Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked search engine?


  • This topic is locked This topic is locked
15 replies to this topic

#1 jaynendave

jaynendave

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 09 January 2009 - 12:01 AM

I am new to this forum and appreciate the fact that people help those of us without the knowledge to fix certain problems. I am experiencing a problem similar to the ones I have been reading - when using Google or Yahoo SE the results send me to various vendor sites. I am using XP Pro 2002 SP3. Here is my HJT log:
Thanks for any assistance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:25 PM, on 1/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Dave\My Documents\Downloads\HiJackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at0_x.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud8.sports.sc5.yahoo.com/java/y/nflgcst1010_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/Install...ive/HS_live.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.substance.com/save/makeover.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite....loadManager.ocx
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/9955/2003...iTunesSetup.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...ol_v1-0-3-9.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} (SiteBuilderEditor Class) - http://stores.homestead.com/storeadmin/uti...es/pssbedit.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 16235 bytes

BC AdBot (Login to Remove)

 


#2 jaynendave

jaynendave
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 11 January 2009 - 07:32 AM

I have read further and am adding the information as instructed from the dds operation:

DDS (Ver_09-01-07.01) - NTFSx86
Run by Dave at 7:18:26.95 on Sun 01/11/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.243 [GMT -5:00]

AV: Norton AntiVirus 2005 *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Safari\Safari.exe
C:\Documents and Settings\Dave\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
uDefault_Page_URL = hxxp://www.dellnet.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uDefault_Search_URL = hxxp://search.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
mURLSearchHooks: H - No File
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: UberButton Class: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:\program files\yahoo!\common\YIeTagBm.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\windows\googletoolbar3.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\windows\googletoolbar3.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\ahead\neroph~1\data\xtras\mssysmgr.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [ScreenPrint32] c:\program files\screenprint32 v3\ScreenPrint32.exe -startup
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\adobe acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-explorer: <NO NAME> =
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dave\applic~1\mozilla\firefox\profiles\default.nh6\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?.home=ytff
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");

============= SERVICES / DRIVERS ===============

R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2004-12-10 50312]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090107.002\NAVENG.Sys [2009-1-8 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090107.002\NavEx15.Sys [2009-1-8 876112]
R3 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2004-12-10 336008]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2004-12-13 197992]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2004-12-13 181608]
R4 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton antivirus\navapsvc.exe [2005-5-17 177264]
R4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2005-7-28 826512]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-12-13 79208]
S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2003-7-25 18864]
S3 dwusbdnt;dwusbdnt;c:\windows\system32\drivers\dwusbdnt.sys [2002-5-24 10368]
S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [2005-8-19 636416]
S3 SAVScan;SAVScan;c:\program files\norton antivirus\SAVScan.exe [2004-12-10 198368]
S3 thmsn21r;Thomson Inc. RD1021/1071 Lyra Personal Audio Player Control Driver;c:\windows\system32\drivers\thmsn21r.sys --> c:\windows\system32\drivers\thmsn21r.sys [?]
S4 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2005-5-17 67184]

=============== Created Last 30 ================

2009-01-08 23:53 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-25 00:31 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-12-25 00:31 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-12-25 00:31 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-25 00:31 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-12-17 21:26 410,984 a------- c:\windows\system32\deploytk.dll

==================== Find3M ====================

2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-02 23:31 136,536 a------- c:\docume~1\dave\applic~1\GDIPFONTCACHEV1.DAT
2008-12-01 21:07 95,456 a---h--- c:\windows\system32\mlfcache.dat
2008-11-30 09:17 31 a------- c:\documents and settings\dave\jagex_runescape_preferences.dat
2008-10-24 06:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 08:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 08:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 02:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 02:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2004-10-31 16:58 29 a------- c:\docume~1\dave\applic~1\tvmcwrd.dll
2004-10-31 10:12 226,266 a------- c:\docume~1\dave\applic~1\tvmknwrd.dll
2004-03-07 11:33 40,960 a--sh--- c:\windows\lbbho.dll
2002-08-29 05:00 94,784 ---sh--- c:\windows\TWAIN.DLL
2008-04-13 19:12 50,688 ---sh--- c:\windows\twain_32.dll
2004-02-23 23:21 56 ---shr-- c:\windows\system32\579512EDC9.sys
2008-04-13 19:11 1,028,096 a--sh--- c:\windows\system32\mfc42.dll
2008-04-13 19:12 57,344 a--sh--- c:\windows\system32\msvcirt.dll
2008-04-13 19:12 413,696 a--sh--- c:\windows\system32\msvcp60.dll
2008-04-13 19:12 343,040 a--sh--- c:\windows\system32\msvcrt.dll
2008-04-13 19:12 551,936 ---sh--- c:\windows\system32\oleaut32.dll
2008-04-13 19:12 84,992 a--sh--- c:\windows\system32\olepro32.dll
2008-04-13 19:12 11,776 ---sh--- c:\windows\system32\regsvr32.exe
2008-09-12 10:44 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091220080913\index.dat

============= FINISH: 7:19:32.21 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-07.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/22/2003 6:16:07 PM
System Uptime: 1/8/2009 10:57:35 PM (57 hours ago)

Motherboard: Dell Computer Corp. | | 0G0728
Processor: Intel® Pentium® 4 CPU 2.60GHz | Microprocessor | 2593/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 16.579 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is FIXED (FAT32) - 186 GiB total, 157.572 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme Gigabit Ethernet
Device ID: PCI\VEN_14E4&DEV_1653&SUBSYS_86531028&REV_01\4&1C660DD6&0&00F0
Manufacturer: Broadcom
Name: Broadcom NetXtreme Gigabit Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_1653&SUBSYS_86531028&REV_01\4&1C660DD6&0&00F0
Service: b57w2k

==== System Restore Points ===================

RP1690: 10/13/2008 11:13:41 PM - System Checkpoint
RP1691: 10/15/2008 12:13:44 AM - System Checkpoint
RP1692: 10/15/2008 3:00:26 AM - Software Distribution Service 3.0
RP1693: 10/16/2008 3:19:51 AM - System Checkpoint
RP1694: 10/16/2008 10:30:31 PM - Installed Microsoft Office XP Professional
RP1695: 10/17/2008 11:19:47 PM - System Checkpoint
RP1696: 10/18/2008 11:22:13 PM - System Checkpoint
RP1697: 10/20/2008 12:19:51 AM - System Checkpoint
RP1698: 10/21/2008 1:19:49 AM - System Checkpoint
RP1699: 10/22/2008 2:19:50 AM - System Checkpoint
RP1700: 10/23/2008 3:00:24 AM - Software Distribution Service 3.0
RP1701: 10/24/2008 3:00:34 AM - Software Distribution Service 3.0
RP1702: 10/25/2008 3:19:23 AM - System Checkpoint
RP1703: 10/26/2008 3:30:24 AM - System Checkpoint
RP1704: 10/27/2008 4:29:43 AM - System Checkpoint
RP1705: 10/28/2008 5:29:41 AM - System Checkpoint
RP1706: 10/29/2008 6:29:41 AM - System Checkpoint
RP1707: 10/30/2008 7:29:49 AM - System Checkpoint
RP1708: 10/31/2008 8:29:41 AM - System Checkpoint
RP1709: 10/31/2008 12:53:55 PM - Software Distribution Service 3.0
RP1710: 10/31/2008 5:36:48 PM - Printer Driver Adobe PDF Converter Installed
RP1711: 11/1/2008 6:29:46 PM - System Checkpoint
RP1712: 11/2/2008 6:28:13 PM - System Checkpoint
RP1713: 11/3/2008 6:29:43 PM - System Checkpoint
RP1714: 11/4/2008 7:29:40 PM - System Checkpoint
RP1715: 11/5/2008 8:29:39 PM - System Checkpoint
RP1716: 11/6/2008 9:29:40 PM - System Checkpoint
RP1717: 11/7/2008 10:29:43 PM - System Checkpoint
RP1718: 11/8/2008 2:39:24 PM - Software Distribution Service 3.0
RP1719: 11/9/2008 3:29:44 PM - System Checkpoint
RP1720: 11/10/2008 4:29:40 PM - System Checkpoint
RP1721: 11/11/2008 5:29:40 PM - System Checkpoint
RP1722: 11/12/2008 6:29:40 PM - System Checkpoint
RP1723: 11/13/2008 3:00:20 AM - Software Distribution Service 3.0
RP1724: 11/14/2008 3:18:28 AM - System Checkpoint
RP1725: 11/15/2008 3:37:43 AM - System Checkpoint
RP1726: 11/16/2008 4:37:50 AM - System Checkpoint
RP1727: 11/20/2008 7:35:21 PM - System Checkpoint
RP1728: 11/21/2008 10:02:16 PM - System Checkpoint
RP1729: 11/22/2008 10:14:18 PM - System Checkpoint
RP1730: 11/23/2008 11:14:18 PM - System Checkpoint
RP1731: 11/25/2008 12:14:18 AM - System Checkpoint
RP1732: 11/26/2008 1:14:18 AM - System Checkpoint
RP1733: 11/27/2008 2:14:19 AM - System Checkpoint
RP1734: 11/28/2008 2:37:34 AM - System Checkpoint
RP1735: 11/29/2008 3:37:30 AM - System Checkpoint
RP1736: 11/30/2008 3:59:33 AM - System Checkpoint
RP1737: 12/1/2008 4:07:29 AM - System Checkpoint
RP1738: 12/2/2008 5:07:30 AM - System Checkpoint
RP1739: 12/3/2008 6:07:28 AM - System Checkpoint
RP1740: 12/4/2008 7:07:27 AM - System Checkpoint
RP1741: 12/5/2008 8:23:20 AM - System Checkpoint
RP1742: 12/6/2008 8:23:31 AM - System Checkpoint
RP1743: 12/7/2008 8:44:29 AM - System Checkpoint
RP1744: 12/8/2008 9:28:47 AM - System Checkpoint
RP1745: 12/9/2008 10:28:47 AM - System Checkpoint
RP1746: 12/10/2008 11:28:44 AM - System Checkpoint
RP1747: 12/11/2008 3:00:26 AM - Software Distribution Service 3.0
RP1748: 12/14/2008 12:36:46 AM - Software Distribution Service 3.0
RP1749: 12/15/2008 1:23:50 AM - System Checkpoint
RP1750: 12/16/2008 8:20:03 AM - System Checkpoint
RP1751: 12/17/2008 8:29:52 AM - System Checkpoint
RP1752: 12/17/2008 9:25:46 PM - Installed Java™ 6 Update 11
RP1753: 12/17/2008 10:55:43 PM - Software Distribution Service 3.0
RP1754: 12/18/2008 11:30:23 PM - System Checkpoint
RP1755: 12/20/2008 12:14:13 AM - System Checkpoint
RP1756: 12/21/2008 1:23:47 AM - System Checkpoint
RP1757: 12/22/2008 2:14:12 AM - System Checkpoint
RP1758: 12/23/2008 2:43:00 PM - System Checkpoint
RP1759: 12/24/2008 3:13:05 PM - System Checkpoint
RP1760: 12/25/2008 3:43:17 PM - System Checkpoint
RP1761: 12/26/2008 4:42:25 PM - System Checkpoint
RP1762: 12/27/2008 5:42:27 PM - System Checkpoint
RP1763: 12/28/2008 6:42:28 PM - System Checkpoint
RP1764: 12/29/2008 6:58:18 PM - System Checkpoint
RP1765: 12/30/2008 6:59:25 PM - System Checkpoint
RP1766: 12/31/2008 7:58:17 PM - System Checkpoint
RP1767: 1/1/2009 8:26:57 PM - System Checkpoint
RP1768: 1/2/2009 9:16:09 PM - System Checkpoint
RP1769: 1/3/2009 10:11:53 PM - System Checkpoint
RP1770: 1/4/2009 11:11:52 PM - System Checkpoint
RP1771: 1/5/2009 11:13:17 PM - System Checkpoint
RP1772: 1/7/2009 12:13:15 AM - System Checkpoint
RP1773: 1/8/2009 1:13:19 AM - System Checkpoint
RP1774: 1/8/2009 10:42:19 PM - Removed Empire Earth
RP1775: 1/8/2009 10:43:47 PM - Removed Lyra Personal Audio Player (RD1021/1071/1075)
RP1776: 1/8/2009 10:48:17 PM - Removed Windows Live Messenger
RP1777: 1/8/2009 10:49:43 PM - Removed Windows Live Mail
RP1778: 1/8/2009 10:50:54 PM - Removed Windows Live Sign-in Assistant
RP1779: 1/8/2009 11:39:11 PM - Removed J2SE Runtime Environment 5.0 Update 10
RP1780: 1/8/2009 11:40:05 PM - Removed J2SE Runtime Environment 5.0 Update 11
RP1781: 1/8/2009 11:40:54 PM - Removed J2SE Runtime Environment 5.0 Update 2
RP1782: 1/8/2009 11:41:32 PM - Removed J2SE Runtime Environment 5.0 Update 4
RP1783: 1/8/2009 11:42:20 PM - Removed J2SE Runtime Environment 5.0 Update 6
RP1784: 1/8/2009 11:43:02 PM - Removed Java 2 Runtime Environment, SE v1.4.2_05
RP1785: 1/8/2009 11:44:13 PM - Removed Java 2 Runtime Environment, SE v1.4.2_06
RP1786: 1/8/2009 11:45:27 PM - Removed Java™ 6 Update 11
RP1787: 1/8/2009 11:46:23 PM - Removed Java™ 6 Update 2
RP1788: 1/8/2009 11:47:15 PM - Removed Java™ 6 Update 3
RP1789: 1/8/2009 11:48:00 PM - Removed Java™ 6 Update 5
RP1790: 1/8/2009 11:49:07 PM - Removed Java™ 6 Update 7
RP1791: 1/8/2009 11:50:03 PM - Removed Java™ SE Runtime Environment 6 Update 1
RP1792: 1/8/2009 11:52:44 PM - Installed Java™ 6 Update 11
RP1793: 1/10/2009 12:26:14 AM - System Checkpoint
RP1794: 1/11/2009 1:28:30 AM - System Checkpoint

==== Installed Programs ======================


Ad-aware 6 Personal
Adobe Acrobat 6.0.1 Professional
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Creative Suite
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe PageMaker 6.5
Adobe PageMaker 7.0
Adobe PageMaker Plug-in Pack
Adobe QuarkXPress Converter 3.0
Adobe Reader 8.1.3
Adobe SVG Viewer 3.0
AiO_Scan
AnswerWorks 5.0 English Runtime
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Avery Media Software 32 bit
Avery® Wizard 2.1 for Microsoft® Word 2002
BACS
Banctec Service Agreement
BCM V.92 56K Modem
Bonjour
Broadcom Advanced Control Suite
ccCommon
Citrix ICA Web Client
ClickArt 750,000
Collapse! Crunch
Dell Networking Guide
Dell Solution Center
Dell Support
Dell Support Center
DellSupport
DVDSentry
Easy CD Ripper 2.10
Enterprise
FTapp (remove only)
Garmin Communicator Plugin
Google Earth Plus
Google Toolbar for Internet Explorer
Help and Support Customization
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Homestead SiteBuilder
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
hp photosmart 100 series
hp photosmart printer series (Remove only)
HP Product Detection
HP PSC & Officejet 4.2 Corporate Edition
HP Share-to-Web
Intel® PRO Network Adapters and Drivers
Intel® PROSet
Intellisync® for Yahoo!
Internet Worm Protection
iTunes
Java™ 6 Update 11
Kinko's File Prep Tool
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Interactive Training
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Office XP Small Business
Microsoft User-Mode Driver Framework Feature Pack 1.0
MobileMe Control Panel
Modem Helper
Mozilla Firefox (3.0.5)
Mozilla Thunderbird (0.9)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Nero PhotoShow Elite
Nero Suite
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SCSSDist MSI
Norton AntiVirus SYMLT MSI
Norton CleanSweep
Norton WMI Update
OpenOffice.org Installer 1.0
QFolder
Quicken 2008
QuickTime
RelevantKnowledge
Rhapsody Player Engine
Safari
SafeCast Shared Components
Scan
ScreenPrint32 v3.5
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Shockwave
SnadBoy's Revelation v2
Sound Blaster Live!
SPBBC
Spelling Dictionaries Support For Adobe Reader 8
Symantec
Symantec Network Drivers Update
Symantec Script Blocking Installer
SymNet
TurboTax 2002
TurboTax Deluxe 2003
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Verizon Online Help and Support
WebFldrs XP
WexTech AnswerWorks
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live installer
Windows Live Mail
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Related
Windows XP Service Pack 3
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
Zoom ADSL Modem

==== Event Viewer Messages From Past Week ========

1/4/2009 4:48:27 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
1/4/2009 1:00:53 AM, error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/4/2009 1:00:53 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
1/4/2009 1:00:51 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
1/5/2009 8:09:56 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/6/2009 3:10:20 PM, error: Service Control Manager [7034] - The SupportSoft Sprocket Service (dellsupportcenter) service terminated unexpectedly. It has done this 1 time(s).
1/8/2009 10:59:10 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
1/8/2009 10:59:10 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

#3 jaynendave

jaynendave
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 16 January 2009 - 02:06 PM

Yahoo and Google search engines direct me to sites other than the ones listed. Does not happen with Safari. Also just had Norton detect a virus called 'Downloader' (it was caught and deleted).


DDS (Ver_09-01-07.01) - NTFSx86
Run by Dave at 7:18:26.95 on Sun 01/11/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.243 [GMT -5:00]

AV: Norton AntiVirus 2005 *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Safari\Safari.exe
C:\Documents and Settings\Dave\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
uDefault_Page_URL = hxxp://www.dellnet.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uDefault_Search_URL = hxxp://search.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
mURLSearchHooks: H - No File
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: UberButton Class: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:\program files\yahoo!\common\YIeTagBm.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\windows\googletoolbar3.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\windows\googletoolbar3.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\ahead\neroph~1\data\xtras\mssysmgr.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [ScreenPrint32] c:\program files\screenprint32 v3\ScreenPrint32.exe -startup
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\adobe acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-explorer: <NO NAME> =
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dave\applic~1\mozilla\firefox\profiles\default.nh6\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?.home=ytff
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");

============= SERVICES / DRIVERS ===============

R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2004-12-10 50312]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090107.002\NAVENG.Sys [2009-1-8 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090107.002\NavEx15.Sys [2009-1-8 876112]
R3 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2004-12-10 336008]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2004-12-13 197992]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2004-12-13 181608]
R4 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton antivirus\navapsvc.exe [2005-5-17 177264]
R4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2005-7-28 826512]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-12-13 79208]
S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2003-7-25 18864]
S3 dwusbdnt;dwusbdnt;c:\windows\system32\drivers\dwusbdnt.sys [2002-5-24 10368]
S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [2005-8-19 636416]
S3 SAVScan;SAVScan;c:\program files\norton antivirus\SAVScan.exe [2004-12-10 198368]
S3 thmsn21r;Thomson Inc. RD1021/1071 Lyra Personal Audio Player Control Driver;c:\windows\system32\drivers\thmsn21r.sys --> c:\windows\system32\drivers\thmsn21r.sys [?]
S4 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2005-5-17 67184]

=============== Created Last 30 ================

2009-01-08 23:53 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-25 00:31 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-12-25 00:31 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-12-25 00:31 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-25 00:31 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-12-17 21:26 410,984 a------- c:\windows\system32\deploytk.dll

==================== Find3M ====================

2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-02 23:31 136,536 a------- c:\docume~1\dave\applic~1\GDIPFONTCACHEV1.DAT
2008-12-01 21:07 95,456 a---h--- c:\windows\system32\mlfcache.dat
2008-11-30 09:17 31 a------- c:\documents and settings\dave\jagex_runescape_preferences.dat
2008-10-24 06:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 08:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 08:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 02:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 02:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2004-10-31 16:58 29 a------- c:\docume~1\dave\applic~1\tvmcwrd.dll
2004-10-31 10:12 226,266 a------- c:\docume~1\dave\applic~1\tvmknwrd.dll
2004-03-07 11:33 40,960 a--sh--- c:\windows\lbbho.dll
2002-08-29 05:00 94,784 ---sh--- c:\windows\TWAIN.DLL
2008-04-13 19:12 50,688 ---sh--- c:\windows\twain_32.dll
2004-02-23 23:21 56 ---shr-- c:\windows\system32\579512EDC9.sys
2008-04-13 19:11 1,028,096 a--sh--- c:\windows\system32\mfc42.dll
2008-04-13 19:12 57,344 a--sh--- c:\windows\system32\msvcirt.dll
2008-04-13 19:12 413,696 a--sh--- c:\windows\system32\msvcp60.dll
2008-04-13 19:12 343,040 a--sh--- c:\windows\system32\msvcrt.dll
2008-04-13 19:12 551,936 ---sh--- c:\windows\system32\oleaut32.dll
2008-04-13 19:12 84,992 a--sh--- c:\windows\system32\olepro32.dll
2008-04-13 19:12 11,776 ---sh--- c:\windows\system32\regsvr32.exe
2008-09-12 10:44 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091220080913\index.dat

============= FINISH: 7:19:32.21 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-07.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/22/2003 6:16:07 PM
System Uptime: 1/8/2009 10:57:35 PM (57 hours ago)

Motherboard: Dell Computer Corp. | | 0G0728
Processor: Intel® Pentium® 4 CPU 2.60GHz | Microprocessor | 2593/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 16.579 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is FIXED (FAT32) - 186 GiB total, 157.572 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme Gigabit Ethernet
Device ID: PCI\VEN_14E4&DEV_1653&SUBSYS_86531028&REV_01\4&1C660DD6&0&00F0
Manufacturer: Broadcom
Name: Broadcom NetXtreme Gigabit Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_1653&SUBSYS_86531028&REV_01\4&1C660DD6&0&00F0
Service: b57w2k

==== System Restore Points ===================

RP1690: 10/13/2008 11:13:41 PM - System Checkpoint
RP1691: 10/15/2008 12:13:44 AM - System Checkpoint
RP1692: 10/15/2008 3:00:26 AM - Software Distribution Service 3.0
RP1693: 10/16/2008 3:19:51 AM - System Checkpoint
RP1694: 10/16/2008 10:30:31 PM - Installed Microsoft Office XP Professional
RP1695: 10/17/2008 11:19:47 PM - System Checkpoint
RP1696: 10/18/2008 11:22:13 PM - System Checkpoint
RP1697: 10/20/2008 12:19:51 AM - System Checkpoint
RP1698: 10/21/2008 1:19:49 AM - System Checkpoint
RP1699: 10/22/2008 2:19:50 AM - System Checkpoint
RP1700: 10/23/2008 3:00:24 AM - Software Distribution Service 3.0
RP1701: 10/24/2008 3:00:34 AM - Software Distribution Service 3.0
RP1702: 10/25/2008 3:19:23 AM - System Checkpoint
RP1703: 10/26/2008 3:30:24 AM - System Checkpoint
RP1704: 10/27/2008 4:29:43 AM - System Checkpoint
RP1705: 10/28/2008 5:29:41 AM - System Checkpoint
RP1706: 10/29/2008 6:29:41 AM - System Checkpoint
RP1707: 10/30/2008 7:29:49 AM - System Checkpoint
RP1708: 10/31/2008 8:29:41 AM - System Checkpoint
RP1709: 10/31/2008 12:53:55 PM - Software Distribution Service 3.0
RP1710: 10/31/2008 5:36:48 PM - Printer Driver Adobe PDF Converter Installed
RP1711: 11/1/2008 6:29:46 PM - System Checkpoint
RP1712: 11/2/2008 6:28:13 PM - System Checkpoint
RP1713: 11/3/2008 6:29:43 PM - System Checkpoint
RP1714: 11/4/2008 7:29:40 PM - System Checkpoint
RP1715: 11/5/2008 8:29:39 PM - System Checkpoint
RP1716: 11/6/2008 9:29:40 PM - System Checkpoint
RP1717: 11/7/2008 10:29:43 PM - System Checkpoint
RP1718: 11/8/2008 2:39:24 PM - Software Distribution Service 3.0
RP1719: 11/9/2008 3:29:44 PM - System Checkpoint
RP1720: 11/10/2008 4:29:40 PM - System Checkpoint
RP1721: 11/11/2008 5:29:40 PM - System Checkpoint
RP1722: 11/12/2008 6:29:40 PM - System Checkpoint
RP1723: 11/13/2008 3:00:20 AM - Software Distribution Service 3.0
RP1724: 11/14/2008 3:18:28 AM - System Checkpoint
RP1725: 11/15/2008 3:37:43 AM - System Checkpoint
RP1726: 11/16/2008 4:37:50 AM - System Checkpoint
RP1727: 11/20/2008 7:35:21 PM - System Checkpoint
RP1728: 11/21/2008 10:02:16 PM - System Checkpoint
RP1729: 11/22/2008 10:14:18 PM - System Checkpoint
RP1730: 11/23/2008 11:14:18 PM - System Checkpoint
RP1731: 11/25/2008 12:14:18 AM - System Checkpoint
RP1732: 11/26/2008 1:14:18 AM - System Checkpoint
RP1733: 11/27/2008 2:14:19 AM - System Checkpoint
RP1734: 11/28/2008 2:37:34 AM - System Checkpoint
RP1735: 11/29/2008 3:37:30 AM - System Checkpoint
RP1736: 11/30/2008 3:59:33 AM - System Checkpoint
RP1737: 12/1/2008 4:07:29 AM - System Checkpoint
RP1738: 12/2/2008 5:07:30 AM - System Checkpoint
RP1739: 12/3/2008 6:07:28 AM - System Checkpoint
RP1740: 12/4/2008 7:07:27 AM - System Checkpoint
RP1741: 12/5/2008 8:23:20 AM - System Checkpoint
RP1742: 12/6/2008 8:23:31 AM - System Checkpoint
RP1743: 12/7/2008 8:44:29 AM - System Checkpoint
RP1744: 12/8/2008 9:28:47 AM - System Checkpoint
RP1745: 12/9/2008 10:28:47 AM - System Checkpoint
RP1746: 12/10/2008 11:28:44 AM - System Checkpoint
RP1747: 12/11/2008 3:00:26 AM - Software Distribution Service 3.0
RP1748: 12/14/2008 12:36:46 AM - Software Distribution Service 3.0
RP1749: 12/15/2008 1:23:50 AM - System Checkpoint
RP1750: 12/16/2008 8:20:03 AM - System Checkpoint
RP1751: 12/17/2008 8:29:52 AM - System Checkpoint
RP1752: 12/17/2008 9:25:46 PM - Installed Java™ 6 Update 11
RP1753: 12/17/2008 10:55:43 PM - Software Distribution Service 3.0
RP1754: 12/18/2008 11:30:23 PM - System Checkpoint
RP1755: 12/20/2008 12:14:13 AM - System Checkpoint
RP1756: 12/21/2008 1:23:47 AM - System Checkpoint
RP1757: 12/22/2008 2:14:12 AM - System Checkpoint
RP1758: 12/23/2008 2:43:00 PM - System Checkpoint
RP1759: 12/24/2008 3:13:05 PM - System Checkpoint
RP1760: 12/25/2008 3:43:17 PM - System Checkpoint
RP1761: 12/26/2008 4:42:25 PM - System Checkpoint
RP1762: 12/27/2008 5:42:27 PM - System Checkpoint
RP1763: 12/28/2008 6:42:28 PM - System Checkpoint
RP1764: 12/29/2008 6:58:18 PM - System Checkpoint
RP1765: 12/30/2008 6:59:25 PM - System Checkpoint
RP1766: 12/31/2008 7:58:17 PM - System Checkpoint
RP1767: 1/1/2009 8:26:57 PM - System Checkpoint
RP1768: 1/2/2009 9:16:09 PM - System Checkpoint
RP1769: 1/3/2009 10:11:53 PM - System Checkpoint
RP1770: 1/4/2009 11:11:52 PM - System Checkpoint
RP1771: 1/5/2009 11:13:17 PM - System Checkpoint
RP1772: 1/7/2009 12:13:15 AM - System Checkpoint
RP1773: 1/8/2009 1:13:19 AM - System Checkpoint
RP1774: 1/8/2009 10:42:19 PM - Removed Empire Earth
RP1775: 1/8/2009 10:43:47 PM - Removed Lyra Personal Audio Player (RD1021/1071/1075)
RP1776: 1/8/2009 10:48:17 PM - Removed Windows Live Messenger
RP1777: 1/8/2009 10:49:43 PM - Removed Windows Live Mail
RP1778: 1/8/2009 10:50:54 PM - Removed Windows Live Sign-in Assistant
RP1779: 1/8/2009 11:39:11 PM - Removed J2SE Runtime Environment 5.0 Update 10
RP1780: 1/8/2009 11:40:05 PM - Removed J2SE Runtime Environment 5.0 Update 11
RP1781: 1/8/2009 11:40:54 PM - Removed J2SE Runtime Environment 5.0 Update 2
RP1782: 1/8/2009 11:41:32 PM - Removed J2SE Runtime Environment 5.0 Update 4
RP1783: 1/8/2009 11:42:20 PM - Removed J2SE Runtime Environment 5.0 Update 6
RP1784: 1/8/2009 11:43:02 PM - Removed Java 2 Runtime Environment, SE v1.4.2_05
RP1785: 1/8/2009 11:44:13 PM - Removed Java 2 Runtime Environment, SE v1.4.2_06
RP1786: 1/8/2009 11:45:27 PM - Removed Java™ 6 Update 11
RP1787: 1/8/2009 11:46:23 PM - Removed Java™ 6 Update 2
RP1788: 1/8/2009 11:47:15 PM - Removed Java™ 6 Update 3
RP1789: 1/8/2009 11:48:00 PM - Removed Java™ 6 Update 5
RP1790: 1/8/2009 11:49:07 PM - Removed Java™ 6 Update 7
RP1791: 1/8/2009 11:50:03 PM - Removed Java™ SE Runtime Environment 6 Update 1
RP1792: 1/8/2009 11:52:44 PM - Installed Java™ 6 Update 11
RP1793: 1/10/2009 12:26:14 AM - System Checkpoint
RP1794: 1/11/2009 1:28:30 AM - System Checkpoint

==== Installed Programs ======================


Ad-aware 6 Personal
Adobe Acrobat 6.0.1 Professional
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Creative Suite
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe PageMaker 6.5
Adobe PageMaker 7.0
Adobe PageMaker Plug-in Pack
Adobe QuarkXPress Converter 3.0
Adobe Reader 8.1.3
Adobe SVG Viewer 3.0
AiO_Scan
AnswerWorks 5.0 English Runtime
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Avery Media Software 32 bit
Avery® Wizard 2.1 for Microsoft® Word 2002
BACS
Banctec Service Agreement
BCM V.92 56K Modem
Bonjour
Broadcom Advanced Control Suite
ccCommon
Citrix ICA Web Client
ClickArt 750,000
Collapse! Crunch
Dell Networking Guide
Dell Solution Center
Dell Support
Dell Support Center
DellSupport
DVDSentry
Easy CD Ripper 2.10
Enterprise
FTapp (remove only)
Garmin Communicator Plugin
Google Earth Plus
Google Toolbar for Internet Explorer
Help and Support Customization
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Homestead SiteBuilder
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
hp photosmart 100 series
hp photosmart printer series (Remove only)
HP Product Detection
HP PSC & Officejet 4.2 Corporate Edition
HP Share-to-Web
Intel® PRO Network Adapters and Drivers
Intel® PROSet
Intellisync® for Yahoo!
Internet Worm Protection
iTunes
Java™ 6 Update 11
Kinko's File Prep Tool
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Interactive Training
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Office XP Small Business
Microsoft User-Mode Driver Framework Feature Pack 1.0
MobileMe Control Panel
Modem Helper
Mozilla Firefox (3.0.5)
Mozilla Thunderbird (0.9)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Nero PhotoShow Elite
Nero Suite
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SCSSDist MSI
Norton AntiVirus SYMLT MSI
Norton CleanSweep
Norton WMI Update
OpenOffice.org Installer 1.0
QFolder
Quicken 2008
QuickTime
RelevantKnowledge
Rhapsody Player Engine
Safari
SafeCast Shared Components
Scan
ScreenPrint32 v3.5
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Shockwave
SnadBoy's Revelation v2
Sound Blaster Live!
SPBBC
Spelling Dictionaries Support For Adobe Reader 8
Symantec
Symantec Network Drivers Update
Symantec Script Blocking Installer
SymNet
TurboTax 2002
TurboTax Deluxe 2003
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Verizon Online Help and Support
WebFldrs XP
WexTech AnswerWorks
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live installer
Windows Live Mail
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Related
Windows XP Service Pack 3
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
Zoom ADSL Modem

==== Event Viewer Messages From Past Week ========

1/4/2009 4:48:27 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
1/4/2009 1:00:53 AM, error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/4/2009 1:00:53 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
1/4/2009 1:00:51 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
1/5/2009 8:09:56 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/6/2009 3:10:20 PM, error: Service Control Manager [7034] - The SupportSoft Sprocket Service (dellsupportcenter) service terminated unexpectedly. It has done this 1 time(s).
1/8/2009 10:59:10 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
1/8/2009 10:59:10 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

Edited by KoanYorel, 16 January 2009 - 02:27 PM.
To merge posts


#4 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:04:44 PM

Posted 22 January 2009 - 04:24 PM

Howdy, my name is Hoov, and I will be helping you with your dilemma. Sorry it took so long to get you help.


Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread.

Here is what I am asking you to do during the repair of your computer

*Tell me everything that you have done, if anything, to try and fix this problem.

*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it.

*Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

*Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.

Now onto trying to fix your computer.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

If you have a router, then when the computer is restarting, unhook the router from the internet, then do a reset of the router, and then when the computer and router are back up, make sure you change the default password with a strong password. If you have just an external modem, just unplug the power from it, wait 2 minutes, then plug it back in.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#5 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:04:44 PM

Posted 27 January 2009 - 12:36 PM

if you still need help, please post something here to let me know you are still interested. If I don't hear anything in the next couple days, then this thread will be closed.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#6 jaynendave

jaynendave
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 31 January 2009 - 10:58 PM

I have been travelling. I will start your fix this week. Thanks.

#7 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:04:44 PM

Posted 31 January 2009 - 11:07 PM

no worries, just as long as I know you are still around.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#8 jaynendave

jaynendave
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 03 February 2009 - 11:30 AM

Here is the log:
Malwarebytes' Anti-Malware 1.33
Database version: 1718
Windows 5.1.2600 Service Pack 3

2/2/2009 11:37:26 PM
mbam-log-2009-02-02 (23-37-26).txt

Scan type: Full Scan (C:\|D:\|E:\|G:\|)
Objects scanned: 220514
Time elapsed: 1 hour(s), 51 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Dave\Application Data\tvmknwrd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

#9 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:04:44 PM

Posted 03 February 2009 - 11:49 AM

Run ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#10 jaynendave

jaynendave
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 03 February 2009 - 10:35 PM

ComboFix 09-02-02.04 - Dave 2009-02-03 21:38:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.182 [GMT -5:00]
Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe
AV: Norton AntiVirus 2005 *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Dave\Local Settings\Temporary Internet Files\Tvm.log
c:\documents and settings\Dave\Local Settings\Temporary Internet Files\ZSearch.log
c:\windows\Readme.txt
c:\windows\system32\drivers\fad.sys
c:\windows\system32\QTWMCI32.DLL

----- BITS: Possible infected sites -----

hxxp://eservicesupport.us.dell.com
.
((((((((((((((((((((((((( Files Created from 2009-01-04 to 2009-02-04 )))))))))))))))))))))))))))))))
.

2009-02-02 21:31 . 2009-02-02 21:31 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-02 21:31 . 2009-02-02 21:31 <DIR> d-------- c:\documents and settings\Dave\Application Data\Malwarebytes
2009-02-02 21:31 . 2009-02-02 21:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-02 21:31 . 2009-01-14 16:11 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-02-02 21:31 . 2009-01-14 16:11 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-01-16 19:41 . 2009-01-16 19:41 <DIR> d-------- c:\program files\Windows Defender
2009-01-08 23:53 . 2009-01-08 23:52 73,728 --a------ c:\windows\SYSTEM32\javacpl.cpl
2009-01-08 23:02 . 2009-01-08 23:02 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 01:36 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-01 00:06 --------- d-----w c:\program files\Quicken
2009-01-11 19:05 --------- d-----w c:\documents and settings\All Users\Application Data\Dell
2009-01-09 04:52 410,984 ----a-w c:\windows\SYSTEM32\deploytk.dll
2009-01-09 04:52 --------- d-----w c:\program files\Java
2009-01-09 04:51 --------- d-----w c:\program files\Common Files\Java
2009-01-09 03:49 --------- d-----w c:\program files\Windows Live
2009-01-09 03:46 --------- d-----w c:\program files\The Logo Creator v2.6
2009-01-09 03:46 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-09 03:46 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-09 03:45 --------- d-----w c:\program files\PokerStars
2009-01-09 03:43 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-04 15:27 --------- d-----w c:\program files\Norton AntiVirus
2008-12-26 06:28 --------- d-----w c:\documents and settings\Dave\Application Data\Share-to-Web Upload Folder
2008-12-25 05:31 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-12-25 05:31 --------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2008-12-25 05:31 --------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-25 05:31 --------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-12-15 01:52 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-13 06:40 3,593,216 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys
2008-12-03 04:31 136,536 ----a-w c:\documents and settings\Dave\Application Data\GDIPFONTCACHEV1.DAT
2008-11-30 14:17 31 ----a-w c:\documents and settings\Dave\jagex_runescape_preferences.dat
2004-10-31 21:58 29 ----a-w c:\documents and settings\Dave\Application Data\tvmcwrd.dll
2004-03-07 16:33 40,960 --sha-w c:\windows\lbbho.dll
2008-04-14 00:12 50,688 --sh--w c:\windows\twain_32.dll
2004-02-24 04:21 56 --sh--r c:\windows\SYSTEM32\579512EDC9.sys
2008-04-14 00:11 1,028,096 --sha-w c:\windows\SYSTEM32\mfc42.dll
2008-04-14 00:12 57,344 --sha-w c:\windows\SYSTEM32\msvcirt.dll
2008-04-14 00:12 413,696 --sha-w c:\windows\SYSTEM32\msvcp60.dll
2008-04-14 00:12 343,040 --sha-w c:\windows\SYSTEM32\msvcrt.dll
2008-04-14 00:12 551,936 --sh--w c:\windows\SYSTEM32\oleaut32.dll
2008-04-14 00:12 84,992 --sha-w c:\windows\SYSTEM32\olepro32.dll
2008-04-14 00:12 11,776 --sh--w c:\windows\SYSTEM32\regsvr32.exe
2008-09-12 15:44 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008091220080913\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2006-11-30 4662776]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" [2004-11-11 212992]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2003-06-24 245760]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-25 196608]
"ScreenPrint32"="c:\program files\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-15 446464]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-17 58728]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2007-08-15 100056]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-09-28 936960]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-08 136600]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-07-24 110592]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i263_32.drv
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm
"VIDC.I263"= i263_32.drv
"aux2"= wdmaud.sys

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates]
wjview [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2003-08-12 20:10 335872 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a------ 2001-09-04 13:24 28672 c:\windows\SYSTEM32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"MMTray"=c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" startup
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"HPHmon03"=c:\windows\System32\hphmon03.exe
"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
"Share-to-Web Namespace Daemon"=c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
"AltnetPointsManager"=c:\program files\altnet\points manager\points manager.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\GameHouse\\CollapseCrunch\\Collapse3.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\StubInstaller.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"6217:TCP"= 6217:TCP:*:Disabled:Limewire

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\SYSTEM32\DRIVERS\hphius09.sys [2003-07-25 18864]
S3 dwusbdnt;dwusbdnt;c:\windows\SYSTEM32\DRIVERS\dwusbdnt.sys [2002-05-24 10368]
S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\SYSTEM32\DRIVERS\PRISMUSB.sys [2005-08-19 636416]
S3 thmsn21r;Thomson Inc. RD1021/1071 Lyra Personal Audio Player Control Driver;c:\windows\system32\Drivers\thmsn21r.sys --> c:\windows\system32\Drivers\thmsn21r.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-01-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2003-07-24 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2008-04-13 19:12]

2009-02-01 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Dave.job
- c:\progra~1\NORTON~1\Navw32.exe [2005-05-17 19:14]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
MSConfigStartUp-zSearch - c:\program files\zSearch\Zstb.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://search.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} - hxxp://download.akamaitools.com.edgesuite.net/dlmanager/live/code/DownloadManager.ocx
DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} - hxxp://stores.homestead.com/storeadmin/utilities/pssbedit.cab
FF - ProfilePath - c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\default.nh6\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?.home=ytff
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nphssb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 21:43:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???x???x???????????????????x???????????x???x???????????x???????????x???x???????????????????????????8????????????D?w????????????7??w????x???x??????????????

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-03 21:50:36
ComboFix-quarantined-files.txt 2009-02-04 02:49:10

Pre-Run: 17,525,415,936 bytes free
Post-Run: 17,762,529,280 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

222 --- E O F --- 2009-02-03 01:31:21

#11 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:04:44 PM

Posted 03 February 2009 - 11:00 PM

How are the searches doing?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#12 jaynendave

jaynendave
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 04 February 2009 - 06:09 PM

That seems to have been corrected. In addition to your software suggestions I had tried Windows Defender. Each new program seemed to find an additional infected file.

#13 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:04:44 PM

Posted 04 February 2009 - 07:19 PM

So are there any problems left that need to be addressed?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#14 jaynendave

jaynendave
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 04 February 2009 - 10:12 PM

No, I don't think so. Thank you.

#15 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:04:44 PM

Posted 04 February 2009 - 11:01 PM

You are welcome!

Now there are something's you need to do to fully clean your system and keep it secure.

[*]Please download OTCleanIt from one of the following mirrors and save it to your desktop:[*]Double click the Posted Image icon.
[*] Click the large "Cleanup" button.
[*] A list of tool components used in the Cleanup of malware will be downloaded.
[*] Click Yes to begin the Cleanup process and remove these components, including this application.
[*] You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
[*] Make sure you have an Internet Connection.
[*] If you have a firewall that throws out a message that OTMI3 is attempting to contact the Internet that it should be allowed.
[*]You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
[/list]
Cleaning out Temporary Files etc. There are several different products that you can use for this. You can go thru the Internet Options in the windows Control Panel. There are several programs that also do the job better than windows does it, in my opinion. There is System Security Suite, EasyCleaner, Ccleaner. Also sometimes other program sometimes do it as well as what you originally got it for like ZoneAlarm Security Suite. Just make sure to keep them updated and use them regularly.

Disable and Enable System Restore.
If you are using Windows Vista or XP, then I recommend you turn off System restore, and then turn it back on so that you will not be able to restore your problems to a clean computer.

Here are some good tutorials for that.
Windows Vista Restore Guide
or
Windows XP System Restore Guide
Reboot
Re-enable system restore with instructions from tutorial above

Create a System Restore Point
Go to all programs, then to accessories, then to system tools, then to system restore. Check the box for create restore point (not select a restore point), then click next and follow the instructions.

Make your Internet Explorer more secure - This can be done by following these simple instructions: (unless you are using ZoneAlarm Security Suite or something similar, then you would secure the browser thru the firewall).

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Also see the following: Internet Explorer Privacy & Security Settings
Working with Internet Explorer 6 Security

Use a different browser other than IE (most exploits are pointed towards IE). One of them is
Firefox.
It is also worth trying Thunderbird for controlling spam in your e-mail.


Always use an UPDATED anti-virus program Make sure you update this at least weekly, if not more often. This is one thing that may Ave you more than anything else.

Run malware scanners. Three free ones are Spybot Search and Destroy, and AdAware and Malwarebytes' Anti-Malware


Always use a firewall.
Any firewall is better than none, and you should pick a firewall that you will use, as even the best firewall is worthless if you turn it off.

Learn how to use your firewall Only programs that need it should have access to the net. But these are specific to the firewall you use, so you will need to learn how. Several firewalls have support forums here. My page will help you with ZoneAlarm if that is what you choose.


Never run two Antivirus programs or two Firewalls at the same time. They can interfere with each other and cause problems. Some people swear that more protection is provided, but the reverse is true. They tend to argue amongst themselves and end up leaving holes. Now I have more than 1 AV installed on my computer, and I keep them up to date. I only run one at a time, but each program has weakness's, so I keep a backup in case my computer starts acting up.


MOST IMPORTANT : Windows and IE, and whatever other software that you have that connects to the net, needs to be kept updated. The reason is, these programs connect to the net, and if there is an internal security problem, you have already told your firewall to allow the communication, and thus you will have allowed a hole. UPDATES are important. I suggest that you make sure that Windows Updates and the updates for your antivirus and antimalware programs are set for automatic updates.

Don't ever use P2P or filesharing software Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple. File sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.

Before using any malware detection / removal software Check with Rogue/Suspect Spyware List and Rogue Applications List That way you will know if the program you are looking at is on the up and up. If you want to know how it stacks up against other programs check out SpywareWarrior

We have a good guide here at Spyware Hammer on how to prevent Malware in the Future. You might want to peruse this and follow the recommendations in there.
PLEASE READ IT AND FOLLOW THE RECOMMENDATIONS TO PROTECT YOURSELF.

Let us know if you have any more problems, either new or old.
Have a good time surfing the net, but stay safe.
If you have no more problems, let me know and I will mark this as resolved. Or if you have more questions, ask away, that is why I am here.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users