks\User_Feed_Synchronization-{36D6EC8E-9771-44E6-9582-1281861AB6DE}.job

************************************************** ************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2003-07-05 19:33:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

************************************************** ************************

Completion time: 2003-07-05 19:33:20 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2003-07-05 19:32

--- E O F ---




combofix-quaratine

Code:

2003-06-23 01:44      0    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\wmvds32.dll.vir
2003-06-23 08:02      1568087    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ddeeg.ini.vir
2003-06-23 13:17      59414    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp11.tmp.dll.vir
2003-06-23 13:17      73920    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Clarice\APPLIC~1\tmp11.tmp.exe.vir
2003-06-23 13:31      59414    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp57.tmp.dll.vir
2003-06-23 13:31      73920    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Clarice\APPLIC~1\tmp57.tmp.exe.vir
2003-06-23 16:49      59414    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp2D.tmp.dll.vir
2003-06-23 16:49      59414    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp2E.tmp.dll.vir
2003-06-23 16:49      73920    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Clarice\APPLIC~1\tmp2D.tmp.exe.vir
2003-06-23 16:49      73920    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Clarice\APPLIC~1\tmp2E.tmp.exe.vir
2003-06-23 16:58      59414    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp9D.tmp.dll.vir
2003-06-23 16:58      73920    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Clarice\APPLIC~1\tmp9D.tmp.exe.vir
2003-06-23 17:14      59414    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tmpEE.tmp.dll.vir
2003-06-23 17:14      73920    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Clarice\APPLIC~1\tmpEE.tmp.exe.vir
2003-06-23 23:23      59414    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp150.tmp.dll.vir
2003-06-23 23:23      73920    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Clarice\APPLIC~1\tmp150.tmp.exe.vir
2003-06-24 07:50      59435    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp6A.tmp.dll.vir
2003-06-24 07:50      73929    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Clarice\APPLIC~1\tmp6A.tmp.exe.vir
2003-06-25 20:58      59480    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp12.tmp.dll.vir
2003-07-02 21:46      59378    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp35A.tmp.dll.vir
2003-07-02 21:53      59378    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp3A6.tmp.dll.vir
2003-07-03 07:17      59378    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp40E.tmp.dll.vir
2003-07-03 07:27      59378    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp47B.tmp.dll.vir
2003-07-05 19:19      2154    --a------    C:\Qoobox\Quarantine\Registry_backups\services_Net Agent.reg.cf
2003-07-05 19:19      814    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_NET_AGENT.reg.cf
2003-07-05 19:23      52    --a------    C:\Qoobox\Quarantine\catchme.log
2007-04-30 11:06      142    --a------    C:\Qoobox\Quarantine\C\Program Files\MSN\rtejewuartyr.html.vir
2007-05-27 09:27      34816    --a------    C:\Qoobox\Quarantine\C\WINDOWS\rau001978.exe.vir
2007-05-27 09:27      930    --a------    C:\Qoobox\Quarantine\C\Temp\0b9\tmpTF.log.vir
2007-05-27 09:41      1543908    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ddeeg.bak1.vir
2007-05-27 09:51      0    --a------    C:\Qoobox\Quarantine\C\Documents and Settings\Clarice\err.log.vir
2007-05-27 09:51      152    --a------    C:\Qoobox\Quarantine\C\WINDOWS\wr.txt.vir
2007-05-27 10:53      1981    --a------    C:\Qoobox\Quarantine\C\Documents and Settings\Clarice\ResErrors.log.vir
2007-05-28 08:35      4365    --a------    C:\Qoobox\Quarantine\C\WINDOWS\cs_cache.ini.vir
2007-05-28 14:24      1412253    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ddeeg.ini2.vir
2007-06-06 10:35      618496    --a------    C:\Qoobox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe.vir
2007-06-08 15:14      109585    --a------    C:\Qoobox\Quarantine\C\Program Files\svhost\amp1099.exe.vir
2007-06-08 15:14      36352    --a------    C:\Qoobox\Quarantine\C\WINDOWS\poolsv.exe.vir
2007-06-08 15:16      0    --a------    C:\Qoobox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\err.log.vir
2007-06-08 15:16      109585    --a------    C:\Qoobox\Quarantine\C\Program Files\poolsv\amp1099.exe.vir
2007-06-13 11:21      1808580    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ddeeg.bak2.vir
2007-06-17 18:26      20    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\ProductCode.vir
2007-06-17 18:26      5    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\Abbr.vir
2007-06-22 08:31      2    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\wapiit32.exe.vir
2007-06-23 01:44      38126    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\igxtup.dll.vir


Folder PATH listing
Volume serial number is 3C10-6B5F
C:\QOOBOX
\---Quarantine
    |   catchme.log
    |   
    +---C
    |   +---Documents and Settings
    |   |   \---Clarice
    |   |           err.log.vir
    |   |           ResErrors.log.vir
    |   |           
    |   +---DOCUME~1
    |   |   +---ALLUSE~1
    |   |   |   \---APPLIC~1
    |   |   |       \---WinAntiSpyware 2007
    |   |   |           \---Data
    |   |   |                   Abbr.vir
    |   |   |                   ProductCode.vir
    |   |   |                   
    |   |   \---Clarice
    |   |       \---APPLIC~1
    |   |               tmp11.tmp.exe.vir
    |   |               tmp150.tmp.exe.vir
    |   |               tmp2D.tmp.exe.vir
    |   |               tmp2E.tmp.exe.vir
    |   |               tmp57.tmp.exe.vir
    |   |               tmp6A.tmp.exe.vir
    |   |               tmp9D.tmp.exe.vir
    |   |               tmpEE.tmp.exe.vir
    |   |               
    |   +---Program Files
    |   |   +---Common Files
    |   |   |   \---WinAntiSpyware 2007
    |   |   |           err.log.vir
    |   |   |           WAS7Mon.exe.vir
    |   |   |           
    |   |   +---MSN
    |   |   |       rtejewuartyr.html.vir
    |   |   |       
    |   |   +---poolsv
    |   |   |       amp1099.exe.vir
    |   |   |       
    |   |   \---svhost
    |   |           amp1099.exe.vir
    |   |           
    |   +---Temp
    |   |   \---0b9
    |   |           tmpTF.log.vir
    |   |           
    |   \---WINDOWS
    |       |   cs_cache.ini.vir
    |       |   poolsv.exe.vir
    |       |   rau001978.exe.vir
    |       |   wr.txt.vir
    |       |   
    |       \---system32
    |               ddeeg.bak1.vir
    |               ddeeg.bak2.vir
    |               ddeeg.ini.vir
    |               ddeeg.ini2.vir
    |               igxtup.dll.vir
    |               tmp11.tmp.dll.vir
    |               tmp12.tmp.dll.vir
    |               tmp150.tmp.dll.vir
    |               tmp2D.tmp.dll.vir
    |               tmp2E.tmp.dll.vir
    |               tmp35A.tmp.dll.vir
    |               tmp3A6.tmp.dll.vir
    |               tmp40E.tmp.dll.vir
    |               tmp47B.tmp.dll.vir
    |               tmp57.tmp.dll.vir
    |               tmp6A.tmp.dll.vir
    |               tmp9D.tmp.dll.vir
    |               tmpEE.tmp.dll.vir
    |               wapiit32.exe.vir
    |               wmvds32.dll.vir
    |               
    \---Registry_backups
            LEGACY_NET_AGENT.reg.cf
            services_Net Agent.reg.cf

vundo
VundoFix V6.5.4

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 6:58:27 PM 7/5/2003

Listing files found while scanning....

C:\WINDOWS\system32\gebxxuv.dll
C:\WINDOWS\system32\tmp519.tmp.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\tmp519.tmp.dll
C:\WINDOWS\system32\tmp519.tmp.dll Has been deleted!

Performing Repairs to the registry.
Done!

hack jack this


Logfile of HijackThis v1.99.1
Scan saved at 7:25:24 PM, on 7/4/2003
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Common Files\AOL\1147899292\ee\AOLSoftware.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Clarice\My Documents\now\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.googlee.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\tmp519.tmp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {868865EC-0295-4C7D-B25D-9F65314145E9} - C:\WINDOWS\system32\gebxxuv.dll (file missing)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {d7398b56-0117-4482-9d48-f9aa5f539ecd} - C:\WINDOWS\system32\igxtup.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1147899292\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\FotomatDeviceConnect.exe
O4 - HKLM\..\Run: [DC6_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwasdc.exe" /min
O4 - HKLM\..\Run: [ERS_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwasers.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [Mecm] "C:\PROGRA~1\RACLE~1\userinit.exe" -vt yazb
O4 - HKCU\..\Run: [Zwvayspn] "C:\Program Files\Common Files\M?crosoft.NET\w?aclt.exe"
O4 - HKCU\..\Run: [Lflb] "C:\Documents and Settings\Clarice\My Documents\s?mbols\l?ass.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\igxtup.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\igxtup.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Clarice\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sd...SL/tgctlcm.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1163614148465
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/game...oadControl.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/game...utLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game...nematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: gebxxuv - gebxxuv.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: igxtup - C:\WINDOWS\SYSTEM32\igxtup.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: opnlllm - opnlllm.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Unknown owner - C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

thank you

You appear to have run combofix twice. The first was started at 7:12 (Clarice) and the second was at 7:33. One had files dated in 2003 and the other in 2007. However, the HijackThis LOG was run at 7:25 (in between the two combofix scans).

You need to work on one profile at a time until that profile is completely clean or things may not go well. Stay with the profile that you ran Vundo and then Combofix (which is which).

Delete all files that look like this if that is the current profile we are working on:

2003-07-03 22:31 73,971 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmp33.tmp.exe
2003-07-03 22:31 128,231 --a------ C:\DOCUME~1\Ashley\APPLIC~1\tmp2F.tmp.exe


Show me the latest combofix (if fixes have been made) and the latest relevant HijackThis (HJT) LOG for the profile in question. Some HJT entries are global for all profiles (HKLM entires - LM=Local Machine) but others are profile specific (HKCU entries - CU=Current User). Again we need to deal with one profile at a time or the fix process feedback will ramain very confusing and our efforts may not go well at all.

here is the latest combo fix and hijack this I hope


"Clarice" - 2003-07-06 17:19:00 - ComboFix 07-07-04.4 - Service Pack 2


((((((((((((((((((((((((( Files Created from 2003-06-06 to 2003-07-06 )))))))))))))))))))))))))))))))


2003-07-14 22:57 32,584 --a------ C:\WINDOWS\system32\FM20ENU.DLL
2003-07-05 19:11 51,200 --a------ C:\WINDOWS\nircmd.exe
2003-07-05 18:58 <DIR> d-------- C:\VundoFix Backups
2003-07-04 19:51 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2003-07-04 19:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2003-07-04 19:11 <DIR> d-------- C:\Program Files\Yahoo!
2003-07-04 19:11 <DIR> d-------- C:\Program Files\CCleaner
2003-07-04 17:36 <DIR> d-------- C:\DOCUME~1\Clarice\APPLIC~1\SpywareBot
2003-07-04 14:13 <DIR> d-------- C:\DOCUME~1\Clarice\APPLIC~1\Sandlot Games
2003-07-04 14:12 <DIR> d--hs---- C:\WINDOWS\ftpcache
2003-07-04 14:11 <DIR> d-------- C:\Program Files\Burger Island
2003-07-04 12:44 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2003-07-04 09:48 <DIR> d-------- C:\Program Files\Norton AntiVirus
2003-07-04 09:47 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2003-07-04 09:47 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2003-07-03 07:38 134,972 --a------ C:\WINDOWS\mlmnlj.dll
2003-07-01 14:14 <DIR> d-------- C:\DOCUME~1\Corky\APPLIC~1\Lavasoft
2003-06-28 18:25 <DIR> d-------- C:\DOCUME~1\Corky\APPLIC~1\Motive
2003-06-27 16:54 134,917 --a------ C:\WINDOWS\rqrrqo.dll
2003-06-25 17:58 <DIR> d-------- C:\DOCUME~1\Ryan\APPLIC~1\iWin
2003-06-25 15:14 <DIR> d-------- C:\DOCUME~1\JAMEST~1\APPLIC~1\iWin
2003-06-24 12:00 <DIR> d-------- C:\Program Files\Chocolatier
2003-06-24 08:39 0 --ah----- C:\MSDOS.SYS
2003-06-24 08:39 0 --ah----- C:\IO.SYS
2003-06-24 08:39 0 --a------ C:\CONFIG.SYS
2003-06-24 08:39 0 --a------ C:\AUTOEXEC.BAT
2003-06-23 23:29 <DIR> d-------- C:\DOCUME~1\Clarice\APPLIC~1\EA
2003-06-23 07:38 0 --a------ C:\WINDOWS\system32\msorcl32.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-06-21 15:18:32 -------- d-----w C:\Program Files\Escape From Paradise
2007-06-18 12:18:51 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\iWin
2007-06-13 14:33:12 -------- d-----w C:\Program Files\PlayLinc
2007-06-11 04:50:50 -------- d-----w C:\Program Files\Alice Greenfingers
2007-06-10 17:40:17 -------- d-----w C:\Program Files\verizon
2007-06-09 21:15:10 -------- d-----w C:\Program Files\Zoo Vet
2007-06-08 23:24:56 -------- d-----w C:\Program Files\Common Files\AOL
2007-06-08 2303 -------- d-----w C:\Program Files\Viewpoint
2007-06-08 14:24:12 -------- d-----w C:\Program Files\AIM6
2007-06-04 23:19:49 -------- d-----w C:\Program Files\Pacific Heroes
2007-06-03 06:46:19 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\Magic Academy
2007-06-03 06:16:05 -------- d-----w C:\Program Files\Magic Academy
2007-06-02 19:29:20 -------- d-----w C:\Program Files\Messenger
2007-06-02 19:01:31 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\AdwareAlert
2007-06-02 18:55:44 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\Lavasoft
2007-06-02 18:55:30 -------- d-----w C:\Program Files\Lavasoft
2007-05-29 11:28:52 -------- d-----w C:\Program Files\Burger Rush
2007-05-28 13:05:47 -------- d-----w C:\Program Files\Word Wizard Deluxe
2007-05-27 1431 1 ----a-w C:\WINDOWS\system32\exp16sys.dll
2007-05-17 11:57:16 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\Motive
2007-05-17 11:47:55 -------- d-----w C:\Program Files\Common Files\Motive
2007-05-16 15:12:02 683,520 ------w C:\WINDOWS\system32\inetcomm.dll
2007-05-12 19:30:49 -------- d-----w C:\Program Files\Grimms Hatchery
2007-05-09 22:04:06 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\iolo
2007-05-08 04:20:42 -------- d-----w C:\Program Files\Fairy Godmother Tycoon
2007-05-03 15:24:11 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\IMVU
2007-05-02 17:13:21 -------- d-----w C:\Program Files\Pirates Of The Atlantic
2007-05-02 13:07:17 -------- d-----w C:\Program Files\Mystery Case Files Ravenhearst
2007-04-30 12:05:10 -------- d-----w C:\Program Files\Virtual Villagers 2
2007-04-30 00:57:43 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\bang
2007-04-25 1415 144,896 ------w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 04:02:24 -------- d-----w C:\Program Files\Diner Dash Flo On The Go
2007-04-12 02:37:18 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\Sonic
2007-04-09 13:03:45 -------- d--h--w C:\DOCUME~1\Clarice\APPLIC~1\Gtek
2007-04-09 12:34:05 -------- d-----w C:\Program Files\DellSupport
2007-03-28 00:40:28 -------- d-----w C:\Program Files\Microsoft ActiveSync
2007-03-28 00:38:37 -------- d-----w C:\Program Files\Microsoft.NET
2007-03-26 03:55:20 -------- d-----w C:\Program Files\Feeding Frenzy 2
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-17 12:46:51 -------- d-----w C:\Program Files\War Chess
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ------w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ------w C:\WINDOWS\system32\win32k.sys
2007-02-25 16:10:48 5,376 --s-a-w C:\WINDOWS\system32\drivers\dsunidrv.sys
2007-02-24 1825 -------- d-----w C:\Program Files\Fish Tycoon
2007-02-23 19:29:21 -------- d-----w C:\Program Files\Hidden Expedition Titanic
2007-02-12 12:42:19 -------- d-----w C:\Program Files\Law And Order The Vengeful Heart
2007-02-11 10:13:55 7,520 ----a-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-11 10:13:55 152 --sh--r C:\WINDOWS\system32\9FA3666BCA.sys
2007-02-11 01:11:13 -------- d-----w C:\Program Files\Flower Shop Big City Break
2007-02-09 11:10:35 574,464 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2007-02-05 20:17:02 185,344 ------w C:\WINDOWS\system32\upnphost.dll
2007-02-03 03:52:23 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\funkitron
2007-01-27 19:36:58 -------- d-----w C:\Program Files\Mirror Magic
2007-01-26 02:48:13 -------- d-----w C:\Program Files\Mysteryville
2007-01-19 01:27:00 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\Viewpoint
2007-01-13 18:50:17 -------- d-----w C:\Program Files\Brain Booster
2007-01-12 01:22:20 276,792 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-01-12 01:22:18 25,400 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-01-12 01:22:14 247,608 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-01-10 01:47:37 624,784 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-01-10 01:47:37 242,320 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-01-09 21:32:13 40,120 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-01-09 21:32:13 38,200 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2007-01-09 21:32:13 35,256 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-01-09 21:32:13 27,576 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-01-09 21:32:13 191,544 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-01-09 21:32:13 145,976 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-01-09 21:32:13 12,984 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-01-08 23:01:14 17,408 ----a-w C:\WINDOWS\system32\corpol.dll
2007-01-07 15:37:04 -------- d-----w C:\Program Files\Cash Cow
2007-01-06 01:05:13 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\FunWebProducts
2007-01-01 21:52:32 -------- d-----w C:\Program Files\Virtual Villagers
2006-12-30 05:23:37 -------- d-----w C:\Program Files\GameSpy Arcade
2006-12-28 17:12:38 40,960 ----a-w C:\WINDOWS\system32\Fish Tycoon.scr
2006-12-27 15:05:20 -------- d-----w C:\Program Files\Barbie(TM)
2006-12-27 15:05:17 -------- d-----w C:\Program Files\Common Files\Vivendi Universal Games
2006-12-20 22:48:02 1,212,416 ------w C:\WINDOWS\system32\Incinerator.dll
2006-12-17 15:02:42 -------- d-----w C:\Program Files\Westward
2006-12-17 15:00:35 -------- d-----w C:\Program Files\Diamond Detective
2006-12-08 0314 -------- d-----w C:\Program Files\DIGStream
2006-12-08 03:15:58 -------- d-----w C:\Program Files\ESPNMotion
2006-12-07 23:59:54 -------- d-----w C:\Program Files\Teddy Factory
2006-11-13 17:35:54 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2006-11-12 03:34:09 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\Mind Control Software
2006-11-12 03:34:08 -------- d-----w C:\Program Files\Oasis
2006-11-11 13:49:13 34,380 ------w C:\WINDOWS\system32\emptyregdb.dat
2006-11-10 03:27:57 -------- d-----w C:\DOCUME~1\Clarice\APPLIC~1\Leadertech
2006-11-08 01:03:36 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
2006-11-08 01:03:36 156,160 ----a-w C:\WINDOWS\system32\msls31.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-10-26 10:28 440384 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 05:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2005-09-08 05:20 110652 --a------ C:\WINDOWS\System32\DLA\DLASHX_W.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
2006-02-22 19:00 94208 --a------ c:\Program Files\BAE\BAE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 03:12]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-04-03 10:01]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2005-05-23 13:20]
"HostManager"="C:\Program Files\Common Files\AOL\1147899292\ee\AOLSoftware.exe" [2006-05-09 20:24]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 12:59]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 17:37]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe " [2006-02-01 18:33]
"ViewpointPhotosDeviceConnect"="C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\FotomatDeviceConnect.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" []
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38]
"My Web Search Bar"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL" []
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 05:04]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 20:46]
"DC6_Check"="C:\Program Files\Common Files\WinAntiSpyware 2007\uwasdc.exe" []
"ERS_Check"="C:\Program Files\Common Files\WinAntiSpyware 2007\uwasers.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" [2006-12-20 18:47]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 12:12]
"Mecm"="C:\PROGRA~1\RACLE~1\userinit.exe" []
"Zwvayspn"="C:\Program Files\Common Files\M?crosoft.NET\w?aclt.exe" []
"Lflb"="C:\Documents and Settings\Clarice\My Documents\s?mbols\l?ass.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\R oyale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale. theme
"DisableCAD"=0 (0x0)
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\MSN\rtejewuartyr.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebxxuv]
gebxxuv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnlllm]
opnlllm.dll


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-06-22 07:00:00 C:\WINDOWS\tasks\AdwareAlert Scheduled Scan.job
2007-06-22 22:30:00 C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (PARENTS-James Tarbert).job
2003-07-04 13:53:12 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Clarice.job
2003-07-06 07:00:00 C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
2003-07-06 21:25:00 C:\WINDOWS\tasks\User_Feed_Synchronization-{36D6EC8E-9771-44E6-9582-1281861AB6DE}.job

************************************************** ************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2003-07-06 17:25:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2003-07-06 17:25:51
C:\ComboFix-quarantined-files.txt ... 2003-07-06 17:25

--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 17:35, on 2003-07-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Common Files\AOL\1147899292\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.googlee.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1147899292\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\FotomatDeviceConnect.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DC6_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwasdc.exe" /min
O4 - HKLM\..\Run: [ERS_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwasers.exe"
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [Mecm] "C:\PROGRA~1\RACLE~1\userinit.exe" -vt yazb
O4 - HKCU\..\Run: [Zwvayspn] "C:\Program Files\Common Files\M?crosoft.NET\w?aclt.exe"
O4 - HKCU\..\Run: [Lflb] "C:\Documents and Settings\Clarice\My Documents\s?mbols\l?ass.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Clarice\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sd...SL/tgctlcm.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1163614148465
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/game...oadControl.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/game...utLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game...nematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: gebxxuv - gebxxuv.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: opnlllm - opnlllm.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Unknown owner - C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Let us see/review what is loaded on your PC:

• Run HijackThis and Click ‘Open the Misc Tools section’ button.
• Then click the ‘Open Uninstall Manager…’ button.
• Click the ‘Save list…’ button. Save uninstall_list to your desktop.
  
  
• Open the Uninstall list file and post in your next reply please.

HIDDEN FILES: To make sure you can see any and all hidden files, please follow the directions here



Submit the following file(s) to VirusTotal for their immediate evaluation and feedback. Use any of the following methods, as appropriate:

• Locate FULL FILE PATH if not apparent. Use Start (BUTTON)>Search, [WINDOWS+F] keys, or F3 key (from desktop).
• Copy & Paste the FULL FILE PATH in the input BOX
  -- OR --
• Navigate to the file in question.

Post those results in your next reply (if any malware findings were indicated) for:

C:\WINDOWS\system32\FM20ENU.DLL
C:\WINDOWS\nircmd.exe

C:\WINDOWS\mlmnlj.dll
C:\WINDOWS\rqrrqo.dll

FULL FILE PATH Ad-Aware SE Professional
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9
Adobe Shockwave Player
AIM 6
Alice Greenfingers
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
AppCore
AV
Banctec Service Agreement
Barbie(TM) Horse Adventures(TM)
Battlefield 1942
Blasterball 2 Holidays (Free with Game Console - WildGames)
Boggle
Burger Island
Burger Rush
Cake Mania
Call of Duty
Call of Duty - United Offensive
Cash Cow
ccCommon
CCleaner (remove only)
Chocolatier
Chuzzle Deluxe
Conexant D850 56K V.9x DFVc Modem
Da Vincis Secret
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
DellConnect
DellSupport
Diamond Detective
Digital Line Detect
Diner Dash 2
Diner Dash Flo On The Go
Dracula Twins
DrawPlus 3.0
EducateU
ELIcon
Escape From Paradise
ESPNMotion
Fairies
Fairy Godmother Tycoon
Fairy Words
FATE
Feeding Frenzy 2
Fish Tycoon
Flower Shop Big City Break
Game Console - WildGames
GameSpy Arcade
GemMaster Mystic
Get High Speed Internet!
Gold Miner (remove only)
Gold Miner Vegas
Grimms Hatchery
Hidden Expedition Titanic
HijackThis 1.99.1
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Icy Spell
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Intellisync® for AOL
Internet Worm Protection
iolo technologies' System Mechanic Professional 6
iPod for Windows 2006-06-28
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Law And Order The Vengeful Heart
Learn2 Player (Uninstall Only)
LiveUpdate 3.2 (Symantec Corporation)
Magic Academy
MCU
Medal of Honor Allied Assault
Medal of Honor Pacific Assault(tm) Demo
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Web Publishing Wizard 1.52
Microsoft Works
Mirror Magic
Modem Helper
MSN
Musicmatch for Windows Media Player
Musicmatch® Jukebox
Mystery Case Files Huntsville
Mystery Case Files Prime Suspects
Mystery Case Files Ravenhearst
Mysteryville
Mystic Inn
Nanny Mania
NetWaiting
Norton AntiVirus
Norton AntiVirus (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
Oasis
OLYMPUS CAMEDIA Master 4.2
Otto
Panda ActiveScan
Pirates Of The Atlantic
Plaxo Toolbar for Outlook (with AIM Enhancements)
PlayLinc
Polar Bowler
Polar Golfer
QuickTime
RealPlayer Basic
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Saints & Sinners Bowling
Sandlot Games Client Services
Search Assist
Secret Weapons Over Normandy
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Sonic Activation Module
Sonic Encoders
SPBBC 32bit
Spellunker
Spybot - Search & Destroy 1.4
Symantec
SymNet
Teddy Factory
The Print Shop
Tradewinds
Update for Windows XP (KB894391)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Verizon Online Help & Support
Verizon Online Help and Support
Verizon Servicepoint 1.3.21
Verizon SmartCall
Virtual Villagers
Virtual Villagers 2
War Chess
WebCyberCoach 3.2 Dell
Westward
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Media Center Edition 2005 KB908246
WinRAR archiver
Word Krispies
Word Monaco
Word Wizard Deluxe
World Class Solitaire
WW2 Pacific Heroes
Xfire (remove only)
Yahoo! Install Manager
Yahoo! Toolbar
ZoneAlarm
Zoo Vet

this is uninstall list from hijack this