1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active Windows Update Redirect to Google on Dell mini

Discussion in 'Malware and Virus Removal Archive' started by kanae767q, 2009/05/23.

  1. 2009/05/23
    kanae767q

    kanae767q Inactive Thread Starter

    Joined:
    2009/05/22
    Messages:
    3
    Likes Received:
    0
    [Active] Windows Update Redirect to Google on Dell mini

    I see that a lot of people have been having this issue and that it is system specific. Here is information taken from combofix. The log is posted below. Thanks in advance for any help in trying to fix my system.


    ComboFix 09-05-22.05 - Susan Baker 05/22/2009 22:47.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.573 [GMT -4:00]
    Running from: c:\documents and settings\Susan Baker\Desktop\ComboFix.exe
    AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
    FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
    .

    ((((((((((((((((((((((((( Files Created from 2009-04-23 to 2009-05-23 )))))))))))))))))))))))))))))))
    .

    No new files created in this timespan

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-23 02:45 . 2008-12-17 06:01 -------- dc----w c:\program files\Common Files\Symantec Shared
    2009-05-23 02:23 . 2008-10-27 00:24 -------- dc----w c:\program files\GamesBar
    2009-05-23 01:11 . 2008-10-27 00:28 -------- dc--a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-03-13 04:27 . 2008-12-17 06:14 60808 -c--a-w c:\windows\system32\S32EVNT1.DLL
    2009-03-13 04:27 . 2008-12-17 06:14 124464 -c--a-w c:\windows\system32\drivers\SYMEVENT.SYS
    2008-09-30 09:23 . 2008-09-30 09:23 75 -csh--r c:\windows\CT4CET.bin
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-05-23_02.31.12 )))))))))))))))))))))))))))))))))))))))))
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-14 1343488]
    "Persistence "= "c:\windows\system32\igfxpers.exe" [2008-07-14 137752]
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
    "BTMeter "= "c:\program files\Battery Meter\BTMeter.exe" [2008-07-11 537896]
    "WLSS "= "c:\program files\Wireless Select Switch\WLSS.exe" [2008-07-11 492840]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
    "ECenter "= "c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]
    "dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
    "DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
    "ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
    "osCheck "= "c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "RTHDCPL "= "RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-07-13 16876032]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-7 600680]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2008-09-30 09:24 10536 -c--a-w c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe "=

    R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [9/30/2008 4:55 AM 9856]
    R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 3:37 PM 149352]
    R3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 10:32 PM 23888]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/4/2009 11:20 PM 101936]
    R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [9/30/2008 7:01 AM 93968]
    R3 OA004Afx;Provides a software interface to control audio effects of OA004 camera.;c:\windows\system32\drivers\OA004Afx.sys [9/30/2008 7:02 AM 148056]
    R3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\system32\drivers\OA004Ufd.sys [9/30/2008 7:02 AM 144672]
    R3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\system32\drivers\OA004Vid.sys [9/30/2008 7:02 AM 269760]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - COMHOST
    .
    Contents of the 'Scheduled Tasks' folder

    2009-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080930
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-22 22:51
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(960)
    c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

    - - - - - - - > 'explorer.exe'(3364)
    c:\windows\system32\btmmhook.dll
    .
    Completion time: 2009-05-23 22:54
    ComboFix-quarantined-files.txt 2009-05-23 02:53
    ComboFix2.txt 2009-05-23 02:36

    Pre-Run: 4,453,904,384 bytes free
    Post-Run: 4,440,367,104 bytes free

    110 --- E O F --- 2008-12-19 22:48
     
    kanae767q,
    #1
  2. 2009/05/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, remove your copy of Combofix since it's outdated....

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
     
    broni,
    #2


  3. to hide this advert.

  4. 2009/05/23
    kanae767q

    kanae767q Inactive Thread Starter

    Joined:
    2009/05/22
    Messages:
    3
    Likes Received:
    0
    Ran updated version on destop. Here is the info.

    ComboFix 09-05-23.04 - Susan Baker 05/23/2009 17:56.3 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.668 [GMT -4:00]
    Running from: c:\documents and settings\Susan Baker\Desktop\ComboFix.exe
    AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
    FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
    .

    ((((((((((((((((((((((((( Files Created from 2009-04-23 to 2009-05-23 )))))))))))))))))))))))))))))))
    .

    2009-05-23 03:13 . 2009-05-23 03:13 -------- dc----w c:\windows\Sun

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-23 21:55 . 2008-12-17 06:01 -------- dc----w c:\program files\Common Files\Symantec Shared
    2009-05-23 02:23 . 2008-10-27 00:24 -------- dc----w c:\program files\GamesBar
    2009-05-23 01:11 . 2008-10-27 00:28 -------- dc--a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-03-13 04:27 . 2008-12-17 06:14 60808 -c--a-w c:\windows\system32\S32EVNT1.DLL
    2009-03-13 04:27 . 2008-12-17 06:14 124464 -c--a-w c:\windows\system32\drivers\SYMEVENT.SYS
    2008-09-30 09:23 . 2008-09-30 09:23 75 -csh--r c:\windows\CT4CET.bin
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-05-23_02.31.12 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-05-23 21:51 . 2009-05-23 21:51 16384 c:\windows\Temp\Perflib_Perfdata_694.dat
    + 2009-05-23 21:51 . 2009-05-23 21:51 16384 c:\windows\Temp\Perflib_Perfdata_248.dat
    + 2008-04-25 20:33 . 2008-12-20 23:15 44544 c:\windows\system32\pngfilt.dll
    - 2008-04-25 20:33 . 2008-10-16 20:38 44544 c:\windows\system32\pngfilt.dll
    - 2007-08-13 23:54 . 2008-10-16 20:38 52224 c:\windows\system32\msfeedsbs.dll
    + 2007-08-13 23:54 . 2008-12-20 23:15 52224 c:\windows\system32\msfeedsbs.dll
    + 2008-04-25 20:33 . 2008-12-20 23:15 27648 c:\windows\system32\jsproxy.dll
    - 2008-04-25 20:33 . 2008-10-16 20:38 27648 c:\windows\system32\jsproxy.dll
    + 2007-08-13 23:39 . 2008-12-19 09:10 13824 c:\windows\system32\ieudinit.exe
    - 2007-08-13 23:39 . 2008-10-16 13:11 13824 c:\windows\system32\ieudinit.exe
    - 2008-04-25 20:33 . 2008-10-16 20:38 44544 c:\windows\system32\iernonce.dll
    + 2008-04-25 20:33 . 2008-12-20 23:15 44544 c:\windows\system32\iernonce.dll
    + 2008-04-25 20:33 . 2008-12-19 09:10 70656 c:\windows\system32\ie4uinit.exe
    - 2008-04-25 20:33 . 2008-10-16 13:11 70656 c:\windows\system32\ie4uinit.exe
    - 2007-08-13 23:36 . 2008-10-16 20:38 63488 c:\windows\system32\icardie.dll
    + 2007-08-13 23:36 . 2008-12-20 23:15 63488 c:\windows\system32\icardie.dll
    - 2007-08-13 23:36 . 2008-10-16 20:38 44544 c:\windows\system32\dllcache\pngfilt.dll
    + 2007-08-13 23:36 . 2008-12-20 23:15 44544 c:\windows\system32\dllcache\pngfilt.dll
    - 2008-08-26 07:24 . 2008-10-16 20:38 52224 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2008-08-26 07:24 . 2008-12-20 23:15 52224 c:\windows\system32\dllcache\msfeedsbs.dll
    - 2007-08-13 23:54 . 2008-10-16 20:38 27648 c:\windows\system32\dllcache\jsproxy.dll
    + 2007-08-13 23:54 . 2008-12-20 23:15 27648 c:\windows\system32\dllcache\jsproxy.dll
    + 2008-08-25 08:38 . 2008-12-19 09:10 13824 c:\windows\system32\dllcache\ieudinit.exe
    - 2008-08-25 08:38 . 2008-10-16 13:11 13824 c:\windows\system32\dllcache\ieudinit.exe
    - 2007-08-13 23:39 . 2008-10-16 20:38 44544 c:\windows\system32\dllcache\iernonce.dll
    + 2007-08-13 23:39 . 2008-12-20 23:15 44544 c:\windows\system32\dllcache\iernonce.dll
    - 2007-08-13 23:39 . 2008-10-16 13:11 70656 c:\windows\system32\dllcache\ie4uinit.exe
    + 2007-08-13 23:39 . 2008-12-19 09:10 70656 c:\windows\system32\dllcache\ie4uinit.exe
    + 2008-08-26 07:24 . 2008-12-20 23:15 63488 c:\windows\system32\dllcache\icardie.dll
    - 2008-08-26 07:24 . 2008-10-16 20:38 63488 c:\windows\system32\dllcache\icardie.dll
    + 2009-05-23 18:34 . 2008-10-16 20:38 44544 c:\windows\ie7updates\KB961260-IE7\pngfilt.dll
    + 2009-05-23 18:34 . 2008-10-16 20:38 52224 c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll
    + 2009-05-23 18:34 . 2008-10-16 20:38 27648 c:\windows\ie7updates\KB961260-IE7\jsproxy.dll
    + 2009-05-23 18:34 . 2008-10-16 13:11 13824 c:\windows\ie7updates\KB961260-IE7\ieudinit.exe
    + 2009-05-23 18:34 . 2008-10-16 20:38 44544 c:\windows\ie7updates\KB961260-IE7\iernonce.dll
    + 2009-05-23 18:34 . 2008-10-16 13:11 70656 c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe
    + 2009-05-23 18:34 . 2008-10-16 20:38 63488 c:\windows\ie7updates\KB961260-IE7\icardie.dll
    - 2008-04-25 20:33 . 2008-10-16 20:38 826368 c:\windows\system32\wininet.dll
    + 2008-04-25 20:33 . 2008-12-20 23:15 826368 c:\windows\system32\wininet.dll
    + 2008-04-25 20:33 . 2008-12-20 23:15 233472 c:\windows\system32\webcheck.dll
    - 2008-04-25 20:33 . 2008-10-16 20:38 233472 c:\windows\system32\webcheck.dll
    + 2008-04-25 20:33 . 2008-12-20 23:15 105984 c:\windows\system32\url.dll
    - 2008-04-25 20:33 . 2008-10-16 20:38 105984 c:\windows\system32\url.dll
    + 2008-04-25 20:33 . 2008-12-20 23:15 102912 c:\windows\system32\occache.dll
    - 2008-04-25 20:33 . 2008-10-16 20:38 102912 c:\windows\system32\occache.dll
    + 2008-10-16 18:07 . 2008-10-16 18:07 208744 c:\windows\system32\muweb.dll
    - 2008-04-25 20:33 . 2008-10-16 20:38 671232 c:\windows\system32\mstime.dll
    + 2008-04-25 20:33 . 2008-12-20 23:15 671232 c:\windows\system32\mstime.dll
    - 2008-04-25 20:33 . 2008-10-16 20:38 193024 c:\windows\system32\msrating.dll
    + 2008-04-25 20:33 . 2008-12-20 23:15 193024 c:\windows\system32\msrating.dll
    + 2008-04-25 20:33 . 2008-12-20 23:15 477696 c:\windows\system32\mshtmled.dll
    - 2008-04-25 20:33 . 2008-10-16 20:38 477696 c:\windows\system32\mshtmled.dll
    + 2007-08-13 23:54 . 2008-12-20 23:15 459264 c:\windows\system32\msfeeds.dll
    - 2007-08-13 23:54 . 2008-10-16 20:38 459264 c:\windows\system32\msfeeds.dll
    + 2007-08-13 23:34 . 2008-12-20 23:15 267776 c:\windows\system32\iertutil.dll
    - 2007-08-13 23:34 . 2008-10-16 20:38 267776 c:\windows\system32\iertutil.dll
    + 2008-04-25 20:33 . 2008-12-20 23:15 384512 c:\windows\system32\iedkcs32.dll
    - 2008-04-25 20:33 . 2008-10-16 20:38 384512 c:\windows\system32\iedkcs32.dll
    + 2007-07-11 17:27 . 2008-12-20 23:15 383488 c:\windows\system32\ieapfltr.dll
    - 2007-07-11 17:27 . 2008-10-16 20:38 383488 c:\windows\system32\ieapfltr.dll
    + 2008-04-25 20:33 . 2008-12-19 05:23 161792 c:\windows\system32\ieakui.dll
    - 2008-04-25 20:33 . 2008-10-15 07:04 161792 c:\windows\system32\ieakui.dll
    + 2008-04-25 20:33 . 2008-12-20 23:15 230400 c:\windows\system32\ieaksie.dll
    - 2008-04-25 20:33 . 2008-10-16 20:38 230400 c:\windows\system32\ieaksie.dll
    + 2008-04-25 20:33 . 2008-12-20 23:15 153088 c:\windows\system32\ieakeng.dll
    - 2008-04-25 20:33 . 2008-10-16 20:38 153088 c:\windows\system32\ieakeng.dll
    + 2008-04-25 20:33 . 2008-12-20 23:15 133120 c:\windows\system32\extmgr.dll
    - 2008-04-25 20:33 . 2008-10-16 20:38 133120 c:\windows\system32\extmgr.dll
    + 2008-04-25 20:33 . 2008-12-20 23:15 214528 c:\windows\system32\dxtrans.dll
    - 2008-04-25 20:33 . 2008-10-16 20:38 214528 c:\windows\system32\dxtrans.dll
    - 2008-04-25 20:33 . 2008-10-16 20:38 347136 c:\windows\system32\dxtmsft.dll
    + 2008-04-25 20:33 . 2008-12-20 23:15 347136 c:\windows\system32\dxtmsft.dll
    + 2008-06-23 15:09 . 2008-12-20 23:15 826368 c:\windows\system32\dllcache\wininet.dll
    - 2008-06-23 15:09 . 2008-10-16 20:38 826368 c:\windows\system32\dllcache\wininet.dll
    - 2007-08-13 23:54 . 2008-10-16 20:38 233472 c:\windows\system32\dllcache\webcheck.dll
    + 2007-08-13 23:54 . 2008-12-20 23:15 233472 c:\windows\system32\dllcache\webcheck.dll
    + 2007-08-13 23:44 . 2008-12-20 23:15 105984 c:\windows\system32\dllcache\url.dll
    - 2007-08-13 23:44 . 2008-10-16 20:38 105984 c:\windows\system32\dllcache\url.dll
    + 2007-08-13 23:44 . 2008-12-20 23:15 102912 c:\windows\system32\dllcache\occache.dll
    - 2007-08-13 23:44 . 2008-10-16 20:38 102912 c:\windows\system32\dllcache\occache.dll
    - 2007-08-13 23:54 . 2008-10-16 20:38 671232 c:\windows\system32\dllcache\mstime.dll
    + 2007-08-13 23:54 . 2008-12-20 23:15 671232 c:\windows\system32\dllcache\mstime.dll
    + 2007-08-13 23:44 . 2008-12-20 23:15 193024 c:\windows\system32\dllcache\msrating.dll
    - 2007-08-13 23:44 . 2008-10-16 20:38 193024 c:\windows\system32\dllcache\msrating.dll
    + 2007-08-13 23:54 . 2008-12-20 23:15 477696 c:\windows\system32\dllcache\mshtmled.dll
    - 2007-08-13 23:54 . 2008-10-16 20:38 477696 c:\windows\system32\dllcache\mshtmled.dll
    - 2008-08-26 07:24 . 2008-10-16 20:38 459264 c:\windows\system32\dllcache\msfeeds.dll
    + 2008-08-26 07:24 . 2008-12-20 23:15 459264 c:\windows\system32\dllcache\msfeeds.dll
    + 2007-08-13 23:43 . 2008-12-19 05:25 634024 c:\windows\system32\dllcache\iexplore.exe
    - 2008-08-26 07:24 . 2008-10-16 20:38 267776 c:\windows\system32\dllcache\iertutil.dll
    + 2008-08-26 07:24 . 2008-12-20 23:15 267776 c:\windows\system32\dllcache\iertutil.dll
    - 2007-08-13 23:39 . 2008-10-16 20:38 384512 c:\windows\system32\dllcache\iedkcs32.dll
    + 2007-08-13 23:39 . 2008-12-20 23:15 384512 c:\windows\system32\dllcache\iedkcs32.dll
    + 2008-08-26 07:24 . 2008-12-20 23:15 383488 c:\windows\system32\dllcache\ieapfltr.dll
    - 2008-08-26 07:24 . 2008-10-16 20:38 383488 c:\windows\system32\dllcache\ieapfltr.dll
    - 2007-08-13 22:56 . 2008-10-15 07:04 161792 c:\windows\system32\dllcache\ieakui.dll
    + 2007-08-13 22:56 . 2008-12-19 05:23 161792 c:\windows\system32\dllcache\ieakui.dll
    + 2007-08-13 23:39 . 2008-12-20 23:15 230400 c:\windows\system32\dllcache\ieaksie.dll
    - 2007-08-13 23:39 . 2008-10-16 20:38 230400 c:\windows\system32\dllcache\ieaksie.dll
    + 2007-08-13 23:39 . 2008-12-20 23:15 153088 c:\windows\system32\dllcache\ieakeng.dll
    - 2007-08-13 23:39 . 2008-10-16 20:38 153088 c:\windows\system32\dllcache\ieakeng.dll
    + 2007-08-13 23:54 . 2008-12-20 23:15 133120 c:\windows\system32\dllcache\extmgr.dll
    - 2007-08-13 23:54 . 2008-10-16 20:38 133120 c:\windows\system32\dllcache\extmgr.dll
    - 2007-08-13 23:35 . 2008-10-16 20:38 214528 c:\windows\system32\dllcache\dxtrans.dll
    + 2007-08-13 23:35 . 2008-12-20 23:15 214528 c:\windows\system32\dllcache\dxtrans.dll
    - 2007-08-13 23:35 . 2008-10-16 20:38 347136 c:\windows\system32\dllcache\dxtmsft.dll
    + 2007-08-13 23:35 . 2008-12-20 23:15 347136 c:\windows\system32\dllcache\dxtmsft.dll
    - 2007-08-13 23:39 . 2008-10-16 20:38 124928 c:\windows\system32\dllcache\advpack.dll
    + 2007-08-13 23:39 . 2008-12-20 23:15 124928 c:\windows\system32\dllcache\advpack.dll
    - 2008-04-25 20:33 . 2008-10-16 20:38 124928 c:\windows\system32\advpack.dll
    + 2008-04-25 20:33 . 2008-12-20 23:15 124928 c:\windows\system32\advpack.dll
    + 2009-05-23 18:34 . 2008-10-16 20:38 826368 c:\windows\ie7updates\KB961260-IE7\wininet.dll
    + 2009-05-23 18:34 . 2008-10-16 20:38 233472 c:\windows\ie7updates\KB961260-IE7\webcheck.dll
    + 2009-05-23 18:34 . 2008-10-16 20:38 105984 c:\windows\ie7updates\KB961260-IE7\url.dll
    + 2009-05-23 18:34 . 2007-03-06 01:23 371424 c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll
    + 2009-05-23 18:34 . 2007-03-06 01:22 213216 c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe
    + 2009-05-23 18:34 . 2008-10-16 20:38 102912 c:\windows\ie7updates\KB961260-IE7\occache.dll
    + 2009-05-23 18:34 . 2008-10-16 20:38 671232 c:\windows\ie7updates\KB961260-IE7\mstime.dll
    + 2009-05-23 18:34 . 2008-10-16 20:38 193024 c:\windows\ie7updates\KB961260-IE7\msrating.dll
    + 2009-05-23 18:34 . 2008-10-16 20:38 477696 c:\windows\ie7updates\KB961260-IE7\mshtmled.dll
    + 2009-05-23 18:34 . 2008-10-16 20:38 459264 c:\windows\ie7updates\KB961260-IE7\msfeeds.dll
    + 2009-05-23 18:34 . 2008-10-15 07:06 633632 c:\windows\ie7updates\KB961260-IE7\iexplore.exe
    + 2009-05-23 18:34 . 2008-10-16 20:38 267776 c:\windows\ie7updates\KB961260-IE7\iertutil.dll
    + 2009-05-23 18:34 . 2008-10-16 20:38 384512 c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll
    + 2009-05-23 18:34 . 2008-10-16 20:38 383488 c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll
    + 2009-05-23 18:34 . 2008-10-15 07:04 161792 c:\windows\ie7updates\KB961260-IE7\ieakui.dll
    + 2009-05-23 18:34 . 2008-10-16 20:38 230400 c:\windows\ie7updates\KB961260-IE7\ieaksie.dll
    + 2009-05-23 18:34 . 2008-10-16 20:38 153088 c:\windows\ie7updates\KB961260-IE7\ieakeng.dll
    + 2009-05-23 18:34 . 2008-10-16 20:38 133120 c:\windows\ie7updates\KB961260-IE7\extmgr.dll
    + 2009-05-23 18:34 . 2008-10-16 20:38 214528 c:\windows\ie7updates\KB961260-IE7\dxtrans.dll
    + 2009-05-23 18:34 . 2008-10-16 20:38 347136 c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll
    + 2009-05-23 18:34 . 2008-10-16 20:38 124928 c:\windows\ie7updates\KB961260-IE7\advpack.dll
    - 2008-04-25 20:33 . 2008-10-16 20:38 1160192 c:\windows\system32\urlmon.dll
    + 2008-04-25 20:33 . 2008-12-20 23:15 1160192 c:\windows\system32\urlmon.dll
    + 2008-04-25 20:33 . 2009-01-17 01:35 3594752 c:\windows\system32\mshtml.dll
    + 2007-08-13 23:54 . 2008-12-20 23:15 6066688 c:\windows\system32\ieframe.dll
    + 2008-06-26 08:15 . 2008-12-20 23:15 1160192 c:\windows\system32\dllcache\urlmon.dll
    - 2008-06-26 08:15 . 2008-10-16 20:38 1160192 c:\windows\system32\dllcache\urlmon.dll
    + 2008-06-23 15:09 . 2009-01-17 01:35 3594752 c:\windows\system32\dllcache\mshtml.dll
    + 2008-10-03 17:41 . 2008-12-20 23:15 6066688 c:\windows\system32\dllcache\ieframe.dll
    + 2009-05-23 18:34 . 2008-10-16 20:38 1160192 c:\windows\ie7updates\KB961260-IE7\urlmon.dll
    + 2009-05-23 18:34 . 2008-12-13 06:40 3593216 c:\windows\ie7updates\KB961260-IE7\mshtml.dll
    + 2009-05-23 18:34 . 2008-10-16 20:38 6066176 c:\windows\ie7updates\KB961260-IE7\ieframe.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-14 1343488]
    "Persistence "= "c:\windows\system32\igfxpers.exe" [2008-07-14 137752]
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
    "BTMeter "= "c:\program files\Battery Meter\BTMeter.exe" [2008-07-11 537896]
    "WLSS "= "c:\program files\Wireless Select Switch\WLSS.exe" [2008-07-11 492840]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
    "ECenter "= "c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]
    "dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
    "DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
    "ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
    "osCheck "= "c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "RTHDCPL "= "RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-07-13 16876032]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-7 600680]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2008-09-30 09:24 10536 -c--a-w c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe "=

    R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [9/30/2008 4:55 AM 9856]
    R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 3:37 PM 149352]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/4/2009 11:20 PM 101936]
    R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [9/30/2008 7:01 AM 93968]
    R3 OA004Afx;Provides a software interface to control audio effects of OA004 camera.;c:\windows\system32\drivers\OA004Afx.sys [9/30/2008 7:02 AM 148056]
    R3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\system32\drivers\OA004Ufd.sys [9/30/2008 7:02 AM 144672]
    R3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\system32\drivers\OA004Vid.sys [9/30/2008 7:02 AM 269760]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 10:32 PM 23888]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - COMHOST
    .
    Contents of the 'Scheduled Tasks' folder

    2009-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080930
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-23 17:59
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1048)
    c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

    - - - - - - - > 'explorer.exe'(412)
    c:\windows\system32\btmmhook.dll
    .
    Completion time: 2009-05-23 18:02
    ComboFix-quarantined-files.txt 2009-05-23 22:02
    ComboFix2.txt 2009-05-23 02:54
    ComboFix3.txt 2009-05-23 02:36

    Pre-Run: 4,342,636,544 bytes free
    Post-Run: 4,346,155,008 bytes free

    256 --- E O F --- 2009-05-23 18:36
     
    kanae767q,
    #3
  5. 2009/05/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    STEP 1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Under Configuration and Preferences, click the Preferences button.
    * Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    - Close browsers before scanning.
    - Scan for tracking cookies.
    - Terminate memory threats before quarantining.
    * Click the Close button to leave the control center screen.
    * Back on the main screen, under Scan for Harmful Software click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under Complete Scan, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
    * Make sure everything has a checkmark next to it and click Next.
    * A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
    * If asked if you want to reboot, click Yes.
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    - Click Preferences, then click the Statistics/Logs tab.
    - Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    - If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    - Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.
    NOTE: Tracking cookies may be omitted from the log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 3. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackThis log.
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #4
  6. 2009/05/23
    kanae767q

    kanae767q Inactive Thread Starter

    Joined:
    2009/05/22
    Messages:
    3
    Likes Received:
    0
    Ran the instructions to the letter. Here are the log files you requested.

    SUPERAntiSpyware Log:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 05/23/2009 at 09:22 PM

    Application Version : 4.26.1002

    Core Rules Database Version : 3895
    Trace Rules Database Version: 1843

    Scan type : Complete Scan
    Total Scan Time : 01:22:24

    Memory items scanned : 221
    Memory threats detected : 0
    Registry items scanned : 4424
    Registry threats detected : 0
    File items scanned : 38605
    File threats detected : 17

    Adware.Tracking Cookie
    C:\Documents and Settings\Administrator\Cookies\administrator@www.googleadservices[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
    C:\Documents and Settings\Susan Baker\Cookies\susan_baker@ads.bleepingcomputer[1].txt
    C:\Documents and Settings\Susan Baker\Cookies\susan_baker@collective-media[1].txt
    C:\Documents and Settings\Susan Baker\Cookies\susan_baker@content.yieldmanager.edgesuite[1].txt
    C:\Documents and Settings\Susan Baker\Cookies\susan_baker@crackle[2].txt
    C:\Documents and Settings\Susan Baker\Cookies\susan_baker@gotquestions[1].txt
    C:\Documents and Settings\Susan Baker\Cookies\susan_baker@interclick[1].txt
    C:\Documents and Settings\Susan Baker\Cookies\susan_baker@media6degrees[1].txt
    C:\Documents and Settings\Susan Baker\Cookies\susan_baker@oberonmedia[2].txt
    C:\Documents and Settings\Susan Baker\Cookies\susan_baker@specificmedia[2].txt
    C:\Documents and Settings\Susan Baker\Cookies\susan_baker@tracking.waterfrontmedia[1].txt
    C:\Documents and Settings\Susan Baker\Cookies\susan_baker@www.googleadservices[1].txt
    C:\Documents and Settings\Susan Baker\Cookies\susan_baker@www.googleadservices[2].txt
    C:\Documents and Settings\Susan Baker\Cookies\susan_baker@www.gotquestions[2].txt
    C:\Documents and Settings\Susan Baker\Cookies\susan_baker@www.mynortonaccount[1].txt
    C:\Documents and Settings\Susan Baker\Cookies\susan_baker@www.oberon-media[1].txt


    Malwarebytes' Anti-Malware Log:

    Malwarebytes' Anti-Malware 1.36
    Database version: 2171
    Windows 5.1.2600 Service Pack 3

    5/23/2009 10:10:10 PM
    mbam-log-2009-05-23 (22-10-10).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 121635
    Time elapsed: 16 minute(s), 52 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 3
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\extravideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Qoobox\Quarantine\C\WINDOWS\system32\msqpdxrqrmivin.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP3\A0010767.dll (Trojan.TDSS) -> Quarantined and deleted successfully.


    HijackThis Log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:18:02 PM, on 5/23/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Battery Meter\BTMeter.exe
    C:\Program Files\Wireless Select Switch\WLSS.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscript.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080930
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080930
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe
    O4 - HKLM\..\Run: [WLSS] C:\Program Files\Wireless Select Switch\WLSS.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe "
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243051201234
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --
    End of file - 9171 bytes
     
    kanae767q,
    #5

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...