Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infec. Unknown - IE pgs. appear, refresh immediately, then drop


  • This topic is locked This topic is locked
33 replies to this topic

#1 cin2

cin2

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 05 August 2009 - 06:28 PM

I connect to my home page (Yahoo) fine, but after a few seconds the tab says "Connecting" and it refreshes. A few seconds later it happens again, but this time goes to the standard screen we all get saying it cannot connect. The same thing happens on many pages including all search engines and MSN Hotmail. The only ones that seem to be exempt are the sites I've visited over the past 5 days to try to fix this issue. I've tried so many diagnostic/removal tools that I'm afraid they may be conflicting with each other. I already had Norton Internet, Advanced SystemCare, and RegCure, and have since downloaded HijackThis, Anti-Malware, Spybot, and SuperAntiSpyware. Days ago I deleted ALL of my IE add-ons, reset DEP so it's now looking at all programs, de-installed the clip art program that I think gave me this nightmare, enabled my MSN internet connection firewall, and de-installed the Adware Professional I had just gotten because a scan said it was fake (not so sure). Today I deactivated my System Restore because I was told that the data in there is immune to the scans I've been running. Didn't make any difference.

Since this started last Saturday (now Wed.), it's gotten worse. Online pages are intact for shorter periods so it's very difficult to even click a button or paste a phrase. And now my other offline programs seem to be suffering. I just tried to open a Word doc and it took about 5 min. Went to Yahoo so I could describe the error screen I get (see above) and it froze. Thank God this site is stable for me. Ran DDS and it had a problem. It gave me a file, which I'm pasting below. Attached is a screen shot of the DDS screen with the errors.

Anyone who can help me with this is a hero. I'm at the end of my rope and if this doesn't work, I'm going to try to reinstall my OS, although I don't have high hopes for that working either. THANK YOU!


DDS (Ver_09-07-30.01) - NTFSx86
Run by __________ at 18:48:53.35 on Wed 08/05/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.37 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\RegCure\RegCure.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
svchost.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\cin2\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.yahoo.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uLocal Page = \blank.htm
mSearch Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=
uInternet Settings,ProxyOverride = *.local
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
uRun: [dla] c:\windows\system32\dla\tfswctrl.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DLBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBTtime.dll,_RunDLLEntry@16
mRun: [A Verizon App] c:\progra~1\verizo~1\helpsu~1\VERIZO~1.EXE
mRun: [Dell Photo AIO Printer 922] "c:\program files\dell photo aio printer 922\dlbtbmgr.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: ajilonprofinder.com\ak3
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161451461109
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/games/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\norton internet security\engine\16.5.0.135\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - SABShellExecuteHook Class

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-4-23 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-4-23 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-4-23 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090730.003\IDSXpx86.sys [2009-7-30 276344]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-7-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-7-28 72944]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-4-23 115560]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-23 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090804.040\NAVENG.SYS [2009-8-5 87888]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090804.040\NAVEX15.SYS [2009-8-5 875728]
S2 navapsvc;Norton AntiVirus Auto-Protect Service;"c:\program files\norton internet security\norton antivirus\navapsvc.exe" --> c:\program files\norton internet security\norton antivirus\navapsvc.exe [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-7-28 7408]

============== File Associations ===============

regfile=*** no open command defined ***

=============== Created Last 30 ================

2009-08-04 17:57 <DIR> --d----- c:\docume~1\cindyb~1\applic~1\Malwarebytes
2009-08-04 17:57 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-04 17:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-04 17:57 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-04 17:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-02 20:24 <DIR> --d----- c:\program files\Trend Micro
2009-08-02 17:07 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-08-02 17:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-08-01 22:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-01 22:41 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-08-01 22:41 <DIR> --d----- c:\docume~1\cindyb~1\applic~1\SUPERAntiSpyware.com
2009-08-01 22:39 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-30 10:12 <DIR> --d----- c:\docume~1\cindyb~1\applic~1\Clip Art Collection
2009-07-10 20:23 <DIR> --d----- c:\docume~1\cindyb~1\applic~1\EA
2009-07-09 22:18 <DIR> --d----- c:\docume~1\cindyb~1\applic~1\IObit
2009-07-09 22:18 <DIR> --d----- c:\program files\IObit
2009-07-09 08:26 435 a------- c:\windows\system32\Shortcut to system32.lnk

==================== Find3M ====================

2009-07-19 18:48 11,067,392 a------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-16 17:54 35,968 a------- c:\docume~1\cindyb~1\applic~1\GDIPFONTCACHEV1.DAT
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 13:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 13:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 13:09 206,848 a------- c:\windows\system32\dllcache\occache.dll
2009-07-03 13:09 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 13:09 55,296 a------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 13:09 1,985,536 a------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 13:09 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 13:09 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 13:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 13:09 386,048 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 07:01 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 15:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2008-03-22 14:19 1,588,120 a------- c:\program files\YaptaSetup_v2_1_5.exe
2006-03-29 20:05 389,120 a------- c:\documents and settings\cindy border\remote.exe

============= FINISH: 18:50:02.95 ===============

Attached Files


Edited by farbar, 17 August 2009 - 11:53 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,411 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:26 PM

Posted 15 August 2009 - 06:24 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#3 cin2

cin2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 15 August 2009 - 07:21 AM

Thanks for the response. Per your request, I've run DDS again. One file attached, text below. And nothing has changed since my original post, so all the details are in there. Thanks!


DDS (Ver_09-07-30.01) - NTFSx86
Run by xxxxxxx at 8:11:48.60 on Sat 08/15/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.215 [GMT -4:00]

AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\RegCure\RegCure.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Documents and Settings\cin2\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.yahoo.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uLocal Page = \blank.htm
mSearch Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\norton internet security\engine\16.5.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\norton internet security\engine\16.5.0.135\IPSBHO.DLL
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\norton internet security\engine\16.5.0.135\coIEPlg.dll
TB: {F5735C15-1FB2-41FE-BA12-242757E69DDE} - No File
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
uRun: [dla] c:\windows\system32\dla\tfswctrl.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DLBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBTtime.dll,_RunDLLEntry@16
mRun: [A Verizon App] c:\progra~1\verizo~1\helpsu~1\VERIZO~1.EXE
mRun: [Dell Photo AIO Printer 922] "c:\program files\dell photo aio printer 922\dlbtbmgr.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: ajilonprofinder.com\ak3
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161451461109
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/games/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\norton internet security\engine\16.5.0.135\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - SABShellExecuteHook Class

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-4-23 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-4-23 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-4-23 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090810.001\IDSXpx86.sys [2009-8-12 276344]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-7-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-7-28 72944]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-4-23 115560]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-23 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090812.033\NAVENG.SYS [2009-8-12 87888]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090812.033\NAVEX15.SYS [2009-8-12 875728]
S2 navapsvc;Norton AntiVirus Auto-Protect Service;"c:\program files\norton internet security\norton antivirus\navapsvc.exe" --> c:\program files\norton internet security\norton antivirus\navapsvc.exe [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-7-28 7408]

============== File Associations ===============

regfile=*** no open command defined ***

=============== Created Last 30 ================

2009-08-12 20:33 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-12 20:32 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 17:57 <DIR> --d----- c:\docume~1\cindyb~1\applic~1\Malwarebytes
2009-08-04 17:57 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-04 17:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-04 17:57 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-04 17:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-02 20:24 <DIR> --d----- c:\program files\Trend Micro
2009-08-02 17:07 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-08-02 17:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-08-01 22:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-01 22:41 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-08-01 22:41 <DIR> --d----- c:\docume~1\cindyb~1\applic~1\SUPERAntiSpyware.com
2009-08-01 22:39 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-30 10:12 <DIR> --d----- c:\docume~1\cindyb~1\applic~1\Clip Art Collection
2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll

==================== Find3M ====================

2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-19 18:48 11,067,392 a------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-16 17:54 35,968 a------- c:\docume~1\cindyb~1\applic~1\GDIPFONTCACHEV1.DAT
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 13:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 13:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 13:09 206,848 a------- c:\windows\system32\dllcache\occache.dll
2009-07-03 13:09 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 13:09 55,296 a------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 13:09 1,985,536 a------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 13:09 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 13:09 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 13:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 13:09 386,048 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 07:01 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 08:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 10:13 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 09:19 2,066,432 -------- c:\windows\system32\dllcache\mstscax.dll
2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-10 02:14 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 15:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2008-03-22 14:19 1,588,120 a------- c:\program files\YaptaSetup_v2_1_5.exe
2006-03-29 20:05 389,120 a------- c:\documents and settings\cin2\remote.exe
2008-09-21 18:33 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092120080922\index.dat

============= FINISH: 8:12:27.07 ===============

Attached Files


Edited by farbar, 17 August 2009 - 11:54 PM.


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:26 PM

Posted 17 August 2009 - 01:30 PM

Hi cin2,

Thanks for waiting and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.

I see from the log you are using a registry cleaner (RegCure). Here at BC we do not recommend using registry cleaners as it might irreversibly damage your computer.

Please perform all the steps fully and in the order they are written:
  • Please enable System Restore if it is still disabled. Having an infected Restore point does no harm as far as you don't use the System Restore. But you have the option of restoring the system if something goes wrong. We will make a clean restore point later on and flush the older ones.

  • You have the program Spybot S&D (Teatimer option) running on your machine. We need to disable TeaTimer so it does not interfere with the fixes we are about to do. This will only take a few seconds.
    • First disable TeaTimer:
      • Run Spybot-S&D
      • Go to the Mode menu, and make sure Advanced Mode is selected
      • On the left hand side, choose Tools -> Resident
      • Uncheck Resident TeaTimer and OK any prompts
      • Restart your computer.
      Instruction is also here: How to disable TeaTimer during HijackThis Cleanup

      Note:If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

    • Then download ResetTeaTimer.exe to your desktop. (In case you use Firefox, rightclick the link and choose "Save Link As").
      • Doubleclick ResetTeaTimer.exe and let it run.
    Note: The Teatimer should be kept disabled until I give you the clean sign.


  • I see from the log a proxy server is set. Do you have set IE to use a proxy server? In case you have not set a proxy yourself make sure of the following:

    Open Internet Explorer. When it is open click on Tools and then Internet Options. Then click on the Connections tab and then press the LAN Settings button.

    The following items should be unchecked:
    • Automatically detect settings
    • Use a proxy server for your LAN
  • Please download the attached file-assoc.zip file to your desktop (in Internet Explorer: right-click the attached file, select Save Target As)
    • Unzip it to your desktop.
    • Go to Start > Run type in regedit and click OK.
    • In the open window under File menu click Import.
    • Select fix.reg from desktop then click Open.
    • You should get a merged successfully message.
  • Open a notepad (Start > Run and type in Notepad ) make sure the wordwrap under Format menu is not selected.
    Copy and paste the text in code box into it.

    Windows Registry Editor Version 5.00
    
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Connection Wizard]
    "ShellNext"=-
    
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Connection Wizard]
    "ShellNext"="http://windowsupdate.microsoft.com/"
    "Completed"=hex:01,00,00,00
    • Save the file to the desktop as regfix.reg
    • Make sure the Save as type field says All files.
    • Locate regfix.reg on the desktop and double-click on it and confirm.
    • A window pops up asking if you are sure to add the file to the registry. Click Yes.
    • You get another window popup saying that regfix.reg successfully added to the registry.
    Note: You have to turn off any registry protector software you have in order the changes to be taken place.

  • Please run Hijackthis. Click Do a system scan and save a logfile then copy and paste the content of the log to your reply.


#5 cin2

cin2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 17 August 2009 - 03:47 PM

Thanks, farbar. I was zipping along fine until step 4. Either I'm blind or you forgot to attach the file.

Should I deinstall RegEdit, or will it be useful later? And you said to turn off any registry protector s/w...do I have any other than RegEdit? Thanks.

cin2

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:26 PM

Posted 17 August 2009 - 04:00 PM

I'm sorry cin2, just forgot to attach the file. Here it comes.

I meant RegCure and yes you may uninstall it. CCleaner has a registry cleaner, which should not be used except when you know what you are doing.

By registry protectors I meant some security programs protecting registry changes. Usually you get notified of registry changes or the registry fixes just won't merge with the registry. When you apply the regfix you will notice if you get any notification.

#7 cin2

cin2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 17 August 2009 - 04:38 PM

All set, farbar. The hijackthis log is below. FYI, since I can't go online, I'm using a flash drive to transfer these downloads back and forth from a laptop, so let me know if the coast is ever clear for me to try to get them online from my PC. I know one thing is working better, though, because every time I'd eject the flash drive from my PC, it would show three of them. Now there's only one. One small step back to reality. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:38 PM, on 8/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://ak3.ajilonprofinder.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...oad/tgctlcm.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161451461109
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8953 bytes

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:26 PM

Posted 17 August 2009 - 05:00 PM

Well done and thanks for the feedback.

You need to get on line after performing the first step with Hijackthis fix. The subsequent steps would be meaningful only if you are connected to internet.
  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab


    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • Open your Malwarebytes' Anti-Malware, first update it via Update tab, run a "quick scan", let reboot if needed and copy/paste the log to your reply.

    Note: The logs are saved by default under the Logs tab. If the log did not automatically open you can obtain the latest log from there.

  • Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:


    @echo off
    >Log1.txt (
    ipconfig /all
    nslookup google.com
    nslookup yahoo.com
    ping -n 2 google.com
    ping -n 2 yahoo.com
    route print
    )
    start Log1.txt
    del %0
    • Go to the File menu at the top of the Notepad and select Save as.
    • Select save in: desktop
    • Fill in File name: test.bat
    • Save as type: All file types (*.*)
    • Click save.
    • Close the Notepad.
    • Locate and double-click tast.bat on the desktop.
    • A notepad opens, copy and paste the content it (log1.txt) to your reply.
  • Please run DDS and copy and paste both the logs to your reply. Tell me also how the computer is running and if you are able to get and stay on line.


#9 cin2

cin2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 17 August 2009 - 08:46 PM

Another FYI...for a while now, when I've turned on my PC there's often been a thing on the taskbar that looks like a minimized app/doc, but it's unnamed, has a generic icon, and does nothing when I click or right-click. It was there when you said to close all windows except HijackThis, but I couldn't close it.

The 3 HijackThis items were there and they're fixed.

Anti-Malware updated OK, but when I went online to come here, it did the same thing it has been...to my home page (Yahoo), refreshes, tries to refresh again, fails, goes to error page. Once I get to a "safe" site like this, though, I'm fine for a while.

Thanks, farbar.

=============================

Malwarebytes' Anti-Malware 1.40
Database version: 2644
Windows 5.1.2600 Service Pack 3

8/17/2009 9:20:51 PM
mbam-log-2009-08-17 (21-20-51).txt

Scan type: Quick Scan
Objects scanned: 89946
Time elapsed: 8 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Windows IP Configuration



Host Name . . . . . . . . . . . . : D1122081

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : myhome.westell.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : myhome.westell.com

Description . . . . . . . . . . . : Intelģ PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-13-20-5C-82-41

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.46

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

192.168.1.1

Lease Obtained. . . . . . . . . . : Monday, August 17, 2009 8:49:25 PM

Lease Expires . . . . . . . . . . : Tuesday, August 18, 2009 8:49:25 PM

Server: dslrouter
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.45.100, 74.125.67.100, 74.125.127.100

Server: dslrouter
Address: 192.168.1.1

Name: yahoo.com
Addresses: 69.147.114.224, 209.131.36.159, 209.191.93.53



Pinging google.com [74.125.45.100] with 32 bytes of data:



Reply from 74.125.45.100: bytes=32 time=38ms TTL=48

Reply from 74.125.45.100: bytes=32 time=39ms TTL=48



Ping statistics for 74.125.45.100:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 38ms, Maximum = 39ms, Average = 38ms



Pinging yahoo.com [69.147.114.224] with 32 bytes of data:



Reply from 69.147.114.224: bytes=32 time=22ms TTL=54

Reply from 69.147.114.224: bytes=32 time=23ms TTL=54



Ping statistics for 69.147.114.224:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 22ms, Maximum = 23ms, Average = 22ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 20 5c 82 41 ...... Intelģ PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.46 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.46 192.168.1.46 20
192.168.1.0 255.255.255.0 192.168.1.46 192.168.1.46 20
192.168.1.46 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.46 192.168.1.46 20
224.0.0.0 240.0.0.0 192.168.1.46 192.168.1.46 20
255.255.255.255 255.255.255.255 192.168.1.46 192.168.1.46 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None


~~~~~~~~~~~~~~~~~~~


DDS (Ver_09-07-30.01) - NTFSx86
Run by xxxxxxxx at 21:41:11.35 on Mon 08/17/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.128 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\cin2\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mSearch Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\norton internet security\engine\16.5.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\norton internet security\engine\16.5.0.135\IPSBHO.DLL
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\norton internet security\engine\16.5.0.135\coIEPlg.dll
TB: {F5735C15-1FB2-41FE-BA12-242757E69DDE} - No File
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
uRun: [dla] c:\windows\system32\dla\tfswctrl.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DLBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBTtime.dll,_RunDLLEntry@16
mRun: [A Verizon App] c:\progra~1\verizo~1\helpsu~1\VERIZO~1.EXE
mRun: [Dell Photo AIO Printer 922] "c:\program files\dell photo aio printer 922\dlbtbmgr.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: ajilonprofinder.com\ak3
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161451461109
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\norton internet security\engine\16.5.0.135\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - SABShellExecuteHook Class

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-4-23 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-4-23 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-4-23 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090810.001\IDSXpx86.sys [2009-8-12 276344]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-7-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-7-28 72944]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-4-23 115560]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-23 101936]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-8-4 38160]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090817.024\NAVENG.SYS [2009-8-17 87888]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090817.024\NAVEX15.SYS [2009-8-17 875728]
S2 navapsvc;Norton AntiVirus Auto-Protect Service;"c:\program files\norton internet security\norton antivirus\navapsvc.exe" --> c:\program files\norton internet security\norton antivirus\navapsvc.exe [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-7-28 7408]

=============== Created Last 30 ================

2009-08-12 20:33 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-12 20:32 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 17:57 <DIR> --d----- c:\docume~1\cindyb~1\applic~1\Malwarebytes
2009-08-04 17:57 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-04 17:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-04 17:57 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-04 17:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-02 20:24 <DIR> --d----- c:\program files\Trend Micro
2009-08-02 17:07 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-08-02 17:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-08-01 22:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-01 22:41 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-08-01 22:41 <DIR> --d----- c:\docume~1\cindyb~1\applic~1\SUPERAntiSpyware.com
2009-08-01 22:39 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-30 10:12 <DIR> --d----- c:\docume~1\cindyb~1\applic~1\Clip Art Collection

==================== Find3M ====================

2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-19 18:48 11,067,392 a------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-16 17:54 35,968 a------- c:\docume~1\cindyb~1\applic~1\GDIPFONTCACHEV1.DAT
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 13:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 13:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 13:09 206,848 a------- c:\windows\system32\dllcache\occache.dll
2009-07-03 13:09 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 13:09 55,296 a------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 13:09 1,985,536 a------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 13:09 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 13:09 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 13:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 13:09 386,048 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 07:01 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 08:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 10:13 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 09:19 2,066,432 -------- c:\windows\system32\dllcache\mstscax.dll
2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-10 02:14 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 15:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2008-03-22 14:19 1,588,120 a------- c:\program files\YaptaSetup_v2_1_5.exe
2006-03-29 20:05 389,120 a------- c:\documents and settings\cin2\remote.exe
2008-09-21 18:33 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092120080922\index.dat

============= FINISH: 21:42:29.90 ===============

Attached Files


Edited by farbar, 17 August 2009 - 11:55 PM.


#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:26 PM

Posted 18 August 2009 - 12:54 AM

The logs are not showing any malicious/suspicious activity. Your computer can connect to internet fine and those IP/router settings are all OK. We will attend to the icon on the taskbar later on.
  • I see an error on the log about Norton Auto Protect service not starting because its file is missing. The same problem is confirmed by DDS and Hijachthis log. Before anything we need to repair Norton if it is corrupted.

    Please use the explorer (right-click Start and select Explore) to see if the file in bold exists: c:\program files\norton internet security\norton antivirus\navapsvc.exe

    In case it is not there you may go to Add/Remove programs in the Control Panel and do a repair install of Norton. You may update Norton right away after doing the repair install.

  • Please reboot the computer, see if the problem sill exist. Also copy and paste a fresh Hijackthis log to your reply.


#11 cin2

cin2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 18 August 2009 - 07:04 PM

Farbar, it's still not working. I have the same problem online that Iíve had all along. It goes to a site for a few seconds, refreshes once, tries to refresh again, then goes to the error page. The Norton file wasn't there, and it was hellish reinstalling it but I did. Restarted, but it still isnít working.

The flash drive is displaying in three's again. HijackThis log below. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:00:19 PM, on 8/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://ak3.ajilonprofinder.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...oad/tgctlcm.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161451461109
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8707 bytes

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:26 PM

Posted 19 August 2009 - 01:31 AM

The Norton file wasn't there, and it was hellish reinstalling it but I did. Restarted, but it still isnít working.


Did you do a repair reinstall or did you uninstall then reinstall it?
Anyway the Hijackthis log shows the file is still missing:

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)

We will attend to this later on.

*******************************************
*******************************************

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.

#13 cin2

cin2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 19 August 2009 - 05:49 PM

Farbar, a repair install wasn't an option for me with Norton. All I could do was uninstall it. I checked their site first, and they confirmed. So I uninstalled and then reinstalled it. Log is below. Thanks.



ComboFix 09-08-18.03 - xxxxxxxx 08/19/2009 7:56.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.189 [GMT -4:00]
Running from: c:\documents and settings\xxxxxxxx\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\xxxxxxxx\Desktop\norton setup.exe
c:\windows\Installer\5b514.msi

Infected copy of c:\windows\system32\mspmsnsv.dll was found and disinfected
Restored copy from - c:\windows\system32\dllcache\MsPMSNSv.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-19 to 2009-08-19 )))))))))))))))))))))))))))))))
.

2009-08-18 23:50 . 2009-08-18 23:50 -------- d-----r- c:\program files\Norton Support
2009-08-18 23:29 . 2009-08-18 23:29 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-08-18 23:29 . 2009-08-18 23:29 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-08-18 23:29 . 2009-08-18 23:29 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-08-18 23:29 . 2009-08-18 23:29 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-08-18 23:28 . 2009-08-18 23:28 -------- d-----w- c:\windows\system32\drivers\NIS
2009-08-18 23:28 . 2009-08-18 23:28 -------- d-----w- c:\program files\Windows Sidebar
2009-08-18 23:27 . 2009-08-18 23:27 -------- d-----w- c:\program files\NortonInstaller
2009-08-13 00:32 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 20:22 . 2009-08-09 01:59 -------- d-----w- c:\docume~1\CINDYB~1\APPLIC~1\U3
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 21:57 . 2009-08-04 21:57 -------- d-----w- c:\docume~1\CINDYB~1\APPLIC~1\Malwarebytes
2009-08-04 21:57 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-04 21:57 . 2009-08-04 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-04 21:57 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-04 21:57 . 2009-08-18 00:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 00:24 . 2009-08-03 00:24 -------- d-----w- c:\program files\Trend Micro
2009-08-02 23:42 . 2009-08-02 23:42 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-02 21:07 . 2009-08-02 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-02 21:07 . 2009-08-02 21:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-02 02:42 . 2009-08-02 02:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-02 02:41 . 2009-08-02 02:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-02 02:41 . 2009-08-02 02:41 -------- d-----w- c:\docume~1\CINDYB~1\APPLIC~1\SUPERAntiSpyware.com
2009-08-02 02:39 . 2009-08-02 02:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-30 14:12 . 2009-08-02 16:37 -------- d-----w- c:\docume~1\CINDYB~1\APPLIC~1\Clip Art Collection

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 01:50 . 2007-05-18 23:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-19 00:35 . 2005-07-27 00:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-18 23:29 . 2005-07-27 00:15 -------- d-----w- c:\program files\Symantec
2009-08-18 23:29 . 2009-04-24 00:09 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-18 23:29 . 2009-04-24 00:09 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-18 23:29 . 2005-07-27 00:15 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-08-18 23:29 . 2005-07-27 00:15 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-18 23:29 . 2009-08-19 11:47 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090818.021\EECTRL.SYS
2009-08-18 23:29 . 2009-08-19 11:47 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090818.021\ERASER.SYS
2009-08-18 23:29 . 2009-08-19 11:47 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090818.021\CCERASER.DLL
2009-08-18 23:28 . 2009-04-23 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-08-18 23:28 . 2005-07-27 00:17 -------- d-----w- c:\program files\Norton Internet Security
2009-08-18 23:28 . 2005-07-27 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-18 23:28 . 2009-04-23 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-18 08:00 . 2009-08-19 11:47 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090818.021\NAVENG.SYS
2009-08-18 08:00 . 2009-08-19 11:47 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090818.021\ECMSVR32.DLL
2009-08-18 08:00 . 2009-08-19 11:47 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090818.021\NAVENG32.DLL
2009-08-18 08:00 . 2009-08-19 11:47 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090818.021\NAVEX32A.DLL
2009-08-18 08:00 . 2009-08-19 11:47 1323696 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090818.021\NAVEX15.SYS
2009-08-05 09:01 . 2004-08-10 17:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 01:22 . 2009-06-30 02:05 -------- d-----w- c:\program files\XoftSpySE
2009-07-17 19:01 . 2004-08-10 17:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 00:06 . 2009-07-10 02:18 -------- d-----w- c:\docume~1\CINDYB~1\APPLIC~1\IObit
2009-07-13 14:08 . 2004-08-10 17:51 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-12 05:15 . 2009-08-19 11:47 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\Scxpx86.dll
2009-07-12 05:15 . 2009-08-19 11:47 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSxpx86.dll
2009-07-12 05:15 . 2009-08-19 11:47 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSviA64.sys
2009-07-12 05:15 . 2009-08-19 11:47 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys
2009-07-12 05:15 . 2009-08-19 11:47 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys
2009-07-12 05:15 . 2009-08-19 11:47 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-07-12 05:15 . 2009-08-19 11:47 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-07-12 05:15 . 2009-08-19 11:47 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-07-12 05:15 . 2009-08-19 11:47 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-07-12 05:15 . 2009-08-19 11:47 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-07-11 22:58 . 2005-08-01 13:32 35968 ----a-w- c:\documents and settings\xxxxxxxx\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-11 00:23 . 2009-07-11 00:23 -------- d-----w- c:\docume~1\CINDYB~1\APPLIC~1\EA
2009-07-11 00:21 . 2009-02-07 00:28 -------- d-----w- c:\program files\Oberon Media
2009-07-10 02:18 . 2009-07-10 02:18 -------- d-----w- c:\program files\IObit
2009-07-10 01:51 . 2005-07-27 00:05 -------- d-----w- c:\program files\Sonic
2009-07-09 12:56 . 2005-07-27 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\GTek
2009-07-09 12:52 . 2008-03-05 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft
2009-07-09 12:52 . 2008-03-05 18:26 -------- d-----w- c:\program files\Dell Support Center
2009-07-09 12:52 . 2006-03-28 23:41 -------- d-----w- c:\program files\Common Files\SupportSoft
2009-07-06 21:25 . 2009-07-06 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-06 21:25 . 2009-07-06 01:52 -------- d-----w- c:\program files\NOS
2009-07-06 02:09 . 2005-08-02 00:16 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-06 02:00 . 2009-07-06 02:00 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-06 01:53 . 2009-07-06 01:53 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-07-03 17:09 . 2004-08-10 17:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-30 18:03 . 2009-06-30 18:03 -------- d-----w- c:\docume~1\CINDYB~1\APPLIC~1\InterTrust
2009-06-30 17:07 . 2009-06-30 02:28 -------- d-----w- c:\program files\RegistryPatrol3.0
2009-06-16 14:36 . 2004-08-10 17:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-10 17:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2004-08-10 17:51 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-10 17:50 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2004-08-10 18:01 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-10 17:51 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-10 17:51 1291264 ----a-w- c:\windows\system32\quartz.dll
2008-03-22 18:19 . 2008-03-22 18:19 1588120 ----a-w- c:\program files\YaptaSetup_v2_1_5.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-10 69632]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-11 290816]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager 2.0.lnk]
backup=c:\windows\pss\HotSync Manager 2.0.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo! Games\\BeTrapped!\\BeTrapped.exe"=
"c:\\Program Files\\Yahoo Games!\\Emperor's Mahjong\\Mahjong.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SymEFA.sys [8/18/2009 7:29 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys [8/18/2009 7:29 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.087\cchpx86.sys [8/18/2009 7:29 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys [8/19/2009 7:47 AM 276344]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/28/2009 10:53 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/28/2009 10:53 AM 72944]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [8/18/2009 7:29 PM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/18/2009 7:44 PM 101936]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [7/28/2009 10:53 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-08-19 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]

2009-08-18 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-07-27 17:24]

2009-08-19 c:\windows\Tasks\User_Feed_Synchronization-{D2258F60-D2F6-439B-9025-66A62A991869}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

2009-08-19 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2009-06-24 18:02]

2009-08-05 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2009-06-24 18:02]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: ajilonprofinder.com\ak3
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-19 08:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1501311985-2438903644-918921551-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\NavLogon.dll

- - - - - - - > 'explorer.exe'(1892)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\progra~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
c:\program files\Dell Photo AIO Printer 922\dlbtbmon.exe
c:\program files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
c:\program files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-19 8:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-19 12:12

Pre-Run: 60,760,293,376 bytes free
Post-Run: 60,918,784,000 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut

235 --- E O F --- 2009-08-13 02:31

#14 cin2

cin2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 20 August 2009 - 07:15 AM

I'll be away for a long weekend, so I'll get back to this on Sunday or Monday. Thanks again, farbar.

cin2

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:26 PM

Posted 20 August 2009 - 04:15 PM

Hope you have enjoyed the weekend and thanks for letting me know.:thumbup2:

We need to do some scans. But since IE might not be stable we are going to install Firefox. It will not take much time or space and later on you can keep it or easily uninstall it.
  • Please Download Firefox from its official site and save it.
    Install application. When it asks to import data from Internet Explorer uncheck the option.

  • Using Firefox I'd like us to scan your machine with ESET OnlineScan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the Posted Image button.
      • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the Posted Image icon on your desktop.
    • Check Posted Image
    • Click the Posted Image button.
    • Accept any security warnings from your browser.
    • Check Posted Image
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push Posted Image
    • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the Posted Image button.
    • Push Posted Image
  • Download RootRepeal.exe from one of these download locations and save it to your desktop:
    http://download.bleepingcomputer.com/rootr.../RootRepeal.exe
    http://ad13.geekstogo.com/RootRepeal.exe
    http://rootrepeal.psikotick.com/RootRepeal.exe
    • Open Posted Image on your desktop.
    • Click the Posted Image tab.
    • Click the Posted Image button.
    • Check all seven boxes: Posted Image
    • Click Ok.
    • Check the box for your main system drive (Usually C:), and press Ok.
    • Allow RootRepeal to run a scan of your system. This may take some time.
    • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users