Member Avatar for julyn13

Hi, symantec keeping dozen of mail to unknown email address once I connected into internet. I scan lots of times with different antivirus software and a few spyware software, nothing was found. Please help.

this is my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 2:21:28 PM, on 5/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Elantech\ktp.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp4.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Sierra\Planner\Plnrnote.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Julyn\LOCALS~1\Temp\Rar$EX00.078\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp4.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe /hidden
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132502234640
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4759/mcfscan.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

  • 4 Contributors
  • 6 Replies
  • 273 Views
  • 4 Years Discussion Span
  • Latest Post Latest Post by nbaztec

Recommended Answers

All 6 Replies

Member Avatar for DMR

I don't see any signs of infections in your log. What exactly do you mean when you say: "symantec keeping dozen of mail"? Please post any and all details possible.

Member Avatar for julyn13

I don't see any signs of infections in your log. What exactly do you mean when you say: "symantec keeping dozen of mail"? Please post any and all details possible.

Everytime I connect to the internet, my outlook express will start to send email out, and is in dozen. I got my antivirus scan the outgoing mail therefore, all the scanning box will pop out. Few minutes later, symantec will give me all the error message that says the server was unable to connect.

Each time the email address stated are unknown and definitely not sent by me. It will continue for around 30 minutes then stops. But if I restart my computer, it will comes again. I also had my comp scanned thousand times by different antivirus but it doesnt seem to find any.

there must be something because when I sent a file to my friend, he got the same problem as me.

Member Avatar for DMR

Let's look a little deeper:

* Download RootkitRevealer into a new folder of its own and unzip the contents of the downloaded file into that folder.
* Open the RootkitRevealer.exe program and click on the "Scan" button in the lower right-hand corner of the main window. When the scan completes, the findings (if any) will be displayed.
* If the program does find malicious items, click on the "File" menu option at the top left of the program window and choose the "Save..." option. Save thescan report file in the RootkitRevealer folder you created; the file will be named RootkitRevealer.txt.
* Double-click on the txt file to open it in Notepad and then Cut-N-Paste the contents of the file into your next post here.

* Download SilentRunners.vbs, save it into its own folder, and then double-click on it to run it. If you get a warning prompt about running script files, choose to allow the script to run. It will save a log file into the Silent Runners folder; post that log along with the RootkitRevealer report.

Member Avatar for julyn13

Silent runner:

"Silent Runners.vbs", revision 45, 
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------
HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun {++}
"ctfmon.exe" = "C:WINDOWSsystem32ctfmon.exe" [MS]
"Skype" = ""D:Program FilesSkypePhoneSkype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"SpybotSD TeaTimer" = "C:Program FilesSpybot - Search & DestroyTeaTimer.exe" ["Safer Networking Limited"]
HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun {++}
"LaunchApp" = "Alaunch" ["Acer Inc."]
"KTPWare" = "C:Program FilesElantechktp.exe" ["ELANTECH Devices Corp."]
"PCMService" = ""C:Program FilesArcadePCMService.exe"" ["CyberLink Corp."]
"IMJPMIG8.1" = ""C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS]
"MSPY2002" = "C:WINDOWSsystem32IMEPINTLGNTImScInst.exe /SYNC" [null data]
"PHIME2002ASync" = "C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC" [MS]
"PHIME2002A" = "C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName" [MS]
"ATICCC" = ""C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime" [null data]
"LManager" = "C:PROGRA~1LAUNCH~1LManager.exe" ["Dritek System Inc."]
"BluetoothAuthenticationAgent" = "rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" [MS]
"eRecoveryService" = "C:AcerEmpowering TechnologyeRecoveryMonitor.exe" ["acer Inc."]
"SunJavaUpdateSched" = "C:Program FilesJavajre1.5.0_06binjusched.exe" ["Sun Microsystems, Inc."]
"gcasServ" = ""C:Program FilesMicrosoft AntiSpywaregcasServ.exe"" [MS]
"FinePrint Dispatcher v4" = "C:WINDOWSSystem32spoolDRIVERSW32X863fpdisp4.exe" ["FinePrint Software, LLC"]
"IMEKRMIG6.1" = "C:WINDOWSimeimkr6_1IMEKRMIG.EXE" [MS]
"QuickTime Task" = ""C:Program FilesQuickTimeqttask.exe" -atboottime" ["Apple Computer, Inc."]
"DVD43" = "C:PROGRA~1DVDREG~1DVDRegionFree.exe /hidden" ["Fengtao Software Inc."]
"ccApp" = ""C:Program FilesCommon FilesSymantec SharedccApp.exe"" ["Symantec Corporation"]
"vptray" = "C:PROGRA~1SYMANT~1VPTray.exe" ["Symantec Corporation"]
HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{4A368E80-174F-4872-96B5-0B27DDD11DB2}(Default) = "SpywareGuard Download Protection"
  -> {HKLM...CLSID} = "SpywareGuardDLBLOCK.CBrowserHelper"
                   InProcServer32(Default) = "C:Program FilesSpywareGuarddlprotect.dll" [null data]
{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)
  -> {HKLM...CLSID} = (no title provided)
                   InProcServer32(Default) = "C:PROGRA~1SPYBOT~1SDHelper.dll" ["Safer Networking Limited"]
HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard"
  -> {HKLM...CLSID} = "SpywareGuard.Handler"
                   InProcServer32(Default) = "C:Program FilesSpywareGuardspywareguard.dll" [null data]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
                   InProcServer32(Default) = "C:Program FilesMicrosoft OfficeOFFICE11msohev.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
  -> {HKLM...CLSID} = "Shell Search Band"
                   InProcServer32(Default) = "C:WINDOWSsystem32browseui.dll" [MS]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices"
  -> {HKLM...CLSID} = "Universal Plug and Play Devices"
                   InProcServer32(Default) = "C:WINDOWSsystem32upnpui.dll" [MS]
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions"
  -> {HKLM...CLSID} = "VpshellEx Class"
                   InProcServer32(Default) = "C:Program FilesCommon FilesSymantec SharedSSCvpshell2.dll" ["Symantec Corporation"]
HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks
INFECTION WARNING! "{93994DE8-8239-4655-B1D1-5F4E91300429}" = (no title provided)
  -> {HKLM...CLSID} = "DVDIdleShell Class"
                   InProcServer32(Default) = "C:PROGRA~1DVDREG~1DVDShell.dll" ["Fengtao Software Inc."]
INFECTION WARNING! "{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard"
  -> {HKLM...CLSID} = "SpywareGuard.Handler"
                   InProcServer32(Default) = "C:Program FilesSpywareGuardspywareguard.dll" [null data]
HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify
INFECTION WARNING! AtiExtEventDLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! NavLogonDLLName = "C:WINDOWSsystem32NavLogon.dll" ["Symantec Corporation"]
INFECTION WARNING! wzcnotifDLLName = "wzcdlg.dll" [MS]
HKLMSoftwareClassesPROTOCOLSFilter
INFECTION WARNING! text/xmlCLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
  -> {HKLM...CLSID} = (no title provided)
                   InProcServer32(Default) = "C:Program FilesCommon FilesMicrosoft SharedOFFICE11MSOXMLMF.DLL" [MS]
HKLMSoftwareClassesFoldershellexColumnHandlers
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"
  -> {HKLM...CLSID} = "PDF Shell Extension"
                   InProcServer32(Default) = "c:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."]
HKLMSoftwareClasses*shellexContextMenuHandlers
LDVPMenu(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
  -> {HKLM...CLSID} = "VpshellEx Class"
                   InProcServer32(Default) = "C:Program FilesCommon FilesSymantec SharedSSCvpshell2.dll" ["Symantec Corporation"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]
HKLMSoftwareClassesDirectoryshellexContextMenuHandlers
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]
HKLMSoftwareClassesFoldershellexContextMenuHandlers
LDVPMenu(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
  -> {HKLM...CLSID} = "VpshellEx Class"
                   InProcServer32(Default) = "C:Program FilesCommon FilesSymantec SharedSSCvpshell2.dll" ["Symantec Corporation"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]

Group Policies [Description] {enabled Group Policy setting}:
------------------------------------------------------------
HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
"NoActiveDesktop"=dword:00000001 
[disables Active Desktop; removes Web tab from Display Properties|
Desktop (tab)|Customize Desktop... (button)|Desktop Items (window)]
{User Configuration|Administrative Templates|Desktop|Active Desktop|
Disable Active Desktop}

Active Desktop and Wallpaper:
-----------------------------
Active Desktop disabled via Group Policy.
HKCUControl PanelDesktop
"Wallpaper" = "C:Documents and SettingsJulynLocal SettingsApplication DataMicrosoftWallpaper1.bmp"

Startup items in "Julyn" & "All Users" startup folders:
-------------------------------------------------------
C:Documents and SettingsJulynStart MenuProgramsStartup
"SpywareGuard" -> shortcut to: "C:Program FilesSpywareGuardsgmain.exe" [null data]
C:Documents and SettingsAll UsersStart MenuProgramsStartup
"Adobe Reader Speed Launch" -> shortcut to: "C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe" ["Adobe Systems Incorporated"]
"ATI CATALYST System Tray" -> shortcut to: "C:Program FilesATI TechnologiesATI.ACECLI.exe SystemTray" [null data]
"Bluetooth" -> shortcut to: "C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe" ["Broadcom Corporation."]
"Microsoft Office" -> shortcut to: "C:Program FilesMicrosoft OfficeOffice10OSA.EXE -b -l" [MS]
"Adobe Gamma Loader" -> shortcut to: "C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Event Planner Reminders Tray Icon" -> shortcut to: "C:Program FilesSierraPlannerPlnrnote.exe" ["Creative Home"]

Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000004LibraryPath = "%SystemRoot%system32wshbth.dll" [MS]
Transport Service Providers
HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%system32mswsock.dll [MS], 01 - 04, 07 - 23
%SystemRoot%system32rsvpsp.dll [MS], 05 - 06

Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
Dormant Explorer Bars in "View, Explorer Bar" menu
HKLMSoftwareClassesCLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = "&Research"
Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar]
InProcServer32(Default) = "C:PROGRA~1MICROS~3OFFICE11REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLMSoftwareMicrosoftInternet ExplorerExtensions
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
                   InProcServer32(Default) = "C:Program FilesJavajre1.5.0_06binnpjpi150_06.dll" ["Sun Microsystems, Inc."]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}
"ButtonText" = "Research"
{CCA281CA-C863-46EF-9331-5C8D4460577F}
"ButtonText" = "@btrez.dll,-4015"
"MenuText" = "@btrez.dll,-4017"
"Script" = "c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm" [null data]
{FB5F1910-F110-11D2-BB9E-00C04F795683}
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:Program FilesMessengermsmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "C:WINDOWSsystem32Ati2evxx.exe" ["ATI Technologies Inc."]
Bluetooth Service, btwdins, "c:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe" ["Broadcom Corporation."]
Bluetooth Support Service, BthServ, "C:WINDOWSsystem32svchost.exe -k bthsvcs" {"C:WINDOWSSystem32bthserv.dll" [MS]}
Machine Debug Manager, MDM, ""C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe"" [MS]
Notebook Manager Service, anbmService, "C:AcereManageranbmServ.exe" ["OSA Technologies Inc."]
OFPZ, OFPZ, "C:DOCUME~1JulynLOCALS~1TempOFPZ.exe" ["Sysinternals - [URL="http://www.sysinternals.com"]www.sysinternals.com[/URL]"]
Symantec AntiVirus, Symantec AntiVirus, ""C:Program FilesSymantec AntiVirusRtvscan.exe"" ["Symantec Corporation"]
Symantec AntiVirus Definition Watcher, DefWatch, ""C:Program FilesSymantec AntiVirusDefWatch.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:Program FilesCommon FilesSymantec SharedccSetMgr.exe"" ["Symantec Corporation"]

Print Monitors:
---------------
HKLMSystemCurrentControlSetControlPrintMonitors
Bluetooth Printer PortDriver = "bthcrp.dll" ["Broadcom Corporation."]
Canon BJ Language Monitor i550Driver = "CNMLM49.DLL" ["CANON INC."]
FPR4:Driver = "fpmon4.dll" ["FinePrint Software, LLC"]
Microsoft Document Imaging Writer MonitorDriver = "mdimon.dll" [MS]
Microsoft Shared Fax MonitorDriver = "FXSMON.DLL" [MS]
PRTmateDriver = "PRTmate.dll" [null data]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 97 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
  took 11 seconds.
---------- (total run time: 141 seconds)

RootKitRevealer:

HKLMSOFTWAREIntelLANDeskVirusProtect6CurrentVersionStatus 5/17/2006 2:26 PM 4 bytes Data mismatch between Windows API and raw hive data.
HKLMSYSTEMControlSet001Servicesd347prtCfg�Jf40 5/17/2006 2:24 PM 0 bytes Hidden from Windows API.
HKLMSYSTEMControlSet001Servicessysbus32 5/17/2006 2:25 PM 0 bytes Hidden from Windows API.
HKLMSYSTEMControlSet002Servicessysbus32 5/17/2006 2:25 PM 0 bytes Hidden from Windows API.
C:Documents and SettingsJulynApplication DataMacromediaFlash Playermacromedia.comSUPPORTflashplayerSYS 11/21/2005 9:49 AM 0 bytes Hidden from Windows API.
C:Documents and SettingsJulynApplication DataMacromediaFlash Playermacromedia.comSUPPORTflashplayerSYS#ivillage.com 1/5/2006 3:29 PM 0 bytes Hidden from Windows API.
C:Documents and SettingsJulynApplication DataMacromediaFlash Playermacromedia.comSUPPORTflashplayerSYS#ivillage.comSETTINGS.SOL 1/5/2006 3:29 PM 82 bytes Hidden from Windows API.
C:Documents and SettingsJulynApplication DataMacromediaFlash Playermacromedia.comSUPPORTflashplayerSYS#LOCAL 2/10/2006 10:49 PM 0 bytes Hidden from Windows API.
C:Documents and SettingsJulynApplication DataMacromediaFlash Playermacromedia.comSUPPORTflashplayerSYS#LOCALSETTINGS.SOL 2/10/2006 10:49 PM 75 bytes Hidden from Windows API.
C:Documents and SettingsJulynApplication DataMacromediaFlash Playermacromedia.comSUPPORTflashplayerSYS#LOREAL.COM 3/13/2006 10:12 PM 0 bytes Hidden from Windows API.
C:Documents and SettingsJulynApplication DataMacromediaFlash Playermacromedia.comSUPPORTflashplayerSYS#loreal.com.sg 12/8/2005 11:00 PM 0 bytes Hidden from Windows API.
C:Documents and SettingsJulynApplication DataMacromediaFlash Playermacromedia.comSUPPORTflashplayerSYS#loreal.com.sgSETTINGS.SOL 12/8/2005 11:00 PM 83 bytes Hidden from Windows API.
C:Documents and SettingsJulynApplication DataMacromediaFlash Playermacromedia.comSUPPORTflashplayerSYS#LOREAL.COMSETTINGS.SOL 3/13/2006 10:12 PM 80 bytes Hidden from Windows API.
C:Documents and SettingsJulynApplication DataMacromediaFlash Playermacromedia.comSUPPORTflashplayerSYS#mediaonenetwork.net 12/22/2005 7:21 PM 0 bytes Hidden from Windows API.
C:Documents and SettingsJulynApplication DataMacromediaFlash Playermacromedia.comSUPPORTflashplayerSYS#mediaonenetwork.netSETTINGS.SOL 12/22/2005 7:21 PM 89 bytes Hidden from Windows API.
C:Documents and SettingsJulynApplication DataMacromediaFlash Playermacromedia.comSUPPORTflashplayerSYS#NOKIA.COM 2/28/2006 10:19 PM 0 bytes Hidden from Windows API.
C:Documents and SettingsJulynApplication DataMacromediaFlash Playermacromedia.comSUPPORTflashplayerSYS#NOKIA.COMSETTINGS.SOL 2/28/2006 10:19 PM 79 bytes Hidden from Windows API.
C:Documents and SettingsJulynApplication DataMacromediaFlash Playermacromedia.comSUPPORTflashplayerSYS# 2/4/2006 3:48 PM 0 bytes Hidden from Windows API.
C:Documents and SettingsJulynApplication DataMacromediaFlash Playermacromedia.comSUPPORTflashplayerSYS# 2/4/2006 3:48 PM 85 bytes Hidden from Windows API.
C:Documents and SettingsJulynApplication DataMacromediaFlash Playermacromedia.comSUPPORTflashplayerSYS# 12/30/2005 3:18 PM 0 bytes Hidden from Windows API.
C:Documents and SettingsJulynApplication DataMacromediaFlash Playermacromedia.comSUPPORTflashplayerSYS# 12/30/2005 3:18 PM 95 bytes Hidden from Windows API.
C:Documents and SettingsJulynApplication DataMacromediaFlash Playermacromedia.comSUPPORTflashplayerSYS# 4/29/2006 9:23 PM 0 bytes Hidden from Windows API.
C:Documents and SettingsJulynApplication DataMacromediaFlash Playermacromedia.comSUPPORTflashplayerSYS# 4/29/2006 9:23 PM 85 bytes Hidden from Windows API.
C:Documents and SettingsJulynApplication DataMacromediaFlash Playermacromedia.comSUPPORTflashplayerSYSSETTINGS.SOL 2/19/2006 8:32 PM 492 bytes Hidden from Windows API.
C:WINDOWSPrefetchCMD.EXE-034B0549.pf 5/17/2006 2:36 PM 16.00 KB Hidden from Windows API.
C:WINDOWSSYSTEM32AUTORUNDriversAudioSys 9/16/2005 11:33 AM 0 bytes Hidden from Windows API.
C:WINDOWSSYSTEM32AUTORUNDriversAudioSysCleanUp.exe 4/17/2002 2:05 PM 44.00 KB Hidden from Windows API.
C:WINDOWSSYSTEM32AUTORUNDriversAudioSysDSndUp.exe 12/8/2004 4:16 PM 48.00 KB Hidden from Windows API.
D:Program FilesMicrosoft Visual Studio .NET 2003Vc7CRTSRCSYS 2/16/2006 12:31 AM 0 bytes Hidden from Windows API.
D:Program FilesMicrosoft Visual Studio .NET 2003Vc7CRTSRCSYSLOCKING.H 3/19/2003 9:49 AM 1.33 KB Hidden from Windows API.
D:Program FilesMicrosoft Visual Studio .NET 2003Vc7CRTSRCSYSSTAT.H 3/19/2003 9:49 AM 5.40 KB Hidden from Windows API.
D:Program FilesMicrosoft Visual Studio .NET 2003Vc7CRTSRCSYSTIMEB.H 3/19/2003 9:49 AM 2.96 KB Hidden from Windows API.
D:Program FilesMicrosoft Visual Studio .NET 2003Vc7CRTSRCSYSTYPES.H 3/19/2003 9:49 AM 2.02 KB Hidden from Windows API.
D:Program FilesMicrosoft Visual Studio .NET 2003Vc7CRTSRCSYSUTIME.H 3/19/2003 9:49 AM 3.61 KB Hidden from Windows API.
D:Program FilesMicrosoft Visual Studio .NET 2003Vc7INCLUDESYS 2/16/2006 12:33 AM 0 bytes Hidden from Windows API.
D:Program FilesMicrosoft Visual Studio .NET 2003Vc7INCLUDESYSLOCKING.H 5/31/2002 2:28 PM 997 bytes Hidden from Windows API.
D:Program FilesMicrosoft Visual Studio .NET 2003Vc7INCLUDESYSSTAT.H 5/31/2002 2:28 PM 4.58 KB Hidden from Windows API.
D:Program FilesMicrosoft Visual Studio .NET 2003Vc7INCLUDESYSTIMEB.H 5/31/2002 2:28 PM 2.18 KB Hidden from Windows API.
D:Program FilesMicrosoft Visual Studio .NET 2003Vc7INCLUDESYSTYPES.H 5/31/2002 2:28 PM 1.50 KB Hidden from Windows API.
D:Program FilesMicrosoft Visual Studio .NET 2003Vc7INCLUDESYSUTIME.H 5/31/2002 2:28 PM 2.80 KB Hidden from Windows API.
Edited by Nick Evan because: Fixed formatting
Member Avatar for marpet

Hi,

SOME ONE HAS TEMPERED WITH MY EMAIL ADDRESS AND KEEPS RECEIVING AND REPLYING MY MAILS. TELL ME WHAT I HAVE GOT TO DO. ITS MORE THAN I CAN BEAR AS I HAVE LOST A LOT OF MONEY BECAUSE OF THAT

commented: Don't post in old threads. +0
Member Avatar for nbaztec

For one, look at the date of the first post.
For two, why can't you just change ur password!! :-/

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.