1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Internet Explorer/ General Vista Issue

Discussion in 'Malware and Virus Removal Archive' started by lks2008, 2008/07/14.

  1. 2008/07/14
    lks2008

    lks2008 Inactive Thread Starter

    Joined:
    2008/07/14
    Messages:
    14
    Likes Received:
    0
    Hello.

    I realise this may be a problem reported before and I used the search function but didn't find anything specific so my apologies if this is an old problem being talked about again.


    I have been having a problem over the past couple of weeks where after about half an hour of use of Windows Vista and Internet Explorer, Internet Explorer stops displaying the right click menu on images and the menu bar disappears on any new windows/tabs I open. There has also been instances where if I exit a window the same window keeps opening repeatedly. I therefore have to open the Task Manager just to close IE. Having searched the web about this I looked at a few things and thought it might be a memory issue, at times the CPU usage has been extremely high and the page file has been very near the total of 2296. The only major change I have made to my computer is upgrading most of my iTunes library to 256kbps which resulted according to the Task Manager in iTunes memory usage going up to e.g. 200,000kb. Some pages suggested iTunes 7, which I use, has a large memory usage anyway but I hadn't paid attention to its memory usage until this problem arose recently. I stopped using iTunes and stared listening to my music via my iPod but the problem has arisen again. I think the problem has also affected Windows Explorer where I cannot right click there and there was one issue where I was trying download a file and the little box which says open, save etc. did not come up. Any ideas?

    Thanks very much for your help.

    Edit: After I submitted this message originally, I remembered I had AdAware installed, so I ran it. It said there were 204 'infections' but they may have been just ordinary cookies. Below is an updated HijackThis logfile.

    Here is my HijackThis logfile if this helps you work out whats wrong with my PC:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:15:41, on 15/07/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16681)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Windows\sttray.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DIGStream\digstream.exe
    C:\Program Files\ESPNRunTime\DIGServices.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\ProgramData\Autobahn\mlb-nexdef-autobahn.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nba.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe "
    O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe "
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
    O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: MLB.TV NexDef Plug-in.lnk = C:\ProgramData\Autobahn\mlb-nexdef-autobahn.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/J...e5/&filename=jinstall-6u7-windows-i586-jc.cab
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 9014 bytes
     
    Last edited: 2008/07/15
    lks2008,
    #1
  2. 2008/07/15
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Hi lks2008, and welcome to WindowsBBS :)

    Download Deckard's System Scanner (dss.exe) and save it to your desktop.
    • Close all applications and windows.
    • Double click on dss.exe to run it and follow the prompts.
    • When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.
    Post the contents of main.txt only for now.
     
    noahdfear,
    #2


  3. to hide this advert.

  4. 2008/07/16
    lks2008

    lks2008 Inactive Thread Starter

    Joined:
    2008/07/14
    Messages:
    14
    Likes Received:
    0
    Deckard's System Scanner v20071014.68
    Run by Liam on 2008-07-16 16:55:19
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    Total Physical Memory: 1022 MiB (1024 MiB recommended).


    -- HijackThis (run as Liam.exe) ------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:55:22, on 16/07/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16681)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Windows\sttray.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DIGStream\digstream.exe
    C:\Program Files\ESPNRunTime\DIGServices.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\ProgramData\Autobahn\mlb-nexdef-autobahn.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Users\Liam\Downloads\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Liam.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = NBA.com: Official Home Page of National Basketball Association
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe "
    O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe "
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
    O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: MLB.TV NexDef Plug-in.lnk = C:\ProgramData\Autobahn\mlb-nexdef-autobahn.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/J...e5/&filename=jinstall-6u7-windows-i586-jc.cab
    O23 - Service: McAfee Application Installer Cleanup (0257181216222559) (0257181216222559mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\025718~1.EXE
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 9005 bytes

    -- Files created between 2008-06-16 and 2008-07-16 -----------------------------

    2008-07-15 02:28:53 0 d-------- C:\Program Files\Trend Micro
    2008-07-14 02:51:27 0 d-------- C:\Users\All Users\DIGStream
    2008-07-14 02:51:27 0 d-------- C:\Program Files\ESPNMotion
    2008-07-14 02:51:24 0 d-------- C:\Program Files\DIGStream
    2008-07-14 02:51:20 0 d-------- C:\Users\All Users\ESPN
    2008-07-14 02:51:20 0 d-------- C:\Program Files\ESPN
    2008-07-14 02:51:17 0 d-------- C:\Program Files\ESPNRunTime
    2008-07-08 22:31:12 0 d-------- C:\Users\All Users\MLB TV Mosaic
    2008-07-08 22:28:14 0 d-------- C:\Users\All Users\Autobahn
    2008-07-08 03:57:22 0 d-------- C:\Program Files\Lavasoft
    2008-07-08 03:57:21 0 d-------- C:\Users\All Users\Lavasoft
    2008-07-08 03:56:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-07-06 12:24:39 0 d-------- C:\Program Files\Apple Software Update
    2008-07-05 22:11:37 0 d-------- C:\Users\All Users\eMule
    2008-07-05 22:10:39 0 d-------- C:\Program Files\eMule
    2008-07-05 21:27:49 0 d-------- C:\Program Files\Microsoft Silverlight
    2008-07-05 16:51:13 0 d-------- C:\Program Files\uTorrent
    2008-07-05 01:36:54 0 d-------- C:\Program Files\iPod
    2008-07-05 01:36:50 0 d-------- C:\Program Files\iTunes
    2008-07-05 01:36:21 0 d-------- C:\Program Files\Bonjour
    2008-07-05 01:35:45 0 d-------- C:\Program Files\QuickTime
    2008-07-05 01:35:43 0 d-------- C:\Users\All Users\Apple Computer
    2008-07-05 01:34:29 0 d-------- C:\Program Files\Common Files\Apple
    2008-07-05 01:34:27 0 d-------- C:\Users\All Users\Apple
    2008-07-05 01:22:43 143360 --a------ C:\Windows\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
    2008-07-05 01:22:20 0 d-------- C:\Program Files\Common Files\xing shared
    2008-07-05 01:21:51 0 d-------- C:\Program Files\Real
    2008-07-05 01:21:47 0 d-------- C:\Program Files\Common Files\Real
    2008-07-05 01:18:25 0 d-------- C:\Program Files\DivX
    2008-07-05 00:50:45 0 dr------- C:\Users\Liam\Searches
    2008-07-05 00:50:29 0 dr------- C:\Users\Liam\Contacts
    2008-07-05 00:49:30 0 dr------- C:\Users\Liam\Videos
    2008-07-05 00:49:30 0 d--hs---- C:\Users\Liam\Templates
    2008-07-05 00:49:30 0 d--hs---- C:\Users\Liam\Start Menu
    2008-07-05 00:49:30 0 d--hs---- C:\Users\Liam\SendTo
    2008-07-05 00:49:30 0 dr------- C:\Users\Liam\Saved Games
    2008-07-05 00:49:30 0 d--hs---- C:\Users\Liam\Recent
    2008-07-05 00:49:30 0 d--hs---- C:\Users\Liam\PrintHood
    2008-07-05 00:49:30 0 dr------- C:\Users\Liam\Pictures
    2008-07-05 00:49:30 2097152 --ahs---- C:\Users\Liam\NTUSER.DAT
    2008-07-05 00:49:30 0 d--hs---- C:\Users\Liam\NetHood
    2008-07-05 00:49:30 0 d--hs---- C:\Users\Liam\My Documents
    2008-07-05 00:49:30 0 dr------- C:\Users\Liam\Music
    2008-07-05 00:49:30 0 d--hs---- C:\Users\Liam\Local Settings
    2008-07-05 00:49:30 0 dr------- C:\Users\Liam\Links
    2008-07-05 00:49:30 0 dr------- C:\Users\Liam\Favorites
    2008-07-05 00:49:30 0 dr------- C:\Users\Liam\Downloads
    2008-07-05 00:49:30 0 dr------- C:\Users\Liam\Documents
    2008-07-05 00:49:30 0 dr------- C:\Users\Liam\Desktop
    2008-07-05 00:49:30 0 d--hs---- C:\Users\Liam\Cookies
    2008-07-05 00:49:30 0 d--hs---- C:\Users\Liam\Application Data
    2008-07-05 00:49:30 0 d--h----- C:\Users\Liam\AppData
    2008-07-05 00:45:51 0 d--hs---- C:\Users\Default\Templates
    2008-07-05 00:45:51 0 d--hs---- C:\Users\Default\Start Menu
    2008-07-05 00:45:51 0 d--hs---- C:\Users\Default\SendTo
    2008-07-05 00:45:51 0 d--hs---- C:\Users\Default\Recent
    2008-07-05 00:45:51 0 d--hs---- C:\Users\Default\PrintHood
    2008-07-05 00:45:51 0 d--hs---- C:\Users\Default\NetHood
    2008-07-05 00:45:51 0 d--hs---- C:\Users\Default\My Documents
    2008-07-05 00:45:51 0 d--hs---- C:\Users\Default\Local Settings
    2008-07-05 00:45:51 0 d--hs---- C:\Users\Default\Cookies
    2008-07-05 00:45:51 0 d--hs---- C:\Users\Default\Application Data
    2008-07-05 00:45:51 0 d--hs---- C:\Users\All Users\Templates
    2008-07-05 00:45:51 0 d--hs---- C:\Users\All Users\Start Menu
    2008-07-05 00:45:51 0 d--hs---- C:\Users\All Users\Favorites
    2008-07-05 00:45:51 0 d--hs---- C:\Users\All Users\Documents
    2008-07-05 00:45:51 0 d--hs---- C:\Users\All Users\Desktop
    2008-07-05 00:45:51 0 d--hs---- C:\Users\All Users\Application Data
    2008-07-05 00:45:51 0 d--hs---- C:\Documents and Settings
    2008-07-05 00:44:22 0 d--hs---- C:\System Volume Information
    2008-07-05 00:44:12 0 d-------- C:\Windows\CSC


    -- Find3M Report ---------------------------------------------------------------

    2008-07-16 16:35:55 0 d-------- C:\Program Files\McAfee
    2008-07-16 14:14:13 12978 --a------ C:\Users\Liam\AppData\Roaming\nvModes.dat
    2008-07-16 14:14:13 12978 --a------ C:\Users\Liam\AppData\Roaming\nvModes.001
    2008-07-16 14:13:58 1387 --a------ C:\Users\Liam\AppData\Roaming\autobahn.log
    2008-07-14 18:42:57 0 d-------- C:\Users\Liam\AppData\Roaming\Move Networks
    2008-07-14 18:36:55 0 d-------- C:\Program Files\Java
    2008-07-14 18:02:13 0 d-------- C:\Users\Liam\AppData\Roaming\uTorrent
    2008-07-10 03:09:46 174 --ahs---- C:\Program Files\desktop.ini
    2008-07-10 03:01:24 0 d-------- C:\Program Files\Windows Mail
    2008-07-08 22:31:38 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-07-08 21:41:20 0 d-------- C:\Users\Liam\AppData\Roaming\AdobeUM
    2008-07-08 03:56:23 0 d-------- C:\Program Files\Common Files
    2008-07-06 16:06:24 0 d-------- C:\Users\Liam\AppData\Roaming\Adobe
    2008-07-05 16:41:56 0 d-------- C:\Program Files\Windows Calendar
    2008-07-05 16:41:47 0 d-------- C:\Program Files\Windows Sidebar
    2008-07-05 10:34:14 0 d-------- C:\Users\Liam\AppData\Roaming\DivX
    2008-07-05 03:52:32 0 d--h----- C:\Users\Liam\AppData\Roaming\GTek
    2008-07-05 01:37:38 0 d-------- C:\Users\Liam\AppData\Roaming\Google
    2008-07-05 01:37:07 0 d-------- C:\Users\Liam\AppData\Roaming\Apple Computer
    2008-07-05 01:25:15 0 d-------- C:\Program Files\Common Files\McAfee
    2008-07-05 01:23:20 0 d-------- C:\Users\Liam\AppData\Roaming\Real
    2008-07-05 01:02:03 0 d-------- C:\Users\Liam\AppData\Roaming\Macromedia
    2008-07-05 00:59:19 0 d-------- C:\Program Files\Google
    2008-07-05 00:56:12 0 d-------- C:\Users\Liam\AppData\Roaming\Roxio
    2008-07-05 00:50:34 0 d-------- C:\Users\Liam\AppData\Roaming\Identities
    2008-05-30 18:22:22 3596288 --a------ C:\Windows\system32\qt-dx331.dll
    2008-05-30 18:18:56 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2008-05-30 18:18:56 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2008-05-30 18:18:50 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
    2008-05-30 18:18:48 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
    2008-05-30 18:18:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
    2008-05-30 18:18:48 815104 --a------ C:\Windows\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
    2008-05-30 18:18:48 683520 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
    2008-05-30 18:18:00 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
    26/11/2007 10:46 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [10/08/2007 21:29]
    "SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [20/11/2006 18:51]
    "NvSvc "= "C:\Windows\system32\nvsvc.dll" [21/02/2007 18:56]
    "NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [21/02/2007 18:56]
    "NvMediaCenter "= "C:\Windows\system32\NvMcTray.dll" [21/02/2007 18:56]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]
    "SigmatelSysTrayApp "= "sttray.exe" [08/02/2007 06:11 C:\Windows\sttray.exe]
    "ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/10/2006 11:37]
    "@ "=" " []
    "RoxWatchTray "= "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [05/11/2006 11:22]
    "ECenter "= "c:\dell\E-Center\EULALauncher.exe" [16/03/2007 11:50]
    "PCMService "= "C:\Program Files\Dell\MediaDirect\PCMService.exe" [02/05/2007 18:16]
    "mcagent_exe "= "C:\Program Files\McAfee.com\Agent\mcagent.exe" [01/11/2007 19:12]
    "QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [27/05/2008 10:50]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [02/06/2008 11:13]
    "DIGStream "= "C:\Program Files\DIGStream\digstream.exe" [10/02/2006 14:06]
    "DIGServices "= "C:\Program Files\ESPNRunTime\DIGServices.exe" [14/07/2006 10:47]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WindowsWelcomeCenter "= "oobefldr.dll,ShowWelcomeCenter" []
    "DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [15/03/2007 12:09]
    "ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [02/11/2006 13:34]
    "WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 13:33]

    C:\Users\Liam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MLB.TV NexDef Plug-in.lnk - C:\ProgramData\Autobahn\mlb-nexdef-autobahn.exe [31/03/2008 00:52:34]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [10/08/2007 13:51:53]
    QuickSet.lnk - C:\Windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [10/08/2007 13:48:50]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "=2 (0x2)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @= "Volume shadow copy "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @= "IEEE 1394 Bus host controllers "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @= "SBP2 IEEE 1394 Devices "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @= "SecurityDevices "


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-07-16 16:56:09 ------------


    P.S. I had to re do the scan because later on I thought I might have been running IE whilst doing it. When I did it the second time, the 'extra' file did not appear so I tried again but still no 'extra' file. I thought the two might have been merged into just the 'main' file somehow. See what you think and thanks again. Also, for my future reference, how long does it take, on average, for a forum topic do be authorized for display? Thanks.

    more info: just noticed text in IE search box 'Search here to raise $$$'. Suspicious but just installed a non-malicious toolbar which may have caused this but I don't know.
     
    Last edited: 2008/07/16
    lks2008,
    #3
  5. 2008/07/16
    lks2008

    lks2008 Inactive Thread Starter

    Joined:
    2008/07/14
    Messages:
    14
    Likes Received:
    0
    Update

    I found out about the toolbar I installed and it was designed by a company that make fund raising toolbars but it is from an NBA website and probably nothing suspicious. When you said to close all applications when running dss.exe did you mean system tray ones as well?

    Thanks
     
    lks2008,
    #4
  6. 2008/07/16
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    I'm not seeing anything in your logs that would suggest an infection. Recommend you post in the Vista forum describing your problem(s). Make sure you let it be known you've already been here to check for malware.
     
    noahdfear,
    #5

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...