Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Web Mail Moving Ads


  • This topic is locked This topic is locked
9 replies to this topic

#1 WildBill53

WildBill53

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 04 September 2008 - 05:52 AM

My web mail page has ads as usual. The ads are moving onto the "Go to Email" button so I can only click the ad and not the button. I have performed all prep described in your guide. Need help getting things back to normal.

Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:58:29 AM, on 9/4/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\iStartupStub.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 2.4.lnk.disabled
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Digital Line Detect.lnk.disabled
O4 - Global Startup: QuickSet.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10122 bytes

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,622 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:13 AM

Posted 21 September 2008 - 08:47 PM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

#3 WildBill53

WildBill53
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 22 September 2008 - 06:07 PM

Thanks for your reply.

I am still having the problem, I have just been working around it by using Firefox for email only. Firefox does not exibit that behavior of moving the add to the enter button for the email.

I look forward to your outstanding insight on what may be causing this.

Thanks again :thumbsup:

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,622 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:13 AM

Posted 22 September 2008 - 07:18 PM

Please visit the following link and use the instructions there to post a ComboFix log as a reply to this topic:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When following the instructions please install the Windows XP Recovery Console if you are using XP.

After running ComboFix, please post the ComboFix log as well as a brand new HijackThis as a reply to this topic.

#5 WildBill53

WildBill53
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 03 October 2008 - 09:19 AM

Thanks for waiting. Have been out on business for 3 weeks.

Here is the new HJT and ComboFix is below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:37 AM, on 10/3/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\iStartupStub.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Norton Internet Security.lnk = C:\Program Files\Common Files\Symantec Shared\NPC\2.0\uiStub2.exe
O4 - Startup: OpenOffice.org 2.4.lnk.disabled
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Digital Line Detect.lnk.disabled
O4 - Global Startup: QuickSet.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9614 bytes


COMBOFIX

ComboFix 08-10-02.04 - Carol 2008-10-03 10:00:30.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1252 [GMT -4:00]
Running from: C:\Users\Carol\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Carol\AppData\Roaming\Microsoft\Windows\Cookies\carol@symantec[2].txt

.
((((((((((((((((((((((((( Files Created from 2008-09-03 to 2008-10-03 )))))))))))))))))))))))))))))))
.

2008-09-17 15:52 . 2008-07-19 01:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-17 15:52 . 2008-07-18 23:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-17 15:52 . 2008-07-19 01:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-17 15:52 . 2008-07-19 01:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-17 15:51 . 2008-07-19 01:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-17 15:51 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-17 15:51 . 2008-07-18 23:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-17 15:51 . 2008-07-19 01:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-17 15:51 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-11 06:06 . 2008-07-30 19:47 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-11 06:06 . 2008-07-30 23:34 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-09-11 06:06 . 2008-06-25 23:22 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-11 06:06 . 2008-07-30 23:34 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-05 21:41 . 2008-10-02 15:47 <DIR> d-------- C:\Users\All Users\Google Updater
2008-09-05 21:41 . 2008-10-02 15:47 <DIR> d-------- C:\ProgramData\Google Updater
2008-09-05 21:12 . 2008-09-05 21:13 <DIR> d-------- C:\Program Files\Java
2008-09-05 21:12 . 2008-09-05 21:12 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-04 04:56 . 2008-09-04 04:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-03 21:05 . 2008-09-03 21:57 <DIR> d-------- C:\Windows\BDOSCAN8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-02 22:35 --------- d-----w C:\Users\Carol\AppData\Roaming\OpenOffice.org2
2008-09-12 07:01 --------- d-----w C:\Program Files\Microsoft Works
2008-09-06 01:42 --------- d-----w C:\Program Files\Google
2008-09-03 21:35 --------- d-----w C:\ProgramData\Symantec
2008-09-03 21:13 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-08-26 01:47 --------- d-----w C:\ProgramData\Creative
2008-08-26 00:12 --------- d-----w C:\Users\Carol\AppData\Roaming\Sony Corporation
2008-08-26 00:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-25 23:58 --------- d-----w C:\Program Files\Sony
2008-08-25 23:57 --------- d-----w C:\Users\Carol\AppData\Roaming\InstallShield
2008-08-22 18:47 --------- d-----w C:\Program Files\CCleaner
2008-08-22 14:24 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-13 07:01 --------- d-----w C:\Program Files\Windows Mail
2008-08-05 01:52 --------- d-----w C:\Program Files\QuickVerse 2007
2008-08-05 01:49 --------- d-----w C:\Users\Carol\AppData\Roaming\QuickVerse11
2008-08-04 23:21 --------- d-----w C:\ProgramData\Lavasoft
2008-08-04 23:17 --------- d-----w C:\Program Files\Lavasoft
2008-08-04 23:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-22 08:42 174 --sha-w C:\Program Files\desktop.ini
2008-07-22 03:17 8,192 ----a-w C:\Windows\System32\riched32.dll
2008-07-22 03:15 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-07-22 03:15 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-07-22 03:15 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-07-22 03:15 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-07-22 03:15 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-07-22 03:15 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-07-22 03:15 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-07-22 03:15 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-07-22 03:15 2,923,520 ----a-w C:\Windows\explorer.exe
2008-07-22 03:14 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-07-22 03:10 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-07-22 03:10 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-07-22 03:10 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-07-22 03:10 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-07-22 03:10 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-07-22 03:09 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-07-22 03:09 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-07-22 03:09 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-07-22 03:09 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-07-22 03:09 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-07-22 03:09 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-07-22 03:07 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-07-22 03:07 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-07-22 03:07 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-07-22 03:07 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-07-22 03:06 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-07-22 03:06 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-07-22 03:06 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-07-22 03:02 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-07-22 03:00 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-07-22 03:00 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-07-22 03:00 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-07-22 03:00 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-07-22 02:59 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-07-22 02:59 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-07-22 02:59 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-07-22 02:59 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-07-22 02:59 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-07-22 02:59 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-07-22 02:59 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2008-07-22 02:59 223,232 ----a-w C:\Windows\System32\SLC.dll
2008-07-22 02:59 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2008-07-22 02:59 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2008-07-22 02:58 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-07-22 02:58 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-07-22 02:56 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-07-22 02:56 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-07-22 02:55 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-07-22 02:55 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-07-22 02:54 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-07-22 02:53 5,120 ----a-w C:\Windows\System32\wmi.dll
2008-07-22 02:53 428,032 ----a-w C:\Windows\System32\EncDec.dll
2008-07-22 02:53 292,352 ----a-w C:\Windows\System32\psisdecd.dll
2008-07-22 02:53 152,576 ----a-w C:\Windows\System32\imagehlp.dll
2008-07-22 02:53 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-07-22 02:53 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-07-22 02:48 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2006-11-12 446976]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-22 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-13 29744]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"iolo Startup"="C:\Program Files\iolo\Common\Lib\iStartupStub.exe" [2007-02-01 268904]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"WrtMon.exe"="C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"IJNetworkScanUtility"="C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

C:\Users\Carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Norton Internet Security.lnk - C:\Program Files\Common Files\Symantec Shared\NPC\2.0\uiStub2.exe [2008-02-06 104312]
OpenOffice.org 2.4.lnk.disabled [2008-07-22 1042]
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-08-25 385024]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk.disabled [2007-07-24 1748]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-07-24 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080926.005\IDSvix86.sys [2008-09-12 270384]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 149864]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 2427392]
R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-13 29744]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00c8e75c-5d11-11dd-ae84-0015c5d09bcd}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\m.exe /s

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00c8e761-5d11-11dd-ae84-0015c5d09bcd}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\1slm5lfq.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxps://webauth.att.net/auth/webmail/login?action=Login&url=http%3A%2F%2Fwebmail.att.net%2Fwmc%2Fv%2Fwmgoto%2F48C1D5B4000903D9000030C72223070492
FF -: plugin - C:\Program Files\Google\Google Updater\2.3.1334.1308\npCIDetect13.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-03 10:02:31
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-03 10:03:48
ComboFix-quarantined-files.txt 2008-10-03 14:03:44

Pre-Run: 53,443,829,760 bytes free
Post-Run: 53,427,712,000 bytes free

221 --- E O F --- 2008-09-12 07:03:17

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,622 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:13 AM

Posted 03 October 2008 - 09:37 AM

Download Flash_Disinfector from HERE and save it to your Desktop.
Doubleclick on Flash_Disinfector.exe to run it and follow the prompts.
Wait until it has finished scanning and then exit the program.
The utility may ask you to insert your flash drive and/or other removable drives. This may include your mobile phone.
Please do so and allow the utility to clean up those drives as well.

Note: This utility will create a file "Autorun.inf" on all removable storage devices, and protect the file with attributes making it a System, Hidden, Read-only file. You would be best served to leave these files be. They are designed to prevent commont Autorun malware infections from using this same file to launch repeated infections. This is a protection mechanism and the file should be left alone.

When this is all done, reboot, and follow the rest of the instructions.

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00c8e75c-5d11-11dd-ae84-0015c5d09bcd}]


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

#7 WildBill53

WildBill53
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 03 October 2008 - 10:11 AM

Lawrence,

I did not get any prompts when trying to run Flash Disinfector. I downloaded it a second time. I tried to run as administrator. Still saw nothing. Here is the new Combo with CSscript and new HJT.


ComboFix 08-10-02.04 - Carol 2008-10-03 10:59:58.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1307 [GMT -4:00]
Running from: C:\Users\Carol\Desktop\ComboFix.exe
Command switches used :: C:\Users\Carol\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\autorun.inf
shellexecute=K:\m.exe /s

.
((((((((((((((((((((((((( Files Created from 2008-09-03 to 2008-10-03 )))))))))))))))))))))))))))))))
.

2008-09-17 15:52 . 2008-07-19 01:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-17 15:52 . 2008-07-18 23:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-17 15:52 . 2008-07-19 01:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-17 15:52 . 2008-07-19 01:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-17 15:51 . 2008-07-19 01:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-17 15:51 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-17 15:51 . 2008-07-18 23:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-17 15:51 . 2008-07-19 01:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-17 15:51 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-11 06:06 . 2008-07-30 19:47 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-11 06:06 . 2008-07-30 23:34 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-09-11 06:06 . 2008-06-25 23:22 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-11 06:06 . 2008-07-30 23:34 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-05 21:41 . 2008-10-02 15:47 <DIR> d-------- C:\Users\All Users\Google Updater
2008-09-05 21:41 . 2008-10-02 15:47 <DIR> d-------- C:\ProgramData\Google Updater
2008-09-05 21:12 . 2008-09-05 21:13 <DIR> d-------- C:\Program Files\Java
2008-09-05 21:12 . 2008-09-05 21:12 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-04 04:56 . 2008-09-04 04:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-03 21:05 . 2008-09-03 21:57 <DIR> d-------- C:\Windows\BDOSCAN8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-02 22:35 --------- d-----w C:\Users\Carol\AppData\Roaming\OpenOffice.org2
2008-09-12 07:01 --------- d-----w C:\Program Files\Microsoft Works
2008-09-06 01:42 --------- d-----w C:\Program Files\Google
2008-09-03 21:35 --------- d-----w C:\ProgramData\Symantec
2008-09-03 21:13 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-08-26 01:47 --------- d-----w C:\ProgramData\Creative
2008-08-26 00:12 --------- d-----w C:\Users\Carol\AppData\Roaming\Sony Corporation
2008-08-26 00:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-25 23:58 --------- d-----w C:\Program Files\Sony
2008-08-25 23:57 --------- d-----w C:\Users\Carol\AppData\Roaming\InstallShield
2008-08-22 18:47 --------- d-----w C:\Program Files\CCleaner
2008-08-22 14:24 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-13 07:01 --------- d-----w C:\Program Files\Windows Mail
2008-08-05 01:52 --------- d-----w C:\Program Files\QuickVerse 2007
2008-08-05 01:49 --------- d-----w C:\Users\Carol\AppData\Roaming\QuickVerse11
2008-08-04 23:21 --------- d-----w C:\ProgramData\Lavasoft
2008-08-04 23:17 --------- d-----w C:\Program Files\Lavasoft
2008-08-04 23:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-22 08:42 174 --sha-w C:\Program Files\desktop.ini
2008-07-22 03:17 8,192 ----a-w C:\Windows\System32\riched32.dll
2008-07-22 03:15 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-07-22 03:15 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-07-22 03:15 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-07-22 03:15 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-07-22 03:15 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-07-22 03:15 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-07-22 03:15 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-07-22 03:15 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-07-22 03:15 2,923,520 ----a-w C:\Windows\explorer.exe
2008-07-22 03:14 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-07-22 03:10 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-07-22 03:10 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-07-22 03:10 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-07-22 03:10 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-07-22 03:10 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-07-22 03:09 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-07-22 03:09 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-07-22 03:09 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-07-22 03:09 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-07-22 03:09 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-07-22 03:09 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-07-22 03:07 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-07-22 03:07 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-07-22 03:07 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-07-22 03:07 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-07-22 03:06 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-07-22 03:06 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-07-22 03:06 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-07-22 03:02 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-07-22 03:00 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-07-22 03:00 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-07-22 03:00 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-07-22 03:00 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-07-22 02:59 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-07-22 02:59 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-07-22 02:59 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-07-22 02:59 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-07-22 02:59 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-07-22 02:59 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-07-22 02:59 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2008-07-22 02:59 223,232 ----a-w C:\Windows\System32\SLC.dll
2008-07-22 02:59 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2008-07-22 02:59 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2008-07-22 02:58 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-07-22 02:58 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-07-22 02:56 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-07-22 02:56 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-07-22 02:55 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-07-22 02:55 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-07-22 02:54 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-07-22 02:53 5,120 ----a-w C:\Windows\System32\wmi.dll
2008-07-22 02:53 428,032 ----a-w C:\Windows\System32\EncDec.dll
2008-07-22 02:53 292,352 ----a-w C:\Windows\System32\psisdecd.dll
2008-07-22 02:53 152,576 ----a-w C:\Windows\System32\imagehlp.dll
2008-07-22 02:53 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-07-22 02:53 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-07-22 02:48 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
.

((((((((((((((((((((((((((((( snapshot@2008-10-03_10.03.00.71 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-03 13:40:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-03 14:53:03 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-10-03 13:40:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-10-03 14:53:03 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-10-03 13:40:49 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-03 14:55:34 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-10-03 13:40:54 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-03 14:55:29 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-10-03 13:58:10 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-03 14:53:48 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-03 13:58:10 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-03 14:53:48 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-03 13:58:10 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-03 14:53:48 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-03 13:45:02 104,024 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-03 14:59:36 104,024 ----a-w C:\Windows\System32\perfc009.dat
- 2008-10-03 13:45:02 618,648 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-03 14:59:36 618,648 ----a-w C:\Windows\System32\perfh009.dat
- 2008-10-03 13:42:42 34,830 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-03 14:55:47 34,878 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2006-11-12 446976]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-22 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-13 29744]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"iolo Startup"="C:\Program Files\iolo\Common\Lib\iStartupStub.exe" [2007-02-01 268904]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"WrtMon.exe"="C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"IJNetworkScanUtility"="C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

C:\Users\Carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Norton Internet Security.lnk - C:\Program Files\Common Files\Symantec Shared\NPC\2.0\uiStub2.exe [2008-02-06 104312]
OpenOffice.org 2.4.lnk.disabled [2008-07-22 1042]
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-08-25 385024]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk.disabled [2007-07-24 1748]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-07-24 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080926.005\IDSvix86.sys [2008-09-12 270384]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 149864]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 2427392]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-13 29744]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00c8e761-5d11-11dd-ae84-0015c5d09bcd}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-03 11:02:34
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-03 11:03:48
ComboFix-quarantined-files.txt 2008-10-03 15:03:44
ComboFix2.txt 2008-10-03 14:03:49

Pre-Run: 53,433,794,560 bytes free
Post-Run: 53,403,635,712 bytes free

229 --- E O F --- 2008-09-12 07:03:17



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:37 AM, on 10/3/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\iStartupStub.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Norton Internet Security.lnk = C:\Program Files\Common Files\Symantec Shared\NPC\2.0\uiStub2.exe
O4 - Startup: OpenOffice.org 2.4.lnk.disabled
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Digital Line Detect.lnk.disabled
O4 - Global Startup: QuickSet.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9614 bytes

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,622 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:13 AM

Posted 03 October 2008 - 12:54 PM

Looks better... How does it feel to you?

#9 WildBill53

WildBill53
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 03 October 2008 - 01:49 PM

Looks Great!

No problems at all.

Thank-your for lyour help.

Can I pay you for your time?

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,622 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:13 AM

Posted 03 October 2008 - 01:54 PM

Nope...just glad we could help!

Now that your clean:

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and reenable system restore here for your particular Windows Version:

Managing Windows Millenium System Restore

or

Windows XP System Restore Guide

or

Windows Vista System Restore Guide


Renable system restore with instructions from tutorial above


Next,

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


I am closing this topic. Please message a moderator if you need it reopened.

Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users