Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with God knows what


  • This topic is locked This topic is locked
2 replies to this topic

#1 Cam2

Cam2

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 05 January 2009 - 05:55 PM

Out of the blue my 5 year old Dell Dimension 8300 running XP SP3 slowed horrendously, started giving error mesages it couldn't find bookmarked known, safe web pages I've accessed for years and strted opening new windows by the tens and twenties. Out of desperation I took someone's advice to try the Hijack This route. Help in fixing this would be enormously appreciated. Thanks.

DDS (Version 1.0)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/22/2003 12:04:54 PM
System Uptime: 1/3/2009 7:12:15 PM (46 hours ago)

Motherboard: Dell Computer Corp. | | 0G0728
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2991/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 87.979 GiB free.
D: is Removable
E: is CDROM ()
F: is CDROM ()
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1861: 11/29/2008 9:58:55 PM - Installed Cisco Network Magic
RP1862: 11/30/2008 10:58:51 PM - System Checkpoint
RP1863: 12/1/2008 6:23:31 PM - Installed Dell Support Center (Support Software).
RP1864: 12/2/2008 6:33:33 PM - System Checkpoint
RP1865: 12/3/2008 7:53:50 PM - System Checkpoint
RP1866: 12/4/2008 8:21:21 PM - System Checkpoint
RP1867: 12/5/2008 8:55:16 PM - System Checkpoint
RP1868: 12/6/2008 9:36:51 PM - System Checkpoint
RP1869: 12/7/2008 2:50:33 PM - Cleaned registry with Windows Live OneCare safety scanner
RP1870: 12/8/2008 3:24:52 PM - System Checkpoint
RP1871: 12/8/2008 8:20:09 PM - Installed Sophos Anti-Virus
RP1872: 12/8/2008 8:21:46 PM - Installed Sophos AutoUpdate
RP1873: 12/9/2008 8:55:41 PM - System Checkpoint
RP1874: 12/10/2008 3:00:48 AM - Software Distribution Service 3.0
RP1875: 12/11/2008 3:06:35 AM - System Checkpoint
RP1876: 12/12/2008 3:00:19 AM - Software Distribution Service 3.0
RP1877: 12/12/2008 8:50:59 AM - Installed Trend Micro TrendProtect for Internet Explorer.
RP1878: 12/13/2008 9:35:45 AM - System Checkpoint
RP1879: 12/13/2008 5:10:54 PM - Removed Sophos Anti-Virus
RP1880: 12/13/2008 5:12:20 PM - Removed Sophos AutoUpdate
RP1881: 12/13/2008 5:13:38 PM - Removed Social Security Benefit Calculator
RP1882: 12/13/2008 5:15:02 PM - Removed Apple Mobile Device Support
RP1883: 12/13/2008 5:17:47 PM - Removed Broderbund Media Manager
RP1884: 12/14/2008 8:42:16 AM - Software Distribution Service 3.0
RP1885: 12/14/2008 9:26:34 AM - Removed Cisco Network Magic
RP1886: 12/14/2008 9:27:24 AM - Removed Pure Networks Platform
RP1887: 12/15/2008 10:48:28 AM - System Checkpoint
RP1888: 12/16/2008 12:07:35 PM - System Checkpoint
RP1889: 12/17/2008 12:40:44 PM - System Checkpoint
RP1890: 12/17/2008 7:38:17 PM - Removed Dell Picture Studio - Dell Image Expert
RP1891: 12/17/2008 7:39:18 PM - Installed Dell Picture Studio - Dell Image Expert
RP1892: 12/18/2008 3:00:20 AM - Software Distribution Service 3.0
RP1893: 12/19/2008 3:53:08 AM - System Checkpoint
RP1894: 12/20/2008 4:33:37 AM - System Checkpoint
RP1895: 12/20/2008 12:32:24 PM - Installed HP Product Assistant
RP1896: 12/20/2008 4:30:57 PM - Removed hp officejet 7100 series
RP1897: 12/21/2008 4:42:21 PM - System Checkpoint
RP1898: 12/22/2008 5:06:54 PM - System Checkpoint
RP1899: 12/23/2008 5:28:08 PM - System Checkpoint
RP1900: 12/24/2008 5:58:43 PM - System Checkpoint
RP1901: 12/25/2008 6:01:28 PM - System Checkpoint
RP1902: 12/26/2008 10:52:22 AM - Removed Dell Picture Studio - Dell Image Expert
RP1903: 12/27/2008 11:46:35 AM - System Checkpoint
RP1904: 12/28/2008 12:01:40 PM - System Checkpoint
RP1905: 12/29/2008 12:03:49 PM - System Checkpoint
RP1906: 12/30/2008 12:42:55 PM - System Checkpoint
RP1907: 12/31/2008 1:26:11 PM - System Checkpoint
RP1908: 1/1/2009 4:53:42 PM - System Checkpoint
RP1909: 1/2/2009 4:56:06 PM - System Checkpoint
RP1910: 1/3/2009 5:13:59 PM - System Checkpoint
RP1911: 1/3/2009 6:40:10 PM - Removed Opera 9.62
RP1912: 1/3/2009 7:07:29 PM - Installed Windows XP KB915865.
RP1913: 1/3/2009 7:08:32 PM - Installed Windows NLSDownlevelMapping.
RP1914: 1/3/2009 7:09:12 PM - Installed Windows IDNMitigationAPIs.
RP1915: 1/3/2009 7:09:39 PM - Installed Windows Internet Explorer 7.
RP1916: 1/4/2009 3:00:19 AM - Software Distribution Service 3.0
RP1917: 1/4/2009 5:00:39 PM - Installed AVG 8.0
RP1918: 1/5/2009 9:52:26 AM - Avg8 Update

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
7500_7600_7700_Help
Ad-aware 6 Personal
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.3
Adobe® Photoshop® Album Starter Edition 3.2
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Software Update
ArcSoft Software Suite
ATI Control Panel
ATI Display Driver
AVG 8.0
Banctec Service Agreement
BCM V.92 56K Modem
Bonjour
BPD_HPSU
BPD_Scan
BPDfax
BPDSoftware
BPDSoftware_Ini
BufferChm
BUM
Calendar Creator
Carbonite
CCScore
Comcast Toolbar
Comcast Universal Installer v1.2
Creative MediaSource
CustomerResearchQFolder
DAO
Dell ResourceCD
Dell Solution Center
Dell Support
Dell Support Center (Support Software)
DellConnect
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
DVDSentry
Earthlink Installer - uninstall 'Earthlink 5.0' entry first if present
EarthLink MDAC
Easy CD Creator 5 Basic
ELNKInst
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
eSupportQFolder
Google Earth
Google Toolbar for Internet Explorer
Google Updater
Help and Support Customization
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Officejet Pro All-In-One Series
HP Photosmart Essential
HP Product Assistant
HP Product Detection
HP Solution Center 7.0
HP Update
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevicesMFC
Intel® PRO Network Connections Drivers
Intel® PROSet
ItsDeductible Express
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Java™ SE Runtime Environment 6 Update 1
Juniper Terminal Services Client
Keynote Connector
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
KODAK EASYSHARE Gallery Easy Upload, v2.1
Kodak EasyShare software
L7600
LiveUpdate (Symantec Corporation)
Logitech MouseWare 9.76
Logitech Resource Center
Malwarebytes' Anti-Malware
MapQuest Toolbar for Internet Explorer
MapSource
MarketResearch
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Interactive Training
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Media Content
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Windows Journal Viewer
Microsoft XML Parser
Modem Helper
Movielink Manager
MPM
MSN Music Assistant
MSSoap
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
MUSICMATCH Jukebox
netbrdg
Norton Internet Security
Norton PC Checkup
nRoute
OCR Software by I.R.I.S 7.0
OfotoXMI
Palm Desktop
Panda ActiveScan 2.0
PanoStandAlone
Plaxo Toolbar for Windows
PocketMirror 3.0.2 (Standard Edition)
PowerDVD
ProductContext
Quicken 2008
QuickTime
Scan
ScanToWeb
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SFR
SFR2
SHASTA
Shockwave
skin0001
SKINXSDK
SolutionCenter
Sound Blaster Audigy 2
Spybot - Search & Destroy
staticcr
Status
The Amortizer
Toolbox
tooltips
TrayApp
Trend Micro TrendProtect for Internet Explorer
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax Deluxe 2005
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006
U3Launcher
Unload
Unlocker 1.8.5
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb958619)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Viewpoint Media Player
VPRINTOL
WebFldrs XP
WebReg
Webshots!
WexTech AnswerWorks
Windows Desktop Search 3.01
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 11
Windows Vista Upgrade Advisor
Windows XP Service Pack 3
WIRELESS
Xingtone Ringtone Maker

==== Event Viewer Messages From Past Week ========

12/31/2008 2:44:50 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
12/31/2008 2:44:40 PM, error: Print [23] - Printer CAPTURE FAX BVRP failed to initialize because a suitable CAPTURE FAX BVRP driver could not be found.
12/30/2008 2:37:13 PM, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 0007E97C64A8 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/29/2008 7:31:26 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
1/5/2009 5:16:06 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

DDS (Version 1.1.0) - NTFSx86
Run by Cam Jankowiak at 17:47:51.03 on Mon 01/05/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.243 [GMT -5:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\3.17.0.16\PlaxoHelper_en.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\mapquest toolbar\MqTbServer.exe
C:\Program Files\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\Documents and Settings\Cam Jankowiak\Desktop\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/beta/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
uSearch Bar = hxxp://www.comcast.net/toolbar2.0/search/
uInternet Settings,ProxyOverride = localhost;*.local;<local>
mSearchAssistant = hxxp://www.comcast.net/toolbar2.0/search/
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~2\COMCAS~1.DLL
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.2.0.7\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: MapQuest Toolbar Loader: {e34f0e11-ab79-487c-9773-36c594dff5aa} - c:\program files\mapquest toolbar\mqtb.dll
BHO: BhoMisc Class: {e3578b37-6346-4ec1-a82b-38273a100dcf} - c:\program files\trend micro\trendprotect\msie\wrs.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~2\COMCAS~1.DLL
TB: TrendProtect: {f83be649-1cc3-48ee-b2e2-0826cef3822a} - c:\program files\trend micro\trendprotect\msie\wrs.dll
TB: MapQuest Toolbar: {57abf0dd-577c-4ec6-855c-8dc29768c2b0} - c:\program files\mapquest toolbar\mqtb.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {FE54FA40-D68C-11D2-98FA-00C0F0318AFE} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PlaxoUpdate] c:\program files\plaxo\3.17.0.16\PlaxoHelper_en.exe -a
uRunOnce: [<NO NAME>] c:\program files\internet explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/P...00001A.000000B7
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: &MapQuest Toolbar Search - c:\documents and settings\all users\application data\mapquest toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: turbotax.com
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.2.0.7\CoIEPlg.dll
Handler: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - c:\program files\trend micro\trendprotect\msie\WRS.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 nwprovau

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-1-4 12552]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-8 28544]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1002000.007\SymEFA.sys [2008-12-26 309296]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-4 324872]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-4 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-4 107272]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1002000.007\BHDrvx86.sys [2008-12-26 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1002000.007\cchpx86.sys [2008-12-26 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20081220.001\IDSxpx86.sys [2008-12-26 274808]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-12-27 99376]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090105.009\naveng.sys [2009-1-5 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090105.009\navex15.sys [2009-1-5 876112]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-4 298264]
R4 IKFileSec;IKFileSec; [x]
R4 IKSysFlt;IKSysFlt; [x]
R4 IKSysSec;IKSysSec; [x]
R4 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R4 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.2.0.7\ccSvcHst.exe [2008-12-26 115560]
R4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2005-10-24 1245064]
S3 XIRLINK;Dsc Pro Digital Camera;c:\windows\system32\drivers\c-itnt.sys --> c:\windows\system32\drivers\C-itnt.sys [?]

=============== Created Last 30 ================

2009-01-05 17:04 <DIR> --d----- c:\program files\Spyware Doctor
2009-01-04 17:07 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-01-04 17:01 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-04 17:01 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-04 17:01 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-01-04 17:01 324,872 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-04 17:01 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-01-04 17:01 <DIR> --d----- c:\docume~1\camjan~1\applic~1\AVGTOOLBAR
2009-01-04 17:00 <DIR> --d----- c:\program files\AVG
2009-01-04 17:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-12-26 10:58 36,272 a----r-- c:\windows\system32\drivers\SymIM.sys
2008-12-26 10:58 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-26 10:58 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2008-12-26 10:58 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-26 10:58 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2008-12-26 10:57 <DIR> --d----- c:\program files\Norton Internet Security
2008-12-22 13:24 <DIR> --d----- c:\program files\MapQuest Toolbar
2008-12-17 19:42 <DIR> --d----- c:\windows\system32\drivers\NIS
2008-12-17 19:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2008-12-17 19:40 <DIR> --d----- c:\program files\NortonInstaller
2008-12-17 19:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2008-12-17 18:35 <DIR> --d----- c:\program files\Norton PC Checkup
2008-12-12 08:51 <DIR> --d----- c:\program files\Trend Micro
2008-12-08 21:31 <DIR> --d----- c:\documents and settings\cam jankowiak\.housecall6.6
2008-12-08 20:20 <DIR> --d----- c:\program files\Sophos
2008-12-08 20:18 <DIR> --d----- C:\stdtsa
2008-12-08 18:26 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2008-12-08 18:25 <DIR> --d----- c:\program files\Panda Security

==================== Find3M ====================

2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-22 15:47 6 a------- c:\windows\fonts\wfonts.key
2008-10-16 15:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2004-03-05 07:31 107,528 ac------ c:\docume~1\camjan~1\applic~1\GDIPFONTCACHEV1.DAT
2003-06-08 11:20 32 ac-sh--- c:\windows\{DFD14443-61AC-4B34-831C-859128A7DFBD}.dat
2003-06-08 11:20 32 ac-sh--- c:\windows\system32\{90DD0F29-3597-4629-8FAE-1F0A08736698}.dat
2008-08-31 20:03 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083120080901\index.dat

============= FINISH: 17:49:23.26 ===============

Edited by Cam2, 06 January 2009 - 01:43 PM.


BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:05:52 PM

Posted 20 January 2009 - 08:18 AM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:05:52 PM

Posted 02 February 2009 - 07:40 AM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users