EX tapping into computer

computerillitera · Sep 4, 2008

OK, so I have this EX who is a police officer. He has tapped into my emails, myspace and cell phone. How is he doing it from another location?? I keep changing my passwords and he keeps finding it out. Is there something that he has done to my computer?? What can I do?

scooter · Sep 4, 2008

Well, you obviously have proof that its him...so

Seeing as how he is a police officer and an 'upstanding member of the community', I'm sure he wouldn't want that proof to fall into the hands of say...his supervisor? as it is illegal to access other peoples accounts, email..etc without consent.

If you got concrete proof...fry his ass!

It doesn't seem logical that he would have the magic ability to continually access your cell phone..

email and myspace I understand...

Respital · Sep 4, 2008

computerillitera said:
OK, so I have this EX who is a police officer. He has tapped into my emails, myspace and cell phone. How is he doing it from another location?? I keep changing my passwords and he keeps finding it out. Is there something that he has done to my computer?? What can I do?

If you can indeed prove it's him, why don't you just call the police?

As far as I and any other member we can't tell if he's done anything to your computer just by reading that. Some of the possibility's which i would consider would be a Keylogger and/or a Backdoor trojan.

However we can help you, please do the following:

Please download and post a log with HiJackThis.

Click here to download HJTsetup.exe

Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

computerillitera · Sep 4, 2008

If he has used a keylogger, can he access this from another location? Obviously, we have been apart for a while now, and it is continually happenng. Is this possible?

scooter · Sep 4, 2008

computerillitera said:
If he has used a keylogger, can he access this from another location? Obviously, we have been apart for a while now, and it is continually happenng. Is this possible?

Yep.

massahwahl · Sep 4, 2008

Yes a keylogger can send him daily email updates with EVERYTHING you type on your computer. Do the hijack this report as stated above, as that could also be used as evidence against him.

Respital · Sep 4, 2008

ukulele_ninja said:
Yes a keylogger can send him daily email updates with EVERYTHING you type on your computer. Do the hijack this report as stated above, as that could also be used as evidence against him.

Good point.
Always collect evidence!
To make it official when the scan finishes please open notepad and type either your name or something next to the scan results which could identified the scan from your computer, take a screen shot and save it this will be undoubtedly good evidence.

computerillitera · Sep 4, 2008

OK, I have two computers...........one in my office and one at home. This is from my home:
(result of Hijack this)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:12:56 PM, on 9/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\1128019600\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\1128019600\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\AOL\1128019600\ee\aolsoftware.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\PROGRA~1\AIM\AIMWDI~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\QdrModule\QdrModule11.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Common Files\AOL\1128019600\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\1128019600\ee\SSCEvtHdlr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: BndBlock4 BHO Class - {8F9E2BE3-766D-4831-BB0E-766D5B819995} - C:\Program Files\QdrDrive\QdrDrive9.dll
O2 - BHO: SpamBlockerUtility - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\SpamBlockerUtility\bin\10.2.203.0\HostIE.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: SpamBlockerUtility - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\SpamBlockerUtility\bin\10.2.203.0\HostIE.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128019600\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1128019600\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1128019600\ee\SSCRun.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\PROGRA~1\AIM\AIMWDI~1.EXE
O4 - HKLM\..\Run: [SpamBlockerUtilityOE] C:\Program Files\SpamBlockerUtility\bin\10.2.203.0\OEAddOn.exe
O4 - HKLM\..\Run: [SBUSA] "C:\Program Files\SpamBlockerUtility\bin\10.2.203.0\SBUSA.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [PopularScreensaversWallpaper] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\F3SCRCTR.DLL,LES
O4 - HKCU\..\Run: [QdrModule11] "C:\Program Files\QdrModule\QdrModule11.exe"
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\SpamBlockerUtility\bin\10.2.203.0\Weather.exe" -auto
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm824YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Theresa\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.exe
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.10.00/cab/aolpPlugins.10.6.0.6.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live Control) - http://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
O16 - DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} (Crystal ActiveX Report Viewer Control 11.5) - http://reports.promoreports.com/crystalreportviewers115/ActiveXControls/ActiveXViewer.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://sympatico.zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1128019600\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\SYSTEM32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Theresa\Desktop\My Pictures\thearcade_ecard_3_small[1].gif
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Theresa\Desktop\New Folder\monkey.gif
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\Theresa\Desktop\matthew.jpg
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\Theresa\Desktop\catie's pics\lost\images[35].jpg

--
End of file - 19254 bytes

computerillitera · Sep 4, 2008

OK, so to prove to you more how computer illiterate I am --- what the heck does all of this stuff mean? LOL
Also, could he have installed this keylogger thingie from another location, too?

Respital · Sep 4, 2008

computerillitera said:
OK, so to prove to you more how computer illiterate I am --- what the heck does all of this stuff mean? LOL
Also, could he have installed this keylogger thingie from another location, too?

This log is made of many sections.
The running process section which is what your computer is doing right when the scan was done and to make it even more accurate nothing detects that the scan is running so no programs or processes can be shutdown prior to completing the log. If the processes are dormant then they will be showed in the other parts of the log B0 B1 O1 O2 O4 O5 O6 O7 O8 O8 O10 O12 O23 and so on.

Yes if he had a Backdoor Trojan he could have installed it from his computer.
Make sure you saved a screen shot like i suggested.

I have one step i would currently like you to complete, as i saw some suspicious running processes.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Download this file from one of the three below listed places :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Then double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

computerillitera · Sep 4, 2008

OK, here are the results:
ComboFix 08-09-03.06 - Theresa 2008-09-04 16:20:09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.218 [GMT -5:00]Running from: C:\Documents and Settings\Theresa\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\Documents and Settings\All Users\Application Data\Starware
C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafe.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafeA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\games.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\gamesA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\jokesearch.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\moviesA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\PopupBlocker.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\PopupBlockerHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\popupblockerhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\popupblockerxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\pranks.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaver.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaverA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\smiley.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\smileyxp.png
C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware\contexts\travel.xml
C:\Documents and Settings\All Users\Application Data\Starware\contexts\Travel.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\Catie\Cookies\catie@2o7[2].txt
C:\Documents and Settings\Catie\Cookies\catie@spamblockerutility[1].txt
C:\Documents and Settings\Catie\ResErrors.log
C:\Documents and Settings\Guest\Application Data\AVSystemCare
C:\Documents and Settings\Guest\Application Data\AVSystemCare\avtasks.dat
C:\Documents and Settings\Guest\Application Data\AVSystemCare\Logs\av.log
C:\Documents and Settings\Guest\Application Data\AVSystemCare\Logs\ga6Support.log
C:\Documents and Settings\Guest\Application Data\AVSystemCare\Logs\update.log
C:\Documents and Settings\Guest\Application Data\AVSystemCare\PGE.dat
C:\Documents and Settings\Guest\Application Data\ShoppingReport
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Documents and Settings\Guest\ResErrors.log
C:\Documents and Settings\Theresa\Application Data\AVSystemCare
C:\Documents and Settings\Theresa\Application Data\AVSystemCare\avtasks.dat
C:\Documents and Settings\Theresa\Application Data\AVSystemCare\Logs\av.log
C:\Documents and Settings\Theresa\Application Data\AVSystemCare\Logs\ga6Support.log
C:\Documents and Settings\Theresa\Application Data\AVSystemCare\Logs\update.log
C:\Documents and Settings\Theresa\Application Data\AVSystemCare\PGE.dat
C:\Documents and Settings\Theresa\Application Data\ShoppingReport
C:\Documents and Settings\Theresa\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Theresa\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Theresa\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Theresa\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Theresa\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Theresa\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Theresa\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Documents and Settings\Theresa\Application Data\SpamBlockerUtility_Icons
C:\Documents and Settings\Theresa\Application Data\SpamBlockerUtility_Icons\3bSoftware_icon_1.ico
C:\Documents and Settings\Theresa\Application Data\SpamBlockerUtility_Icons\Repair+System+Registry.ico
C:\Documents and Settings\Theresa\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
C:\Documents and Settings\Theresa\Application Data\WeatherDPA
C:\Documents and Settings\Theresa\Application Data\WeatherDPA\Weather\WeatherStartup.xml
C:\Documents and Settings\Theresa\Cookies\theresa@2o7[1].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][1].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][1].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][2].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][3].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][1].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][2].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][3].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][5].txt
C:\Documents and Settings\Theresa\Cookies\theresa@adserver[2].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[17].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[18].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[19].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[20].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[21].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[22].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[23].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[24].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[25].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[26].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[27].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[28].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[29].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[30].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[31].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[32].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[33].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[34].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[35].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[36].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[37].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[38].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[39].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[40].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[41].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[42].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[43].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[44].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[45].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[46].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[47].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[48].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[49].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[50].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[51].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[52].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[53].txt
C:\Documents and Settings\Theresa\Cookies\theresa@avsystemcare[2].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][2].txt
C:\Documents and Settings\Theresa\Cookies\theresa@bidsystem[1].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[1].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[16].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[17].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[18].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[19].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[2].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[20].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[21].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[22].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[23].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[24].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[25].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[26].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[27].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[3].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[4].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[5].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[6].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[7].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[8].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][1].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][3].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][2].txt
C:\Documents and Settings\Theresa\Cookies\theresa@ebay[2].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][1].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][2].txt
C:\Documents and Settings\Theresa\Cookies\theresa@fastclick[5].txt
C:\Documents and Settings\Theresa\Cookies\theresa@insightexpressai[2].txt
C:\Documents and Settings\Theresa\Cookies\theresa@interclick[1].txt
C:\Documents and Settings\Theresa\Cookies\theresa@media6degrees[2].txt
C:\Documents and Settings\Theresa\Cookies\theresa@myheritage[1].txt
C:\Documents and Settings\Theresa\Cookies\theresa@questionmarket[7].txt
C:\Documents and Settings\Theresa\Cookies\theresa@rtm[2].txt
C:\Documents and Settings\Theresa\Cookies\theresa@serving-sys[1].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][2].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][1].txt
C:\Documents and Settings\Theresa\Cookies\theresa@trafficmp[1].txt
C:\Documents and Settings\Theresa\Cookies\theresa@trafficmp[2].txt
C:\Documents and Settings\Theresa\Cookies\theresa@turn[2].txt
C:\Documents and Settings\Theresa\Cookies\theresa@vistaprint[2].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][2].txt
C:\Documents and Settings\Theresa\ResErrors.log
C:\Documents and Settings\Theresa\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Theresa\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Theresa\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\QdrDrive9.dll
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrModule
C:\Program Files\QdrModule\QdrModule11.exe
C:\Program Files\Screensavers.com
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml.backup
C:\Program Files\screensavers.com\Installer\bin\siuninst.exe
C:\Program Files\screensavers.com\Installer\temp\blank.gif
C:\Program Files\screensavers.com\Installer\temp\dm1CE.tmp
C:\Program Files\screensavers.com\Installer\temp\dm1D8.tmp.exe
C:\Program Files\screensavers.com\Installer\temp\stubinstaller.ini
C:\Program Files\screensavers.com\Installer\temp\The_Weather_Channel_Application.exe
C:\Program Files\screensavers.com\Wallpaper\Christmas Tree.jpg
C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Uninst.exe
C:\UGA6P

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FMTR

((((((((((((((((((((((((( Files Created from 2008-08-04 to 2008-09-04 )))))))))))))))))))))))))))))))
.

2008-09-04 15:11 . 2008-09-04 15:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-13 11:25 . 2008-05-01 09:30 331,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msadce.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-04 15:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-20 22:19 --------- d-----w C:\Program Files\AIMTunes
2008-08-04 14:38 --------- d-----w C:\Documents and Settings\Theresa\Application Data\IMVU
2008-07-13 02:18 --------- d-----w C:\Program Files\IMVU
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
2008-06-23 09:49 18,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-03-11 21:03 51,528 ----a-w C:\Documents and Settings\Theresa\Application Data\GDIPFONTCACHEV1.DAT
2007-09-30 18:28 158,752 ----a-w C:\Documents and Settings\Theresa\Application Data\install_en[1].exe
2007-09-29 13:55 59,904 ----a-w C:\Documents and Settings\Guest\wn247.exe
2005-12-16 00:04 848 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"AOLCC"="C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" [2005-02-09 326232]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-07-16 4670704]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-26 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 57344]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 53248]
"MMTray"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-19 131072]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2005-04-18 71256]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-02-03 26112]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-07 99480]
"_AntiSpyware"="C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe" [2004-11-15 114688]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"HostManager"="C:\Program Files\Common Files\AOL\1128019600\ee\AOLSoftware.exe" [2006-09-25 50736]
"AOLSPScheduler"="C:\Program Files\Common Files\AOL\1128019600\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe" [2006-11-20 8784]
"sscRun"="C:\Program Files\Common Files\AOL\1128019600\ee\SSCRun.exe" [2006-11-20 153168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"OASClnt"="C:\Program Files\mcafee.com\antivirus\oasclnt.exe" [2005-08-18 116272]
"EmailScan"="C:\Program Files\mcafee.com\antivirus\mcvsescn.exe" [2005-10-19 460336]
"MPFExe"="C:\Program Files\mcafee.com\personal firewall\MPfTray.exe" [2006-03-07 992808]
"AIMWDInstallFilename"="C:\PROGRA~1\AIM\AIMWDI~1.EXE" [2004-01-12 102400]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 C:\WINDOWS\SYSTEM32\NARRATOR.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-07-30 217195]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-02-03 156784]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 83360]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-08-18 819200]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\Theresa\Desktop\My Pictures\thearcade_ecard_3_small[1].gif
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Documents and Settings\Theresa\Desktop\New Folder\monkey.gif
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source= C:\Documents and Settings\Theresa\Desktop\matthew.jpg
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source= C:\Documents and Settings\Theresa\Desktop\catie's pics\lost\images[35].jpg
FriendlyName=

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"= "C:\Program Files\McAfee\McAfee AntiSpyware\MssShell.dll" [2004-11-15 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1128019600\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\Theresa\\Desktop\\Documents and Settings\\MySpaceMp3Gopher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"46215:TCP"= 46215:TCP

ORT_46215
"40778:TCP"= 40778:TCP

ORT_40778
"11654:TCP"= 11654:TCP

ORT_11654
"40144:TCP"= 40144:TCP

ORT_40144
"30972:TCP"= 30972:TCP

ORT_30972
"60011:TCP"= 60011:TCP

ORT_60011
"51905:TCP"= 51905:TCP

ORT_51905
"15846:TCP"= 15846:TCP

ORT_15846
"50408:TCP"= 50408:TCP

ORT_50408
"65213:TCP"= 65213:TCP

ORT_65213
"16985:TCP"= 16985:TCP

ORT_16985
"32061:TCP"= 32061:TCP

ORT_32061
"31293:TCP"= 31293:TCP

ORT_31293
"19970:TCP"= 19970:TCP

ORT_19970
"44790:TCP"= 44790:TCP

ORT_44790
"7953:TCP"= 7953:TCP

ORT_7953
"65370:TCP"= 65370:TCP

ORT_65370
"24094:TCP"= 24094:TCP

ORT_24094
"48135:TCP"= 48135:TCP

ORT_48135

R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 51712]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 11648]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PopularScreensaversWallpaper - C:\PROGRA~1\MYWEBS~1\bar\1.bin\F3SCRCTR.DLL
HKCU-Run-Aim6 - (no file)

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKLM-Main,Search Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: &AOL Toolbar search - C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 -: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm824YYUS
O8 -: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 -: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 -: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 -: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 -: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 -: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 -: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 -: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 -: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Theresa\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 -: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {6F0892F7-0D44-41C3-BF07-7599873FAA04} - hxxp://reports.promoreports.com/crystalreportviewers115/ActiveXControls/ActiveXViewer.cab
C:\WINDOWS\Downloaded Program Files\crviewer.inf
C:\WINDOWS\system32\atl.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\Downloaded Program Files\mfc42u.dll
C:\WINDOWS\Downloaded Program Files\reportparameterdialog.dll
C:\WINDOWS\Downloaded Program Files\CRViewer.dll
C:\WINDOWS\Downloaded Program Files\sviewhlp.dll
C:\WINDOWS\Downloaded Program Files\swebrs.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-04 16:32:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\brss01a.exe
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\1128019600\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\PROGRA~1\McAfee.com\ANTIVI~1\McShield.exe
C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
C:\WINDOWS\SYSTEM32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\COMMON~1\AOL\112801~1\ee\SSCEVT~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-09-04 16:44:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-04 21:44:02

Pre-Run: 55,282,311,168 bytes free
Post-Run: 56,235,798,528 bytes free

434 --- E O F --- 2008-08-14 03:10:43

computerillitera · Sep 4, 2008

OK, here are the results:

ComboFix 08-09-03.06 - Theresa 2008-09-04 16:20:09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.218 [GMT -5:00]Running from: C:\Documents and Settings\Theresa\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\Documents and Settings\All Users\Application Data\Starware
C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafe.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafeA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\games.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\gamesA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\jokesearch.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\moviesA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\PopupBlocker.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\PopupBlockerHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\popupblockerhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\popupblockerxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\pranks.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaver.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaverA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\smiley.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\smileyxp.png
C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware\contexts\travel.xml
C:\Documents and Settings\All Users\Application Data\Starware\contexts\Travel.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\Catie\Cookies\catie@2o7[2].txt
C:\Documents and Settings\Catie\Cookies\catie@spamblockerutility[1].txt
C:\Documents and Settings\Catie\ResErrors.log
C:\Documents and Settings\Guest\Application Data\AVSystemCare
C:\Documents and Settings\Guest\Application Data\AVSystemCare\avtasks.dat
C:\Documents and Settings\Guest\Application Data\AVSystemCare\Logs\av.log
C:\Documents and Settings\Guest\Application Data\AVSystemCare\Logs\ga6Support.log
C:\Documents and Settings\Guest\Application Data\AVSystemCare\Logs\update.log
C:\Documents and Settings\Guest\Application Data\AVSystemCare\PGE.dat
C:\Documents and Settings\Guest\Application Data\ShoppingReport
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Documents and Settings\Guest\ResErrors.log
C:\Documents and Settings\Theresa\Application Data\AVSystemCare
C:\Documents and Settings\Theresa\Application Data\AVSystemCare\avtasks.dat
C:\Documents and Settings\Theresa\Application Data\AVSystemCare\Logs\av.log
C:\Documents and Settings\Theresa\Application Data\AVSystemCare\Logs\ga6Support.log
C:\Documents and Settings\Theresa\Application Data\AVSystemCare\Logs\update.log
C:\Documents and Settings\Theresa\Application Data\AVSystemCare\PGE.dat
C:\Documents and Settings\Theresa\Application Data\ShoppingReport
C:\Documents and Settings\Theresa\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Theresa\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Theresa\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Theresa\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Theresa\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Theresa\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Theresa\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Documents and Settings\Theresa\Application Data\SpamBlockerUtility_Icons
C:\Documents and Settings\Theresa\Application Data\SpamBlockerUtility_Icons\3bSoftware_icon_1.ico
C:\Documents and Settings\Theresa\Application Data\SpamBlockerUtility_Icons\Repair+System+Registry.ico
C:\Documents and Settings\Theresa\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
C:\Documents and Settings\Theresa\Application Data\WeatherDPA
C:\Documents and Settings\Theresa\Application Data\WeatherDPA\Weather\WeatherStartup.xml
C:\Documents and Settings\Theresa\Cookies\theresa@2o7[1].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][1].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][1].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][2].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][3].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][1].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][2].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][3].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][5].txt
C:\Documents and Settings\Theresa\Cookies\theresa@adserver[2].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[17].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[18].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[19].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[20].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[21].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[22].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[23].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[24].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[25].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[26].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[27].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[28].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[29].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[30].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[31].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[32].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[33].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[34].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[35].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[36].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[37].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[38].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[39].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[40].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[41].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[42].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[43].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[44].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[45].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[46].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[47].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[48].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[49].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[50].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[51].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[52].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[53].txt
C:\Documents and Settings\Theresa\Cookies\theresa@avsystemcare[2].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][2].txt
C:\Documents and Settings\Theresa\Cookies\theresa@bidsystem[1].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[1].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[16].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[17].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[18].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[19].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[2].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[20].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[21].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[22].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[23].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[24].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[25].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[26].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[27].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[3].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[4].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[5].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[6].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[7].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[8].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][1].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][3].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][2].txt
C:\Documents and Settings\Theresa\Cookies\theresa@ebay[2].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][1].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][2].txt
C:\Documents and Settings\Theresa\Cookies\theresa@fastclick[5].txt
C:\Documents and Settings\Theresa\Cookies\theresa@insightexpressai[2].txt
C:\Documents and Settings\Theresa\Cookies\theresa@interclick[1].txt
C:\Documents and Settings\Theresa\Cookies\theresa@media6degrees[2].txt
C:\Documents and Settings\Theresa\Cookies\theresa@myheritage[1].txt
C:\Documents and Settings\Theresa\Cookies\theresa@questionmarket[7].txt
C:\Documents and Settings\Theresa\Cookies\theresa@rtm[2].txt
C:\Documents and Settings\Theresa\Cookies\theresa@serving-sys[1].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][2].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][1].txt
C:\Documents and Settings\Theresa\Cookies\theresa@trafficmp[1].txt
C:\Documents and Settings\Theresa\Cookies\theresa@trafficmp[2].txt
C:\Documents and Settings\Theresa\Cookies\theresa@turn[2].txt
C:\Documents and Settings\Theresa\Cookies\theresa@vistaprint[2].txt
C:\Documents and Settings\Theresa\Cookies\[email protected][2].txt
C:\Documents and Settings\Theresa\ResErrors.log
C:\Documents and Settings\Theresa\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Theresa\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Theresa\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\QdrDrive9.dll
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrModule
C:\Program Files\QdrModule\QdrModule11.exe
C:\Program Files\Screensavers.com
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml.backup
C:\Program Files\screensavers.com\Installer\bin\siuninst.exe
C:\Program Files\screensavers.com\Installer\temp\blank.gif
C:\Program Files\screensavers.com\Installer\temp\dm1CE.tmp
C:\Program Files\screensavers.com\Installer\temp\dm1D8.tmp.exe
C:\Program Files\screensavers.com\Installer\temp\stubinstaller.ini
C:\Program Files\screensavers.com\Installer\temp\The_Weather_Channel_Application.exe
C:\Program Files\screensavers.com\Wallpaper\Christmas Tree.jpg
C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Uninst.exe
C:\UGA6P

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FMTR

((((((((((((((((((((((((( Files Created from 2008-08-04 to 2008-09-04 )))))))))))))))))))))))))))))))
.

2008-09-04 15:11 . 2008-09-04 15:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-13 11:25 . 2008-05-01 09:30 331,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msadce.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-04 15:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-20 22:19 --------- d-----w C:\Program Files\AIMTunes
2008-08-04 14:38 --------- d-----w C:\Documents and Settings\Theresa\Application Data\IMVU
2008-07-13 02:18 --------- d-----w C:\Program Files\IMVU
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
2008-06-23 09:49 18,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-03-11 21:03 51,528 ----a-w C:\Documents and Settings\Theresa\Application Data\GDIPFONTCACHEV1.DAT
2007-09-30 18:28 158,752 ----a-w C:\Documents and Settings\Theresa\Application Data\install_en[1].exe
2007-09-29 13:55 59,904 ----a-w C:\Documents and Settings\Guest\wn247.exe
2005-12-16 00:04 848 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"AOLCC"="C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" [2005-02-09 326232]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-07-16 4670704]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-26 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 57344]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 53248]
"MMTray"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-19 131072]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2005-04-18 71256]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-02-03 26112]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-07 99480]
"_AntiSpyware"="C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe" [2004-11-15 114688]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"HostManager"="C:\Program Files\Common Files\AOL\1128019600\ee\AOLSoftware.exe" [2006-09-25 50736]
"AOLSPScheduler"="C:\Program Files\Common Files\AOL\1128019600\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe" [2006-11-20 8784]
"sscRun"="C:\Program Files\Common Files\AOL\1128019600\ee\SSCRun.exe" [2006-11-20 153168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"OASClnt"="C:\Program Files\mcafee.com\antivirus\oasclnt.exe" [2005-08-18 116272]
"EmailScan"="C:\Program Files\mcafee.com\antivirus\mcvsescn.exe" [2005-10-19 460336]
"MPFExe"="C:\Program Files\mcafee.com\personal firewall\MPfTray.exe" [2006-03-07 992808]
"AIMWDInstallFilename"="C:\PROGRA~1\AIM\AIMWDI~1.EXE" [2004-01-12 102400]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 C:\WINDOWS\SYSTEM32\NARRATOR.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-07-30 217195]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-02-03 156784]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 83360]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-08-18 819200]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\Theresa\Desktop\My Pictures\thearcade_ecard_3_small[1].gif
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Documents and Settings\Theresa\Desktop\New Folder\monkey.gif
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source= C:\Documents and Settings\Theresa\Desktop\matthew.jpg
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source= C:\Documents and Settings\Theresa\Desktop\catie's pics\lost\images[35].jpg
FriendlyName=

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"= "C:\Program Files\McAfee\McAfee AntiSpyware\MssShell.dll" [2004-11-15 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1128019600\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\Theresa\\Desktop\\Documents and Settings\\MySpaceMp3Gopher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"46215:TCP"= 46215:TCP

ORT_46215
"40778:TCP"= 40778:TCP

ORT_40778
"11654:TCP"= 11654:TCP

ORT_11654
"40144:TCP"= 40144:TCP

ORT_40144
"30972:TCP"= 30972:TCP

ORT_30972
"60011:TCP"= 60011:TCP

ORT_60011
"51905:TCP"= 51905:TCP

ORT_51905
"15846:TCP"= 15846:TCP

ORT_15846
"50408:TCP"= 50408:TCP

ORT_50408
"65213:TCP"= 65213:TCP

ORT_65213
"16985:TCP"= 16985:TCP

ORT_16985
"32061:TCP"= 32061:TCP

ORT_32061
"31293:TCP"= 31293:TCP

ORT_31293
"19970:TCP"= 19970:TCP

ORT_19970
"44790:TCP"= 44790:TCP

ORT_44790
"7953:TCP"= 7953:TCP

ORT_7953
"65370:TCP"= 65370:TCP

ORT_65370
"24094:TCP"= 24094:TCP

ORT_24094
"48135:TCP"= 48135:TCP

ORT_48135

R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 51712]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 11648]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PopularScreensaversWallpaper - C:\PROGRA~1\MYWEBS~1\bar\1.bin\F3SCRCTR.DLL
HKCU-Run-Aim6 - (no file)

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKLM-Main,Search Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: &AOL Toolbar search - C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 -: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm824YYUS
O8 -: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 -: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 -: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 -: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 -: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 -: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 -: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 -: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 -: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Theresa\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 -: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {6F0892F7-0D44-41C3-BF07-7599873FAA04} - hxxp://reports.promoreports.com/crystalreportviewers115/ActiveXControls/ActiveXViewer.cab
C:\WINDOWS\Downloaded Program Files\crviewer.inf
C:\WINDOWS\system32\atl.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\Downloaded Program Files\mfc42u.dll
C:\WINDOWS\Downloaded Program Files\reportparameterdialog.dll
C:\WINDOWS\Downloaded Program Files\CRViewer.dll
C:\WINDOWS\Downloaded Program Files\sviewhlp.dll
C:\WINDOWS\Downloaded Program Files\swebrs.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-04 16:32:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\brss01a.exe
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\1128019600\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\PROGRA~1\McAfee.com\ANTIVI~1\McShield.exe
C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
C:\WINDOWS\SYSTEM32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\COMMON~1\AOL\112801~1\ee\SSCEVT~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-09-04 16:44:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-04 21:44:02

Pre-Run: 55,282,311,168 bytes free
Post-Run: 56,235,798,528 bytes free

434 --- E O F --- 2008-08-14 03:10:43

computerillitera · Sep 5, 2008

Results of Hijack this of my office computer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:57 AM, on 9/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CyberDefender\AntiSpyware\cdas3a.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com/?AcquisitionID=45b2a35b-211f-4988-b78f-3ce2a7f790c4&s=&ipc=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [eligmini] C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe 0
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.solidstatenetworks.com/demos/plugin/solidstateion.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Zumie Search Service - Zumie.com - C:\Program Files\Zumie\zumie.exe

--
End of file - 6225 bytes

computerillitera · Sep 6, 2008

Hello???

Encryptor · Sep 6, 2008

Hello

- lol

Sorry I didn't get straight back to you, it was time for a good sleep, I'd been online for 32 hours

Anyway, looking at the logs you've got a large amount of, what can only be described as crap (not spyware etc), but I would imagine that your Computer is as slow as a snail on fly paper

.

Right,you seem to have all the software people would recommend to help reduce/prevent the usual spyware,malware etc. Just to rule a couple of things out that's in your logs;

1) Are you running any network printers,storage devices etc?

2) Do you upload to a online storage/backup service?

3) Are you doing any remote/online network management?

Post back and we'll take it from their, off to work now - talk later

Respital · Sep 6, 2008

Hello:

Run Kaspersky Online AV Scanner
Using Internet Explorer Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary.
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.

computerillitera · Sep 9, 2008

OK, Encryptor...... as I had stated before, I am extremely computer illiterate. I know enough not to black out the city I live in. (I think, anyways! LOL)
To answer your questions:
1. What?
2. HUH?
3. Duh?

LOL!
That is why I'm on here. LOL

Encryptor said:
Hello - lol

Sorry I didn't get straight back to you, it was time for a good sleep, I'd been online for 32 hours

Anyway, looking at the logs you've got a large amount of, what can only be described as crap (not spyware etc), but I would imagine that your Computer is as slow as a snail on fly paper .

Right,you seem to have all the software people would recommend to help reduce/prevent the usual spyware,malware etc. Just to rule a couple of things out that's in your logs;

1) Are you running any network printers,storage devices etc?

2) Do you upload to a online storage/backup service?

3) Are you doing any remote/online network management?

Post back and we'll take it from their, off to work now - talk later

EX tapping into computer

computerillitera

New Member

scooter

banned

Respital

Active Member

computerillitera

New Member

scooter

banned

massahwahl

VIP Member

Respital

Active Member

computerillitera

New Member

computerillitera

New Member

Respital

Active Member

computerillitera

New Member

computerillitera

New Member

computerillitera

New Member

computerillitera

New Member

Encryptor

New Member

Respital

Active Member

computerillitera

New Member