vundofix only worked alittle, now a dll files is missing and computer is ve

moco123 · 2008/08/22

--------------------------------------------------------------------------------

hijack file follows

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:47 PM, on 8/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://helpint.mywebsearch.com/intli...tallinfo.jhtml
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe "
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [minitnyus] C:\WINDOWS\system32\inf\svchosd.exe C:\WINDOWS\wftadfi16_080819a.dll tanlt88
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1123105130339
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11465 bytes

Geri · 2008/08/22

Hi moco123
Welcome.

Please do this.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

Close all open programs and windows

Double click combofix.exe and follow the prompts.

Vista users right click Combofix.exe and select Run As Administrator.

When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Note - ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.

Thanks
Geri

moco123 · 2008/08/25

combo fix, like I said after 3 days of work with internet and your posts I have removed screen that started the whole thing and all programs say it is not there, but the computer runs VERY SLOW. I have cleaned the temp file, run a defrag, not sure what else to do

thanks for you help

Geri · 2008/08/25

Hi
Did you run combofix? If so you need to post the log it created.
It should be located here.
C:\combofix.txt

Geri

moco123 · 2008/08/25

ComboFix 08-08-24.03 - Caitlin Opperman 2008-08-25 14:45:04.1 - NTFSx86
Running from: C:\Documents and Settings\Caitlin Opperman\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\~Forever Charmed~\Application Data\FunWebProducts
C:\Documents and Settings\~Forever Charmed~\Application Data\FunWebProducts\Data\~Forever Charmed~\avatar.dat
C:\Documents and Settings\~Forever Charmed~\Application Data\FunWebProducts\Data\~Forever Charmed~\zbucks.dat
C:\Documents and Settings\~Forever Charmed~\Application Data\macromedia\Flash Player\#SharedObjects\65JRXHKG\interclick.com
C:\Documents and Settings\~Forever Charmed~\Application Data\macromedia\Flash Player\#SharedObjects\65JRXHKG\interclick.com\ud.sol
C:\Documents and Settings\~Forever Charmed~\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\~Forever Charmed~\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\~Forever Charmed~\Cookies\~forever_charmed~@insightexpressai[2].txt
C:\Documents and Settings\Caitlin Opperman\Application Data\macromedia\Flash Player\#SharedObjects\BABRA7ZD\interclick.com
C:\Documents and Settings\Caitlin Opperman\Application Data\macromedia\Flash Player\#SharedObjects\BABRA7ZD\interclick.com\ud.sol
C:\Documents and Settings\Caitlin Opperman\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Caitlin Opperman\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\atsxyzd.sys
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\dbi102.dll
C:\WINDOWS\system32\inf\svchosd.exe
C:\WINDOWS\system32\macidwe.exe
C:\WINDOWS\system32\mywfhit.ini
C:\WINDOWS\system32\mywfhit.ini.tmp
C:\WINDOWS\system32\Nobicyt.exe
C:\WINDOWS\system32\sobicyt.exe
C:\WINDOWS\system32\tdxdowkc.exe
C:\WINDOWS\system32\tmpacj0.exe
C:\WINDOWS\tawisys.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFINDING
-------\Legacy_MACIDWE
-------\Legacy_PERFS
-------\Legacy_ROUTING
-------\Legacy_SEICTRL
-------\Legacy_SOBICYT
-------\Legacy_TDXDOWKC
-------\Legacy_WSERVING

((((((((((((((((((((((((( Files Created from 2008-07-25 to 2008-08-25 )))))))))))))))))))))))))))))))
.

2008-08-22 06:52 . 2008-08-22 06:52 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-22 06:52 . 2008-08-22 06:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-22 06:51 . 2008-08-22 06:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-21 22:40 . 2008-08-21 22:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-20 17:14 . 2008-08-20 17:14 <DIR> d-------- C:\Documents and Settings\Caitlin Opperman\Application Data\Malwarebytes
2008-08-20 17:13 . 2008-08-21 16:30 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-20 17:13 . 2008-08-20 17:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-20 17:13 . 2008-08-17 15:05 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-20 17:13 . 2008-08-17 15:05 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-20 11:13 . 2008-08-20 11:13 <DIR> d-------- C:\VundoFix Backups
2008-08-20 09:42 . 2008-08-20 09:42 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-08-20 09:40 . 2008-08-20 09:43 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-08-20 09:35 . 2008-08-24 20:24 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-08-20 09:35 . 2008-08-24 20:24 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-08-20 09:35 . 2008-08-24 20:24 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-08-20 09:35 . 2008-08-24 20:24 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-08-20 08:17 . 2008-08-20 08:22 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-08-20 08:17 . 2008-08-25 14:43 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-20 08:17 . 2008-07-28 11:29 160,792 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-08-20 08:16 . 2008-08-25 14:43 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-08-20 08:16 . 2008-08-20 08:16 <DIR> d-------- C:\Documents and Settings\Caitlin Opperman\Application Data\PC Tools
2008-08-20 08:16 . 2008-08-20 08:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-08-20 08:16 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-20 08:16 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-20 08:16 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-20 08:16 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-20 00:39 . 2008-08-20 00:42 63,488 --a------ C:\WINDOWS\system32\db820.exe
2008-08-19 20:12 . 2008-08-20 07:53 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-08-19 19:18 . 2008-08-19 19:18 <DIR> d-------- C:\Documents and Settings\Caitlin Opperman\Application Data\Lavasoft
2008-08-19 16:57 . 2008-08-19 16:57 <DIR> d-------- C:\Documents and Settings\Caitlin Opperman\Application Data\AdobeUM
2008-08-16 16:02 . 2008-08-25 14:45 <DIR> d-------- C:\WINDOWS\system32\inf
2008-08-12 16:46 . 2008-05-01 08:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-10 14:21 . 2008-08-10 14:21 <DIR> d-------- C:\Documents and Settings\Caitlin Opperman\Application Data\Ulead Systems
2008-08-09 14:46 . 2008-08-09 14:46 <DIR> d---s---- C:\Documents and Settings\Caitlin Opperman\UserData
2008-07-27 20:23 . 2008-07-27 20:23 230 --a------ C:\WINDOWS\system32\spupdsvc.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-25 21:11 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-25 02:25 --------- d-----w C:\Program Files\Symantec
2008-08-22 11:58 --------- d-----w C:\Documents and Settings\Lourdes Opperman\Application Data\Lavasoft
2008-08-20 22:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-20 15:48 --------- d-----w C:\Documents and Settings\Caitlin Opperman\Application Data\Symantec
2008-08-20 14:13 --------- d-----w C:\Program Files\Norton SystemWorks
2008-08-20 14:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-20 14:01 --------- d-----w C:\Program Files\Canon
2008-08-20 00:54 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-08-13 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-07-30 23:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 23:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 23:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-07-14 23:06 --------- d-----w C:\Documents and Settings\Caitlin Opperman\Application Data\Apple Computer
2008-07-14 22:46 --------- d-----w C:\Program Files\QuickTime
2008-07-14 22:44 --------- d-----w C:\Program Files\Apple Software Update
2008-07-13 04:17 --------- d-----w C:\Program Files\Google
2008-07-13 04:15 --------- d-----w C:\Program Files\WildTangent
2008-07-13 04:14 --------- d-----w C:\Program Files\Real
2008-07-13 04:14 --------- d-----w C:\Program Files\Common Files\Real
2008-07-13 04:02 --------- d-----w C:\Program Files\MSN Games
2008-07-13 03:51 --------- d-----w C:\Program Files\Dell Support Center
2008-07-13 03:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-07-13 03:50 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-07-13 03:49 --------- d-----w C:\Program Files\Autodesk
2008-07-13 03:48 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-07-13 03:43 --------- d--h--w C:\Documents and Settings\Caitlin Opperman\Application Data\GTek
2008-07-13 03:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-13 01:02 --------- d-----w C:\Program Files\AOL Games
2008-07-12 19:09 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-11 19:41 --------- d-----w C:\Documents and Settings\~Forever Charmed~\Application Data\Apple Computer
2008-07-11 19:29 --------- d-----w C:\Program Files\iTunes
2008-07-11 19:28 --------- d-----w C:\Program Files\iPod
2004-06-08 20:51 278,528 ----a-w C:\Program Files\internet explorer\plugins\PanoViewer.dll
2004-06-08 20:51 143,360 ----a-w C:\Program Files\internet explorer\plugins\UPjpeg.dll
2008-05-20 16:12 56 --sh--r C:\WINDOWS\system32\0F66E63E71.sys
2008-05-20 16:12 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"DellSupportCenter "= "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-07 09:57 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2004-11-30 22:05 4636672]
"dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 00:05 127035]
"AppleSyncNotifier "= "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"dscactivate "= "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"DellSupportCenter "= "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 17:47 51048]
"osCheck "= "C:\Program Files\Norton Internet Security\osCheck.exe" [2008-02-06 22:49 718704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector "= "C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 15:18 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 15:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Community Tools
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2005-03-04 10:26 606208 C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 15:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 22:11 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2004-10-30 13:59 385024 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 15:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 15:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-10 10:51 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-09-14 07:50 53248 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2004-09-14 07:50 131072 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 10:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
--a------ 2007-12-10 14:35 323216 C:\Program Files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2004-04-11 19:15 290816 C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-10-23 15:18 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2003-11-19 16:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-07 09:57 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2004-11-30 22:05 921600 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\Symantec\\LiveUpdate\\LUALL.EXE "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe "=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"C:\\Program Files\\Napster\\napster.exe "=
"C:\\Program Files\\iTunes\\iTunes.exe "=

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-07-28 11:29]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 17:47]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 17:42]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-08-22 C:\WINDOWS\Tasks\Internet Explorer.job
- C:\PROGRA~1\INTERN~1\iexplore.exe [2004-08-04 04:00]

2008-08-20 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Caitlin Opperman.job
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 06:05]

2008-08-25 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE []
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AcctMgr - C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
MSConfigStartUp-RealTray - C:\Program Files\Real\RealPlayer\RealPlay.exe
MSConfigStartUp-SpySweeper - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
MSConfigStartUp-Symantec NetDriver Monitor - C:\PROGRA~1\SYMNET~1\SNDMon.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://www.dell4me.com/mywaybiz
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://helpint.mywebsearch.com/intlinfo/uninstallinfo.jhtml
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 -: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
O15 -: Trusted Zone: download.bleepingcomputer.com
O15 -: Trusted Zone: *.download.com
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-25 15:14:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-08-25 15:24:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-25 21:24:16

Pre-Run: 23,471,714,304 bytes free
Post-Run: 23,975,550,976 bytes free

299 --- E O F --- 2008-08-21 22:48:59

Geri · 2008/08/25

Hi moco123
OK. please post a new HJT log

Also please do this.

Please go to Jotti's malware scan

Copy and paste the following file path into *the * "File to upload & scan "box on the top of the page: one at a time

C:\WINDOWS\system32\inf\svchosd.exe
C:\WINDOWS\wftadfi16_080819a.dll

Click on the submit button

Please post the results in your next reply.

Please post the Jotti results and a New HJT log.

Thanks
Geri

moco123 · 2008/08/25

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, August 25, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, August 25, 2008 14:15:15
Records in database: 1144482
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Folder:

Scan statistics:
Files scanned: 95443
Threat name: 7
Infected objects: 8
Suspicious objects: 0
Duration of the scan: 02:11:51

File name / Threat name / Threats count
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\368F4817.sys Infected: Email-Worm.Win32.Zhelatin.vl 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\434D00A3.sys Infected: Email-Worm.Win32.Zhelatin.vl 1
C:\QooBox\Quarantine\C\WINDOWS\system32\dbi102.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.srvj 1
C:\QooBox\Quarantine\C\WINDOWS\system32\Nobicyt.exe.vir Infected: Trojan.Win32.Agent.zqg 1
C:\QooBox\Quarantine\C\WINDOWS\system32\sobicyt.exe.vir Infected: Trojan.Win32.Agent.zql 1
C:\QooBox\Quarantine\C\WINDOWS\system32\tdxdowkc.exe.vir Infected: Trojan.Win32.Agent.zqi 1
C:\WINDOWS\system32\db820.exe Infected: Trojan-Downloader.Win32.Delf.mfy 1
C:\WINDOWS\system32\edbvfct.sys Infected: Trojan-Clicker.Win32.VB.bsv 1

The selected area was scanned.

moco123 · 2008/08/25

jotti

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

moco123 · 2008/08/25

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:39 PM, on 8/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://helpint.mywebsearch.com/intlinfo/uninstallinfo.jhtml
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: download.bleepingcomputer.com
O15 - Trusted Zone: *.download.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123105130339
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11603 bytes

moco123 · 2008/08/25

ComboFix 08-08-24.03 - Caitlin Opperman 2008-08-25 20:24:03.2 - NTFSx86
Running from: C:\Documents and Settings\Caitlin Opperman\Desktop\ComboFix.exe
Command switches used :: \u

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-26 to 2008-08-26 )))))))))))))))))))))))))))))))
.

2008-08-25 16:50 . 2008-08-25 16:50 <DIR> d-------- C:\Program Files\Sun
2008-08-25 16:49 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-22 06:52 . 2008-08-22 06:52 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-22 06:52 . 2008-08-22 06:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-22 06:51 . 2008-08-22 06:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-21 22:40 . 2008-08-21 22:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-20 17:14 . 2008-08-20 17:14 <DIR> d-------- C:\Documents and Settings\Caitlin Opperman\Application Data\Malwarebytes
2008-08-20 17:13 . 2008-08-21 16:30 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-20 17:13 . 2008-08-20 17:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-20 17:13 . 2008-08-17 15:05 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-20 17:13 . 2008-08-17 15:05 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-20 11:13 . 2008-08-20 11:13 <DIR> d-------- C:\VundoFix Backups
2008-08-20 09:42 . 2008-08-20 09:42 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-08-20 09:40 . 2008-08-20 09:43 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-08-20 09:35 . 2008-08-24 20:24 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-08-20 09:35 . 2008-08-24 20:24 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-08-20 09:35 . 2008-08-24 20:24 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-08-20 09:35 . 2008-08-24 20:24 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-08-20 08:17 . 2008-08-20 08:22 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-08-20 08:17 . 2008-08-25 14:43 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-20 08:17 . 2008-07-28 11:29 160,792 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-08-20 08:16 . 2008-08-25 14:43 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-08-20 08:16 . 2008-08-20 08:16 <DIR> d-------- C:\Documents and Settings\Caitlin Opperman\Application Data\PC Tools
2008-08-20 08:16 . 2008-08-20 08:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-08-20 08:16 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-20 08:16 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-20 08:16 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-20 08:16 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-20 00:39 . 2008-08-20 00:42 63,488 --a------ C:\WINDOWS\system32\db820.exe
2008-08-19 20:12 . 2008-08-20 07:53 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-08-19 19:18 . 2008-08-19 19:18 <DIR> d-------- C:\Documents and Settings\Caitlin Opperman\Application Data\Lavasoft
2008-08-19 16:57 . 2008-08-19 16:57 <DIR> d-------- C:\Documents and Settings\Caitlin Opperman\Application Data\AdobeUM
2008-08-16 16:02 . 2008-08-25 14:45 <DIR> d-------- C:\WINDOWS\system32\inf
2008-08-12 16:46 . 2008-05-01 08:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-10 14:21 . 2008-08-10 14:21 <DIR> d-------- C:\Documents and Settings\Caitlin Opperman\Application Data\Ulead Systems
2008-08-09 14:46 . 2008-08-09 14:46 <DIR> d---s---- C:\Documents and Settings\Caitlin Opperman\UserData
2008-07-27 20:23 . 2008-07-27 20:23 230 --a------ C:\WINDOWS\system32\spupdsvc.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-25 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-25 23:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-25 22:49 --------- d-----w C:\Program Files\Java
2008-08-25 02:25 --------- d-----w C:\Program Files\Symantec
2008-08-22 11:58 --------- d-----w C:\Documents and Settings\Lourdes Opperman\Application Data\Lavasoft
2008-08-20 15:48 --------- d-----w C:\Documents and Settings\Caitlin Opperman\Application Data\Symantec
2008-08-20 14:13 --------- d-----w C:\Program Files\Norton SystemWorks
2008-08-20 14:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-20 14:01 --------- d-----w C:\Program Files\Canon
2008-08-20 00:54 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-08-20 00:54 4,224 ----a-w C:\WINDOWS\system32\dllcache\beep.sys
2008-08-13 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-07-30 23:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 23:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 23:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-07-14 23:06 --------- d-----w C:\Documents and Settings\Caitlin Opperman\Application Data\Apple Computer
2008-07-14 22:46 --------- d-----w C:\Program Files\QuickTime
2008-07-14 22:44 --------- d-----w C:\Program Files\Apple Software Update
2008-07-13 04:17 --------- d-----w C:\Program Files\Google
2008-07-13 04:15 --------- d-----w C:\Program Files\WildTangent
2008-07-13 04:14 --------- d-----w C:\Program Files\Real
2008-07-13 04:14 --------- d-----w C:\Program Files\Common Files\Real
2008-07-13 04:02 --------- d-----w C:\Program Files\MSN Games
2008-07-13 03:51 --------- d-----w C:\Program Files\Dell Support Center
2008-07-13 03:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-07-13 03:50 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-07-13 03:49 --------- d-----w C:\Program Files\Autodesk
2008-07-13 03:48 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-07-13 03:43 --------- d--h--w C:\Documents and Settings\Caitlin Opperman\Application Data\GTek
2008-07-13 03:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-13 01:02 --------- d-----w C:\Program Files\AOL Games
2008-07-12 19:09 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-11 19:41 --------- d-----w C:\Documents and Settings\~Forever Charmed~\Application Data\Apple Computer
2008-07-11 19:29 --------- d-----w C:\Program Files\iTunes
2008-07-11 19:28 --------- d-----w C:\Program Files\iPod
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 16:12 667,136 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-23 16:12 667,136 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-06-23 16:12 618,496 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-06-23 16:12 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2008-06-23 16:12 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-06-23 16:12 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-06-23 16:12 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-06-23 16:12 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2008-06-23 16:12 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-06-23 16:11 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2008-06-23 16:11 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2008-06-23 16:11 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2008-06-23 16:11 3,067,392 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 16:11 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2008-06-23 16:11 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2008-06-23 16:11 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2008-06-23 16:11 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-06-23 16:11 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2008-06-23 16:11 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2008-06-23 09:53 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 20:45 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll
2008-06-13 20:45 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2004-06-08 20:51 278,528 ----a-w C:\Program Files\internet explorer\plugins\PanoViewer.dll
2004-06-08 20:51 143,360 ----a-w C:\Program Files\internet explorer\plugins\UPjpeg.dll
2008-05-20 16:12 56 --sh--r C:\WINDOWS\system32\0F66E63E71.sys
2008-05-20 16:12 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-08-25_15.23.49.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2003-11-19 21:36:26 24,681 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-10 07:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2003-11-19 21:36:30 28,779 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 07:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 08:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"DellSupportCenter "= "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-07 09:57 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2004-11-30 22:05 4636672]
"dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 00:05 127035]
"AppleSyncNotifier "= "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"dscactivate "= "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"DellSupportCenter "= "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 17:47 51048]
"osCheck "= "C:\Program Files\Norton Internet Security\osCheck.exe" [2008-02-06 22:49 718704]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector "= "C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 15:18 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 15:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Community Tools
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2005-03-04 10:26 606208 C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 15:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 22:11 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2004-10-30 13:59 385024 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 15:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 15:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-10 10:51 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-09-14 07:50 53248 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2004-09-14 07:50 131072 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 10:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
--a------ 2007-12-10 14:35 323216 C:\Program Files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2004-04-11 19:15 290816 C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-10-23 15:18 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2003-11-19 16:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-07 09:57 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2004-11-30 22:05 921600 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\Symantec\\LiveUpdate\\LUALL.EXE "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe "=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"C:\\Program Files\\Napster\\napster.exe "=
"C:\\Program Files\\iTunes\\iTunes.exe "=

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-07-28 11:29]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 17:47]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 17:42]

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-08-26 C:\WINDOWS\Tasks\Internet Explorer.job
- C:\PROGRA~1\INTERN~1\iexplore.exe [2004-08-04 04:00]

2008-08-26 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Caitlin Opperman.job
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 06:05]

2008-08-26 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE []
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://www.dell4me.com/mywaybiz
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://helpint.mywebsearch.com/intlinfo/uninstallinfo.jhtml
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 -: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
O15 -: Trusted Zone: download.bleepingcomputer.com
O15 -: Trusted Zone: *.download.com
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-25 20:28:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-25 20:31:21
ComboFix-quarantined-files.txt 2008-08-26 02:30:40
ComboFix2.txt 2008-08-25 21:24:30

Pre-Run: 26,760,888,320 bytes free
Post-Run: 26,793,889,792 bytes free

275 --- E O F --- 2008-08-21 22:48:59

Geri · 2008/08/25

Hi moco123

ComboFix 08-08-24.03 - Caitlin Opperman 2008-08-25 20:24:03.2 - NTFSx86
Running from: C:\Documents and Settings\Caitlin Opperman\Desktop\ComboFix.exe
Command switches used :: \u
Click to expand...

Can I ask what you did here? and why you ran combofix again?

Those files you uploaded to Jotti no longer show in your HJT log, did you delete them?

OK please do this

Empty your Nortons Quarantine folder.

Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these files (if present):

C:\WINDOWS\system32\db820.exe
C:\WINDOWS\system32\edbvfct.sys

After that, Reboot.

Run another Kaspersky scan and post the log.

Geri

Please do not do things unless asked to do so.
Thanks!

moco123 · 2008/08/26

sorry about combofix I thought i was deleting it then it ran so I posted the info, will only do what you ask. I did not delete 2 files that Jotti wanted, doing the other stuff now. I really appreciate our help

moco123 · 2008/08/26

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, August 26, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, August 26, 2008 09:56:24
Records in database: 1147847
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 95408
Threat name: 7
Infected objects: 8
Suspicious objects: 0
Duration of the scan: 02:07:15

File name / Threat name / Threats count
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\368F4817.sys Infected: Email-Worm.Win32.Zhelatin.vl 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\434D00A3.sys Infected: Email-Worm.Win32.Zhelatin.vl 1
C:\QooBox\Quarantine\C\WINDOWS\system32\dbi102.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.srvj 1
C:\QooBox\Quarantine\C\WINDOWS\system32\Nobicyt.exe.vir Infected: Trojan.Win32.Agent.zqg 1
C:\QooBox\Quarantine\C\WINDOWS\system32\sobicyt.exe.vir Infected: Trojan.Win32.Agent.zql 1
C:\QooBox\Quarantine\C\WINDOWS\system32\tdxdowkc.exe.vir Infected: Trojan.Win32.Agent.zqi 1
C:\RECYCLER\S-1-5-21-4133672218-2065159500-3795258341-1009\Dc2.exe Infected: Trojan-Downloader.Win32.Delf.mfy 1
C:\RECYCLER\S-1-5-21-4133672218-2065159500-3795258341-1009\Dc3.sys Infected: Trojan-Clicker.Win32.VB.bsv 1

The selected area was scanned.

Geri · 2008/08/26

Hi
OK good.

You should still delete what is in Nortons quarantine folder, they are not a risk, just to keep things tidy.

OK lets delete combofix, here is how.

Click Start>Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created. This action will also reset the System Restore points, removing the infected files there as well.

This is a good temp cleaner to use and I recommend to run it every week or so.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

If you don't download ATF Cleaner then empty your recycle bin.

Let me know how things are running.

Thanks
Geri

moco123 · 2008/08/26

Thanks for your help. Computer is still running sluggish. Is there anything else we should do?

Geri · 2008/08/26

Hi
Check this site and see if any of her ideas help.

Here is a web page that may help speed up your computer by miekiemoes.She has some very good suggestions.
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

Let me know.
Geri

Log in or Sign up

vundofix only worked alittle, now a dll files is missing and computer is ve

moco123 Inactive Thread Starter

Geri Inactive Alumni

moco123 Inactive Thread Starter

Geri Inactive Alumni

moco123 Inactive Thread Starter

Geri Inactive Alumni

moco123 Inactive Thread Starter

moco123 Inactive Thread Starter

moco123 Inactive Thread Starter

moco123 Inactive Thread Starter

Geri Inactive Alumni

moco123 Inactive Thread Starter

moco123 Inactive Thread Starter

Geri Inactive Alumni

moco123 Inactive Thread Starter

Geri Inactive Alumni

Share This Page

Log in or Sign up

vundofix only worked alittle, now a dll files is missing and computer is ve

moco123 Inactive Thread Starter

Geri Inactive Alumni

moco123 Inactive Thread Starter

Geri Inactive Alumni

moco123 Inactive Thread Starter

Geri Inactive Alumni

moco123 Inactive Thread Starter

moco123 Inactive Thread Starter

moco123 Inactive Thread Starter

moco123 Inactive Thread Starter

Geri Inactive Alumni

moco123 Inactive Thread Starter

moco123 Inactive Thread Starter

Geri Inactive Alumni

moco123 Inactive Thread Starter

Geri Inactive Alumni

Share This Page

Useful Searches