View Full Version : Virus--W32.SillyFDC
Okay, this is kind of a long story, but I want to give details in case something is important.
Last night I was downloading a MMO game (massively multiplayer online). The download was going to take a while so I went to bed. This morning, the download was complete, but Symantec endpoint v11 had caught a tracking cookie and a virus called W32.SillyFDC and quaranteened it. After some research, I learned that this virus can come from a flash drive and is associated with a program on such a drive called "autorun.exe". I had noticed this file on my flash drive some time ago, but didn't think much of it; I thought it was the autorun feature of the flash drive. As a result, I don't think the virus came from the game I was downloading, but I don't know why it would suddenly pop up in Symantec while I was downloading.
The game apparently downloaded through something called DNA, which I believe is a bit torrent program or something, but I had no intention of using P2P at all. DNA stayed running in the background until I shut it down by right clicking the icon in the start bar.
I saw reports online of people deleting the virus like Norton tells them (and me) to do, and saying the virus damaged 50 registry entries, subsequently shutting down their capability to access system tools, regedit, among other things, so I decided to come to you before doing anything.
A full system scan with Symantec revealed nothing, the virus is still in my quaranteen, the flash drive is still attached to my machine, and has three hidden files I do not recognize; "recycler" which is associated to the virus and seems only to mirror what is in my recycle bin, DRMv1PM.lic, and WMPInfo.xml, neither of which I recognize. I have not seen the mysterious "autorun.exe" file in my flash drive since all this started going down.
I have run Spybot S&D and it found nothing of note. Maybe I got off lucky?
I have no idea where this virus in my flash drive has come from, since I only use it in my own computers, not strange ones, but I believe it may have been there inactive for over a year. Or maybe I'm just cracked and the virus did come from the download. I have no clue and I am not very knowledgeable about the complex workings of a computer.
Below is my HJT logfile, as you will see, DNA is a running process on my computer, though I did not ask to download it, I think the downloader for the game did it. I thought I shut it down though, I do not know why it is a running process. I think I might need help deleting this program. Thanks in advance for your time and help!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:57 PM, on 5/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SmcGui.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\twc\medicsp2\bin\sprtcmd.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Symantec\LiveUpdate\luall.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\Updt563\spa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [medicsp2] C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKLM\..\Policies\Explorer\Run: []
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Desktop Search.lnk.disabled
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Program Files\ScanSoft\PDF Converter 4\cnvres_eng.dll /100
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170297346062
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bookworm_adventures/popcaploader_v10.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h20264.www2.hp.com/ediags/hpfix/sj/en/check/xp/qdiagh.cab?326
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (file missing)
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SNAC.EXE
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE (file missing)
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O24 - Desktop Component 1: MyUB - Your personal portal to the UB Web - http://myub.buffalo.edu/
--
End of file - 15064 bytes
Hi,
Where was the game downloaded from (you don't have to put link, domain name is enough)?
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
Here you go. You said post, so I posted them both, I hope that was what you wanted.
BTW, when we are done here, can you tell me how to get rid of that Verizon stuff? I don't use Verizon anymore, and add/remove programs doesn't work.
The site I downloaded the game is called Aeria Games. It seemed pretty legit to me, but what the heck do I know? :)
DDS (Ver_09-05-14.01) - NTFSx86
Run by Alexa at 13:09:33.10 on Thu 05/28/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.170 [GMT -4:00]
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SmcGui.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Alexa\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://verizon.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [hplampc] c:\windows\system32\hplampc.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [medicsp2] c:\program files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRunOnce: [<NO NAME>]
mExplorerRun: [<NO NAME>] 1 (0x1)
StartupFolder: c:\docume~1\alexa\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Windows Desktop Search.lnk.disabled
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Open with ScanSoft PDF Converter 4.0 - c:\program files\scansoft\pdf converter 4\cnvres_eng.dll /100
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170297346062
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://games.pogo.com/online2/pogo/bookworm_adventures/popcaploader_v10.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h20264.www2.hp.com/ediags/hpfix/sj/en/check/xp/qdiagh.cab?326
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
============= SERVICES / DRIVERS ===============
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [2008-5-21 202280]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2008-9-11 2436536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-4 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090527.003\NAVENG.SYS [2009-5-27 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090527.003\NAVEX15.SYS [2009-5-27 876144]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-4-16 23888]
S3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\drivers\hp4200c.sys [2008-4-30 9312]
S3 tcpip_patcher;tcpip_patcher;\??\c:\program files\ares\tcpip_patcher.sys --> c:\program files\ares\tcpip_patcher.sys [?]
=============== Created Last 30 ================
2009-05-27 00:59 <DIR> --d----- c:\program files\DNA
2009-05-27 00:59 <DIR> --d----- c:\docume~1\alexa\applic~1\DNA
==================== Find3M ====================
2009-04-06 19:14 123,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-06 19:14 60,800 a------- c:\windows\system32\S32EVNT1.DLL
2009-04-06 19:14 10,563 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-06 19:14 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-03-27 22:06 348,160 a------- c:\windows\system32\msvcr71.dll
2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-10 22:18 934,792 a------- c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 22:18 239,496 a------- c:\windows\system32\dllcache\wgaLogon.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 10:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-06 09:38 34 a------- c:\documents and settings\alexa\jagex_runescape_preferences.dat
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 00:54 636,072 a------- c:\windows\system32\dllcache\iexplore.exe
2007-10-18 15:07 88 ---shr-- c:\windows\system32\2CEAF28523.sys
2007-10-18 15:07 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-04 10:54 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat
============= FINISH: 13:10:22.35 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-05-14.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/15/2006 3:01:26 PM
System Uptime: 5/27/2009 6:12:34 PM (19 hours ago)
Motherboard: Dell Inc. | | 0JC474
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 53 GiB total, 4.228 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 18.539 GiB free.
E: is CDROM (CDFS)
F: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) 82915G/GV/910GL Express Chipset Family
Device ID: PCI\VEN_8086&DEV_2582&SUBSYS_01C41028&REV_04\3&172E68DD&0&10
Manufacturer: Intel Corporation
Name: Intel(R) 82915G/GV/910GL Express Chipset Family
PNP Device ID: PCI\VEN_8086&DEV_2582&SUBSYS_01C41028&REV_04\3&172E68DD&0&10
Service: ialm
==== System Restore Points ===================
RP190: 5/3/2009 3:57:01 PM - System Checkpoint
RP191: 5/4/2009 11:00:56 PM - System Checkpoint
RP192: 5/6/2009 12:07:20 AM - System Checkpoint
RP193: 5/7/2009 1:01:38 PM - System Checkpoint
RP194: 5/8/2009 5:07:13 PM - System Checkpoint
RP195: 5/9/2009 5:36:07 PM - System Checkpoint
RP196: 5/10/2009 7:57:43 PM - System Checkpoint
RP197: 5/12/2009 12:06:54 AM - System Checkpoint
RP198: 5/13/2009 3:00:38 AM - Software Distribution Service 3.0
RP199: 5/14/2009 3:56:34 AM - System Checkpoint
RP200: 5/15/2009 9:10:17 AM - System Checkpoint
RP201: 5/16/2009 12:25:13 PM - System Checkpoint
RP202: 5/17/2009 2:47:00 PM - System Checkpoint
RP203: 5/18/2009 9:28:56 PM - System Checkpoint
RP204: 5/19/2009 11:39:37 PM - System Checkpoint
RP205: 5/21/2009 2:59:15 AM - System Checkpoint
RP206: 5/22/2009 3:50:15 AM - System Checkpoint
RP207: 5/23/2009 7:49:13 AM - System Checkpoint
RP208: 5/24/2009 11:49:04 AM - System Checkpoint
RP209: 5/25/2009 11:54:15 AM - System Checkpoint
RP210: 5/26/2009 12:09:32 PM - System Checkpoint
RP211: 5/27/2009 1:07:05 PM - System Checkpoint
==== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 4.64
AAC Decoder
Ad-Aware SE Personal
Adobe Acrobat 7.0 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Photoshop 7.0
Adobe Reader 7.0.8
Adobe Shockwave Player 11.5
AGEIA PhysX v7.11.13
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Avid DVD Limited by Sonic
Bejeweled 2 Deluxe
Bonjour
BufferChm
CEP - Color Enable Package
Championship Mah Jongg
Character Builder Beta
Conexant D850 56K V.9x DFVc Modem
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Data Access Objects (DAO) 3.0
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support Center (Support Software)
Dell System Restore
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
Diablo II
Digital Content Portal
Digital Line Detect
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DNA
Emperor: Rise of the Middle Kingdom
ERUNT 1.1j
eSupportQFolder
FLV Player 1.3.3
Font Creator Program 3.0
Form Fill (Windows Live Toolbar)
GdiplusUpgrade
Google Desktop
Google Toolbar for Internet Explorer
Google Video Player
GRE POWERPREP
H.264 Decoder
High Definition Audio Driver Package - KB835221
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Deskjet 3900 series
HP Extended Capabilities 5.0
HP Imaging Device Functions 5.0
HP Photosmart Essential
HP Product Detection
HP Solution Center & Imaging Support Tools 5.0
HP Update
HPDeskjet3900Series
HPProductAssistant
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
ISI ResearchSoft - Export Helper
iTunes
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 13
Java(TM) 6 Update 7
LiveReg (Symantec Corporation)
LiveUpdate 3.3 (Symantec Corporation)
Macromedia Shockwave Player
Map Button (Windows Live Toolbar)
MarketResearch
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Access 2003 Runtime
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Web Components
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Theme Nunavut
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft XML Parser
MKV Splitter
Modem Helper
Move Media Player
Mozilla Firefox (2.0.0.16)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Netflix Movie Viewer
NetWaiting
NVIDIA Drivers
PC Connectivity Solution
PhotoRecall Deluxe
QuickTime
RealPlayer
Rhapsody Player Engine
Road Runner Install
Road Runner Medic 6.1
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Roxio Update Manager
ScanSoft PDF Converter 4
Search Assist
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Sid Meier's Civilization 4
Sid Meier's Pirates!
Smart Menus (Windows Live Toolbar)
SolutionCenter
Sonic Activation Module
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Status
Symantec Endpoint Protection
Symantec Technical Support Web Controls
System Requirements Lab
The Sims 2 Open For Business
The Sims 2 University
The Sims™ 2 Deluxe
The Sims™ 2 FreeTime
The Sims™ 2 Seasons
TrayApp
Uniblue Registry Booster
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Outlook 2007 Junk Email Filter (kb968503)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
URL Assistant
VC80CRTRedist - 8.0.50727.762
VDMSound 2.0.4
Verizon Online Help & Support
Verizon Yahoo! Applications
Warcraft III
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
Windows Desktop Search
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live OneCare safety scanner
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinUAE 1.4.2
Yahoo! Browser Services
Yahoo! Messenger
==== Event Viewer Messages From Past Week ========
5/27/2009 3:46:02 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
5/23/2009 4:27:40 PM, error: SRTSP [4] - Error loading virus definitions.
5/21/2009 3:47:58 PM, error: Service Control Manager [7000] - The MSSQL$MICROSOFTSMLBIZ service failed to start due to the following error: The system cannot find the path specified.
==== End Of File ===========================
Hi
Ok, let's begin with p2p removals.
Uninstall thru add/remove programs:
DNA
Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Then delete following folders if they exist:
c:\program files\DNA
c:\documents and settings\alexa\application data\DNA
Start HijackThis, click do a system scan only, check:
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
Close all browsers & other windows and click fix checked.
Uninstall old Adobe Reader versions and get the latest one here (http://www.filehippo.com/download_adobe_reader/) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Uninstall also these vulnerable Java versions:
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 7
Also, Ad-Aware SE Personal is not supported anymore and should be uninstalled. You'll find the latest version here (http://www.lavasoft.com/products/ad_aware_free.php).
Firefox 2.x.x.x series is not supported anymore. You should uninstall it and get the latest version (http://getfirefox.net/).
1. Download Flash_Disinfector (http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe) and save it to desktop.
2. After downloading, double-click on Flash_Disinfector to run it.
3. Just follow the prompts and continue until it begin scanning.
4. If asked to insert your flash drive or any removable device including USB Pen Drive and Memory Stick, please do so.
5. It will scan removable drives, wait for the scan to finish. Done.
After that run Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner)
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Read the requirements and privacy statement then click on the Accept button.
The program will launch and start to download the latest definition files.
You will be prompted to install an application from Kaspersky. Click Run
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
Click on Save Report As....
Change the Files of type to Text file (.txt) before clicking on the Save button.
Save this report to a convenient place.
Copy and paste that information into & a fresh dds.txt log to your topic.
The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.
If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)
First of all, thank you so much for all of these helpful links and your help so far. If you can give me any more advice on how to better care for my computer, I would greatly appreciate it. I'm afraid I'm not very savvy with pc's.
Question: Should I always remove the old Java updates when new ones show up?
Add/Remove said Mozilla Firefox was already uninstalled and asked if I wanted to delete the entry, I said yes.
Symantec keeps barring the download of the Flash Disinfecter, saying that it has a Trojan, then quaranteens the trojan and forces me to cancel the download. The original location of the Trojan is C:\Documents and Settings\Alexa\Local Settings\Temporary Internet Files\Content.IE5\HJGTW1VZ\ and the other is C:\" " " \Content.IE5\BXPO0CLC\ (I tried the dwnld twice, that is why there are two sitting in my quaranteen.
I have, as of yet, done everything except the Flash Disinfecter (because I do not know how to mess with my virus scanner), and the Kaspersky scan. Please advise.
Question: Should I always remove the old Java updates when new ones show up?
New Java version should be able to automatically remove old ones. That kind of functionality was introduced in Java 6 Update 11 if I recall it right. Versions below Java 6 Update 11 have to be removed manually.
Symantec keeps barring the download of the Flash Disinfecter, saying that it has a Trojan, then quaranteens the trojan and forces me to cancel the download.That's a false positive. The easiest way is probably disable Symantec and enable it after download & run have been done :)
The disinfector just runs for a minute, establishes a folder on the flash drive called autorun.inf, then says it is done. all the weird files are still on the flash drive, nothing's changed. Since i had to fight with Symantec to turn it off and disable everything, including auto-protect which apparently continues to annoy you long after you thought you disabled Symantec, I am worried that the disinfector may not be opperating correctly. I have tried it several times with the same result. If this is what I should expect, please let me know. I will run Kaspersky after that.
Hi
Yes, disinfector creates that folder there and it should be left there. Please run Kaspersky online scanner now and have flash drive included to the scan.
After that do following:
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt,
New dds.txt log and
Kaspersky report.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
It said no maleware detected, the scan report had literally nothing on it, and when I hit "save as" nothing happened and the save button greyed out. Did something go wrong, do I have to run it again?
BTW, I have Symantec completely off, including the auto protect, but the auto protect keeps coming up at random times with the false pos trojan and saying it is deciding what to do with it. Things just arent behaving like they should these days. What do you make of it?
Hi
Did you run ComboFix as instructed, yet?
no, not yet. Im kinda an idiot about these things, so when something doesnt go as planned, and i can't see a reason why, I wait before doing the next step. Sorry if I'm being a little cowardly. :)
no, not yet. Im kinda an idiot about these things, so when something doesnt go as planned, and i can't see a reason why, I wait before doing the next step. Sorry if I'm being a little cowardly.
when something doesnt go as planned, and i can't see a reason why, I wait before doing the next step.
That's actually right way to proceed :)
So, no, I didn't run combo fix yet. In light of the issues I expressed in yesterday's post, what should I do? Run the Combo Fix as you said?
Yes, I'd run it with your usb drive plugged in.
First, after combofix internet explorer stated that it was no longer my default browser. I told it to make it my default, but I just thought I would make mention of it just in case that meant something bad.
Here is the Combo Fix, the DDS and attach.txt. as I stated before, Kaspersky did not spit up a report, and stated there was nothing found.
ComboFix 09-05-31.02 - Alexa 05/31/2009 16:01.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.224 [GMT -4:00]
Running from: c:\documents and settings\Alexa\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))
.
2009-05-30 01:52 . 2009-05-30 01:52 -------- d-sh--w- c:\documents and settings\Alexa\UserData
2009-05-28 22:28 . 2009-05-28 20:18 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-28 20:18 . 2009-05-28 20:17 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-28 20:18 . 2009-05-28 20:18 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-05-28 20:18 . 2009-05-28 20:18 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-05-28 20:18 . 2009-05-28 20:18 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-28 20:18 . 2009-05-28 20:18 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-05-28 20:18 . 2009-05-28 20:18 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-05-28 20:18 . 2009-05-28 20:18 294240 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-05-28 20:18 . 2009-05-28 20:18 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-05-28 20:17 . 2009-05-28 20:17 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-05-28 20:17 . 2009-05-28 20:17 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-05-28 20:17 . 2009-05-28 20:17 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-05-28 20:17 . 2009-05-28 20:17 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-05-28 20:17 . 2009-05-28 20:17 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-05-28 20:17 . 2009-05-28 20:17 540536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-05-28 20:17 . 2009-05-28 20:17 559464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-05-28 20:17 . 2009-05-28 20:17 2352456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-05-28 20:17 . 2009-05-28 20:17 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-05-28 20:17 . 2009-05-28 20:17 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-05-28 20:17 . 2009-05-28 20:17 1005904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-05-28 20:10 . 2009-05-28 20:10 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-28 20:10 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-05-28 20:10 . 2009-05-28 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-27 22:33 . 2009-05-27 22:33 -------- d-----w- c:\program files\ERUNT
2009-05-09 00:40 . 2009-05-09 00:40 127877 ----a-w- c:\documents and settings\Alexa\Application Data\Move Networks\uninstall.exe
2009-05-09 00:39 . 2009-05-09 00:40 1685856 ----a-w- c:\documents and settings\Alexa\Application Data\Move Networks\MoveMediaPlayerWin_071500000347.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-29 22:31 . 2008-09-27 03:34 -------- d-----w- c:\documents and settings\Alexa\Application Data\Move Networks
2009-05-28 20:10 . 2006-07-29 02:25 -------- d-----w- c:\program files\Lavasoft
2009-05-28 20:01 . 2006-06-15 19:13 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-28 19:58 . 2006-06-09 23:17 -------- d-----w- c:\program files\Java
2009-05-15 22:57 . 2007-11-29 19:25 -------- d-----w- c:\program files\EA GAMES
2009-05-13 07:05 . 2008-02-14 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-12 01:26 . 2006-12-14 22:48 -------- d-----w- c:\program files\Diablo II
2009-05-01 00:35 . 2007-07-06 19:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-01 00:34 . 2007-07-07 03:58 16 ----a-w- c:\windows\popcinfo.dat
2009-04-06 23:16 . 2006-06-09 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-04-06 23:14 . 2006-06-09 23:25 -------- d-----w- c:\program files\Symantec
2009-04-06 23:14 . 2009-01-22 11:41 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-04-06 23:14 . 2009-01-22 11:41 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-04-06 23:14 . 2009-01-22 11:41 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-06 23:14 . 2009-01-22 11:41 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-06 23:12 . 2006-06-09 23:25 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-04-06 22:38 . 2006-07-29 01:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-03-28 02:06 . 2003-02-21 08:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-03-13 22:01 . 2008-04-16 18:59 149768 ----a-w- c:\windows\system32\drivers\WpsHelper.sys
2009-03-09 09:19 . 2008-11-05 18:29 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2004-08-11 21:00 284160 ----a-w- c:\windows\system32\pdh.dll
2009-03-06 13:38 . 2009-03-06 07:37 34 ----a-w- c:\documents and settings\Alexa\jagex_runescape_preferences.dat
2009-03-03 00:18 . 2004-08-11 21:00 826368 ----a-w- c:\windows\system32\wininet.dll
2007-07-19 01:40 . 2006-10-17 00:58 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-10-18 19:07 . 2006-07-20 21:53 88 --sh--r- c:\windows\system32\2CEAF28523.sys
2007-10-18 19:07 . 2006-07-20 21:53 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"hplampc"="c:\windows\system32\hplampc.exe" [2002-01-17 40448]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"medicsp2"="c:\program files\twc\medicsp2\bin\sprtcmd.exe" [2007-03-07 198184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-11 342312]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-28 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-28 518488]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2008-05-16 86016]
c:\documents and settings\Alexa\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-6-25 113664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-9 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Windows Desktop Search.lnk.disabled [2007-10-19 1781]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^Alexa^Start Menu^Programs^Startup^Microsoft Office Groove.lnk.disabled]
path=c:\documents and settings\Alexa\Start Menu\Programs\Startup\Microsoft Office Groove.lnk.disabled
backup=c:\windows\pss\Microsoft Office Groove.lnk.disabledStartup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"MSKDetectorExe"=c:\program files\McAfee\SpamKiller\MSKDetct.exe /uninstall
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"PDF4 Registry Controller"="c:\program files\ScanSoft\PDF Converter 4\\RegistryController.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Symantec Client Security\\Symantec AntiVirus\\Smc.exe"=
"c:\\Program Files\\Symantec Client Security\\Symantec AntiVirus\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/28/2009 4:18 PM 64160]
R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [5/21/2008 10:48 AM 202280]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/4/2009 10:36 AM 101936]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1005904]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [4/16/2008 2:59 PM 23888]
S3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\drivers\hp4200c.sys [4/30/2008 11:40 AM 9312]
S3 tcpip_patcher;tcpip_patcher;\??\c:\program files\Ares\tcpip_patcher.sys --> c:\program files\Ares\tcpip_patcher.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-05-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 20:17]
2009-05-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2009-05-31 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Notify-NavLogon - (no file)
SafeBoot-procexp90.Sys
SafeBoot-Symantec Antvirus
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://verizon.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Open with ScanSoft PDF Converter 4.0 - c:\program files\ScanSoft\PDF Converter 4\cnvres_eng.dll /100
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-31 16:22
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(6116)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-31 16:38
ComboFix-quarantined-files.txt 2009-05-31 20:38
Pre-Run: 3,774,394,368 bytes free
Post-Run: 4,220,702,720 bytes free
215 --- E O F --- 2009-05-13 07:05
DDS (Ver_09-05-14.01) - NTFSx86
Run by Alexa at 16:45:07.60 on Sun 05/31/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.138 [GMT -4:00]
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SmcGui.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec\LiveUpdate\luall.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\Updt502\spa.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Alexa\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://verizon.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [hplampc] c:\windows\system32\hplampc.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [medicsp2] c:\program files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\alexa\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Windows Desktop Search.lnk.disabled
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Open with ScanSoft PDF Converter 4.0 - c:\program files\scansoft\pdf converter 4\cnvres_eng.dll /100
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170297346062
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h20264.www2.hp.com/ediags/hpfix/sj/en/check/xp/qdiagh.cab?326
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-28 64160]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [2008-5-21 202280]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2008-9-11 2436536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-4 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090530.003\NAVENG.SYS [2009-5-30 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090530.003\NAVEX15.SYS [2009-5-30 876144]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1005904]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-4-16 23888]
S3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\drivers\hp4200c.sys [2008-4-30 9312]
S3 tcpip_patcher;tcpip_patcher;\??\c:\program files\ares\tcpip_patcher.sys --> c:\program files\ares\tcpip_patcher.sys [?]
=============== Created Last 30 ================
2009-05-31 15:57 161,792 a------- c:\windows\SWREG.exe
2009-05-31 15:57 154,624 a------- c:\windows\PEV.exe
2009-05-31 15:57 98,816 a------- c:\windows\sed.exe
2009-05-29 21:52 <DIR> --dsh--- c:\documents and settings\alexa\UserData
2009-05-29 18:12 <DIR> a-dshr-- C:\autorun.inf
2009-05-28 18:28 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-28 16:18 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-28 16:10 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
==================== Find3M ====================
2009-04-06 19:14 123,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-06 19:14 60,800 a------- c:\windows\system32\S32EVNT1.DLL
2009-04-06 19:14 10,563 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-06 19:14 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-03-27 22:06 348,160 a------- c:\windows\system32\msvcr71.dll
2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-10 22:18 934,792 a------- c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 22:18 239,496 a------- c:\windows\system32\dllcache\wgaLogon.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 10:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-06 09:38 34 a------- c:\documents and settings\alexa\jagex_runescape_preferences.dat
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2007-10-18 15:07 88 ---shr-- c:\windows\system32\2CEAF28523.sys
2007-10-18 15:07 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-04 10:54 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat
============= FINISH: 16:45:45.95 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-05-14.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/15/2006 3:01:26 PM
System Uptime: 5/28/2009 10:06:03 PM (66 hours ago)
Motherboard: Dell Inc. | | 0JC474
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 53 GiB total, 3.951 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 18.539 GiB free.
E: is CDROM (CDFS)
F: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) 82915G/GV/910GL Express Chipset Family
Device ID: PCI\VEN_8086&DEV_2582&SUBSYS_01C41028&REV_04\3&172E68DD&0&10
Manufacturer: Intel Corporation
Name: Intel(R) 82915G/GV/910GL Express Chipset Family
PNP Device ID: PCI\VEN_8086&DEV_2582&SUBSYS_01C41028&REV_04\3&172E68DD&0&10
Service: ialm
==== System Restore Points ===================
RP195: 5/9/2009 5:36:07 PM - System Checkpoint
RP196: 5/10/2009 7:57:43 PM - System Checkpoint
RP197: 5/12/2009 12:06:54 AM - System Checkpoint
RP198: 5/13/2009 3:00:38 AM - Software Distribution Service 3.0
RP199: 5/14/2009 3:56:34 AM - System Checkpoint
RP200: 5/15/2009 9:10:17 AM - System Checkpoint
RP201: 5/16/2009 12:25:13 PM - System Checkpoint
RP202: 5/17/2009 2:47:00 PM - System Checkpoint
RP203: 5/18/2009 9:28:56 PM - System Checkpoint
RP204: 5/19/2009 11:39:37 PM - System Checkpoint
RP205: 5/21/2009 2:59:15 AM - System Checkpoint
RP206: 5/22/2009 3:50:15 AM - System Checkpoint
RP207: 5/23/2009 7:49:13 AM - System Checkpoint
RP208: 5/24/2009 11:49:04 AM - System Checkpoint
RP209: 5/25/2009 11:54:15 AM - System Checkpoint
RP210: 5/26/2009 12:09:32 PM - System Checkpoint
RP211: 5/27/2009 1:07:05 PM - System Checkpoint
RP212: 5/28/2009 2:59:08 PM - System Checkpoint
RP213: 5/28/2009 3:52:23 PM - Removed Adobe Reader 7.0.8
RP214: 5/28/2009 3:55:53 PM - Removed J2SE Runtime Environment 5.0 Update 11
RP215: 5/28/2009 3:56:44 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP216: 5/28/2009 3:58:22 PM - Removed Java(TM) 6 Update 7
RP217: 5/28/2009 4:00:28 PM - Installed Adobe Reader 9.1.
RP218: 5/29/2009 4:36:27 PM - System Checkpoint
RP219: 5/30/2009 5:38:54 PM - System Checkpoint
==== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 4.64
AAC Decoder
Ad-Aware
Ad-Aware SE Personal
Adobe Acrobat 7.0 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Photoshop 7.0
Adobe Reader 9.1
Adobe Shockwave Player 11.5
AGEIA PhysX v7.11.13
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Avid DVD Limited by Sonic
Bejeweled 2 Deluxe
Bonjour
BufferChm
CEP - Color Enable Package
Championship Mah Jongg
Character Builder Beta
Conexant D850 56K V.9x DFVc Modem
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Data Access Objects (DAO) 3.0
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support Center (Support Software)
Dell System Restore
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
Diablo II
Digital Content Portal
Digital Line Detect
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Emperor: Rise of the Middle Kingdom
ERUNT 1.1j
eSupportQFolder
FLV Player 1.3.3
Font Creator Program 3.0
Form Fill (Windows Live Toolbar)
GdiplusUpgrade
Google Desktop
Google Toolbar for Internet Explorer
Google Video Player
GRE POWERPREP
H.264 Decoder
High Definition Audio Driver Package - KB835221
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Deskjet 3900 series
HP Extended Capabilities 5.0
HP Imaging Device Functions 5.0
HP Photosmart Essential
HP Product Detection
HP Solution Center & Imaging Support Tools 5.0
HP Update
HPDeskjet3900Series
HPProductAssistant
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
ISI ResearchSoft - Export Helper
iTunes
Java(TM) 6 Update 13
LiveReg (Symantec Corporation)
LiveUpdate 3.3 (Symantec Corporation)
Macromedia Shockwave Player
Map Button (Windows Live Toolbar)
MarketResearch
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Access 2003 Runtime
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Web Components
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Theme Nunavut
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft XML Parser
MKV Splitter
Modem Helper
Move Media Player
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Netflix Movie Viewer
NetWaiting
NVIDIA Drivers
PC Connectivity Solution
PhotoRecall Deluxe
QuickTime
RealPlayer
Rhapsody Player Engine
Road Runner Install
Road Runner Medic 6.1
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Roxio Update Manager
ScanSoft PDF Converter 4
Search Assist
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Sid Meier's Civilization 4
Sid Meier's Pirates!
Smart Menus (Windows Live Toolbar)
SolutionCenter
Sonic Activation Module
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Status
Symantec Endpoint Protection
Symantec Technical Support Web Controls
System Requirements Lab
The Sims 2 Open For Business
The Sims 2 University
The Sims™ 2 Deluxe
The Sims™ 2 FreeTime
The Sims™ 2 Seasons
TrayApp
Uniblue Registry Booster
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Outlook 2007 Junk Email Filter (kb968503)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
URL Assistant
VC80CRTRedist - 8.0.50727.762
VDMSound 2.0.4
Verizon Online Help & Support
Verizon Yahoo! Applications
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Warcraft III
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
Windows Desktop Search
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live OneCare safety scanner
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinUAE 1.4.2
Yahoo! Browser Services
Yahoo! Messenger
==== Event Viewer Messages From Past Week ========
5/31/2009 4:01:01 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
5/27/2009 6:14:06 PM, error: Service Control Manager [7000] - The MSSQL$MICROSOFTSMLBIZ service failed to start due to the following error: The system cannot find the path specified.
5/27/2009 3:46:02 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
5/27/2009 1:27:45 PM, error: SRTSP [4] - Error loading virus definitions.
==== End Of File ===========================
Hi again,
Open notepad and copy/paste the text in the quotebox below into it:
DDS::
BHO: 1 (0x1) - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & a fresh dds.txt file. What kind of odd files external drive contains? Which drive letter does it use? Just asking so that we can create a batch file to track those down.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
ComboFix asked me if I wanted to update to a newer v of combofix, I chose no.
Windows has been asking to install some updates, I have been putting that off until we are finished.
Combofix detected Symantec running, i disabled the auto protect (which, infuriously, keeps coming back on it's own) but every other Symantec process says it is disabled.
In my flash drive there is: "RECYCLER" location is F drive, all the same data as my desktop recycle bin. Right now my recycle bin is empty, when it wasn't, they both had the same stuff in it, when I delete it from the desktop bin, those items are deleted from the one in the flash drive simultaneously. Set to read only.
DRMv1PM.lic is another file, located on F drive, set to archive.
WMPInfo.xml is the third, located on F drive, set to read only and hidden.
Then there is the autorun.inf file that flash disinfect put there.
Here is ComboFix, DDS, and Attach
ComboFix 09-05-31.02 - Alexa 06/01/2009 14:17.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.226 [GMT -4:00]
Running from: c:\documents and settings\Alexa\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Alexa\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.
2009-05-30 01:52 . 2009-05-30 01:52 -------- d-sh--w- c:\documents and settings\Alexa\UserData
2009-05-28 22:28 . 2009-05-28 20:18 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-28 20:18 . 2009-05-28 20:17 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-28 20:18 . 2009-05-28 20:18 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-05-28 20:18 . 2009-05-28 20:18 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-05-28 20:18 . 2009-05-28 20:18 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-28 20:18 . 2009-05-28 20:18 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-05-28 20:18 . 2009-05-28 20:18 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-05-28 20:18 . 2009-05-28 20:18 294240 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-05-28 20:18 . 2009-05-28 20:18 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-05-28 20:17 . 2009-05-28 20:17 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-05-28 20:17 . 2009-05-28 20:17 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-05-28 20:17 . 2009-05-28 20:17 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-05-28 20:17 . 2009-05-28 20:17 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-05-28 20:17 . 2009-05-28 20:17 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-05-28 20:17 . 2009-05-28 20:17 540536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-05-28 20:17 . 2009-05-28 20:17 559464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-05-28 20:17 . 2009-05-28 20:17 2352456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-05-28 20:17 . 2009-05-28 20:17 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-05-28 20:17 . 2009-05-28 20:17 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-05-28 20:17 . 2009-05-28 20:17 1005904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-05-28 20:10 . 2009-05-28 20:10 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-28 20:10 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-05-28 20:10 . 2009-05-28 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-27 22:33 . 2009-05-27 22:33 -------- d-----w- c:\program files\ERUNT
2009-05-09 00:40 . 2009-05-09 00:40 127877 ----a-w- c:\documents and settings\Alexa\Application Data\Move Networks\uninstall.exe
2009-05-09 00:39 . 2009-05-09 00:40 1685856 ----a-w- c:\documents and settings\Alexa\Application Data\Move Networks\MoveMediaPlayerWin_071500000347.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-29 22:31 . 2008-09-27 03:34 -------- d-----w- c:\documents and settings\Alexa\Application Data\Move Networks
2009-05-28 20:10 . 2006-07-29 02:25 -------- d-----w- c:\program files\Lavasoft
2009-05-28 20:01 . 2006-06-15 19:13 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-28 19:58 . 2006-06-09 23:17 -------- d-----w- c:\program files\Java
2009-05-15 22:57 . 2007-11-29 19:25 -------- d-----w- c:\program files\EA GAMES
2009-05-13 07:05 . 2008-02-14 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-12 01:26 . 2006-12-14 22:48 -------- d-----w- c:\program files\Diablo II
2009-05-09 00:40 . 2009-05-01 06:30 4183416 ----a-w- c:\documents and settings\Alexa\Application Data\Move Networks\plugins\npqmp071500000347.dll
2009-05-01 06:30 . 2009-05-01 06:30 97144 ----a-w- c:\documents and settings\Alexa\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-05-01 00:35 . 2007-07-06 19:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-01 00:34 . 2007-07-07 03:58 16 ----a-w- c:\windows\popcinfo.dat
2009-04-06 23:16 . 2006-06-09 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-04-06 23:14 . 2006-06-09 23:25 -------- d-----w- c:\program files\Symantec
2009-04-06 23:14 . 2009-01-22 11:41 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-04-06 23:14 . 2009-01-22 11:41 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-04-06 23:14 . 2009-01-22 11:41 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-06 23:14 . 2009-01-22 11:41 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-06 23:12 . 2006-06-09 23:25 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-04-06 22:38 . 2006-07-29 01:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-04-03 21:26 . 2009-04-03 21:26 152576 ----a-w- c:\documents and settings\Alexa\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-28 02:06 . 2003-02-21 08:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-03-13 22:01 . 2008-04-16 18:59 149768 ----a-w- c:\windows\system32\drivers\WpsHelper.sys
2009-03-12 19:50 . 2009-03-12 19:50 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.0.51\SetupAdmin.exe
2009-03-11 17:02 . 2009-03-11 17:02 503808 ----a-w- c:\documents and settings\Alexa\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-701f446b-n\msvcp71.dll
2009-03-11 17:02 . 2009-03-11 17:02 499712 ----a-w- c:\documents and settings\Alexa\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-701f446b-n\jmc.dll
2009-03-11 17:02 . 2009-03-11 17:02 348160 ----a-w- c:\documents and settings\Alexa\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-701f446b-n\msvcr71.dll
2009-03-11 16:59 . 2009-03-11 16:59 152576 ----a-w- c:\documents and settings\Alexa\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-03-09 09:19 . 2008-11-05 18:29 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2004-08-11 21:00 284160 ----a-w- c:\windows\system32\pdh.dll
2009-03-06 13:38 . 2009-03-06 07:37 34 ----a-w- c:\documents and settings\Alexa\jagex_runescape_preferences.dat
2007-07-19 01:40 . 2006-10-17 00:58 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-10-18 19:07 . 2006-07-20 21:53 88 --sh--r- c:\windows\system32\2CEAF28523.sys
2007-10-18 19:07 . 2006-07-20 21:53 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"hplampc"="c:\windows\system32\hplampc.exe" [2002-01-17 40448]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"medicsp2"="c:\program files\twc\medicsp2\bin\sprtcmd.exe" [2007-03-07 198184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-11 342312]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-28 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-28 518488]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2008-05-16 86016]
c:\documents and settings\Alexa\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-6-25 113664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-9 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Windows Desktop Search.lnk.disabled [2007-10-19 1781]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^Alexa^Start Menu^Programs^Startup^Microsoft Office Groove.lnk.disabled]
path=c:\documents and settings\Alexa\Start Menu\Programs\Startup\Microsoft Office Groove.lnk.disabled
backup=c:\windows\pss\Microsoft Office Groove.lnk.disabledStartup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"MSKDetectorExe"=c:\program files\McAfee\SpamKiller\MSKDetct.exe /uninstall
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"PDF4 Registry Controller"="c:\program files\ScanSoft\PDF Converter 4\\RegistryController.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Symantec Client Security\\Symantec AntiVirus\\Smc.exe"=
"c:\\Program Files\\Symantec Client Security\\Symantec AntiVirus\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-05-28 1005904]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\DRIVERS\hp4200c.sys [2001-02-18 9312]
R3 tcpip_patcher;tcpip_patcher;c:\program files\Ares\tcpip_patcher.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-05-28 64160]
S2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [2007-03-07 202280]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936]
--- Other Services/Drivers In Memory ---
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - Apple Mobile Device
*Deregistered* - ASPI32
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - ccEvtMgr
*Deregistered* - ccSetMgr
*Deregistered* - Cdfs
*Deregistered* - COH_Mon
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - DLABOIOM
*Deregistered* - DLADResN
*Deregistered* - DLAIFS_M
*Deregistered* - DLAOPIOM
*Deregistered* - DLAPoolM
*Deregistered* - DLARTL_N
*Deregistered* - DLAUDF_M
*Deregistered* - DLAUDFAM
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - DRVNDDM
*Deregistered* - eeCtrl
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fax
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - HTTP
*Deregistered* - i2omgmt
*Deregistered* - ImapiService
*Deregistered* - IntelIde
*Deregistered* - IpNat
*Deregistered* - iPod Service
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - Kbdclass
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - Lavasoft Ad-Aware Service
*Deregistered* - Lbd
*Deregistered* - LiveUpdate
*Deregistered* - LmHosts
*Deregistered* - MDM
*Deregistered* - mdmxsdk
*Deregistered* - mnmdd
*Deregistered* - Mouclass
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - NVSvc
*Deregistered* - ose
*Deregistered* - PartMgr
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - SmcService
*Deregistered* - SPBBCDrv
*Deregistered* - Spooler
*Deregistered* - sprtsvc_dellsupportcenter
*Deregistered* - sprtsvc_medicsp2
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - SRTSP
*Deregistered* - SRTSPX
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - Symantec AntiVirus
*Deregistered* - SymEvent
*Deregistered* - SYMREDRV
*Deregistered* - SYMTDI
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - Teefer2
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - tmcomm
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - w32time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WmiApSrv
*Deregistered* - WPS
*Deregistered* - WpsHelper
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder
2009-05-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 20:17]
2009-05-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2009-06-01 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://verizon.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Open with ScanSoft PDF Converter 4.0 - c:\program files\ScanSoft\PDF Converter 4\cnvres_eng.dll /100
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 14:36
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3740)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-01 14:50
ComboFix-quarantined-files.txt 2009-06-01 18:50
ComboFix2.txt 2009-05-31 20:38
Pre-Run: 4,402,958,336 bytes free
Post-Run: 4,474,146,816 bytes free
358 --- E O F --- 2009-05-13 07:05
DDS (Ver_09-05-14.01) - NTFSx86
Run by Alexa at 16:40:10.53 on Mon 06/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.146 [GMT -4:00]
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SmcGui.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec\LiveUpdate\luall.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\Updt96\spa.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Alexa\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://verizon.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [hplampc] c:\windows\system32\hplampc.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [medicsp2] c:\program files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\alexa\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Windows Desktop Search.lnk.disabled
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Open with ScanSoft PDF Converter 4.0 - c:\program files\scansoft\pdf converter 4\cnvres_eng.dll /100
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170297346062
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h20264.www2.hp.com/ediags/hpfix/sj/en/check/xp/qdiagh.cab?326
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-28 64160]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [2008-5-21 202280]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2008-9-11 2436536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-4 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090531.003\NAVENG.SYS [2009-5-31 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090531.003\NAVEX15.SYS [2009-5-31 876144]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1005904]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-4-16 23888]
S3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\drivers\hp4200c.sys [2008-4-30 9312]
S3 tcpip_patcher;tcpip_patcher;\??\c:\program files\ares\tcpip_patcher.sys --> c:\program files\ares\tcpip_patcher.sys [?]
=============== Created Last 30 ================
2009-05-31 15:57 161,792 a------- c:\windows\SWREG.exe
2009-05-31 15:57 154,624 a------- c:\windows\PEV.exe
2009-05-31 15:57 98,816 a------- c:\windows\sed.exe
2009-05-29 21:52 <DIR> --dsh--- c:\documents and settings\alexa\UserData
2009-05-29 18:12 <DIR> a-dshr-- C:\autorun.inf
2009-05-28 18:28 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-28 16:18 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-28 16:10 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
==================== Find3M ====================
2009-04-06 19:14 123,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-06 19:14 60,800 a------- c:\windows\system32\S32EVNT1.DLL
2009-04-06 19:14 10,563 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-06 19:14 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-03-27 22:06 348,160 a------- c:\windows\system32\msvcr71.dll
2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-10 22:18 934,792 a------- c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 22:18 239,496 a------- c:\windows\system32\dllcache\wgaLogon.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 10:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-06 09:38 34 a------- c:\documents and settings\alexa\jagex_runescape_preferences.dat
2007-10-18 15:07 88 ---shr-- c:\windows\system32\2CEAF28523.sys
2007-10-18 15:07 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-04 10:54 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat
============= FINISH: 16:40:59.71 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-05-14.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/15/2006 3:01:26 PM
System Uptime: 5/28/2009 10:06:03 PM (90 hours ago)
Motherboard: Dell Inc. | | 0JC474
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 53 GiB total, 4.185 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 18.539 GiB free.
E: is CDROM (CDFS)
F: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) 82915G/GV/910GL Express Chipset Family
Device ID: PCI\VEN_8086&DEV_2582&SUBSYS_01C41028&REV_04\3&172E68DD&0&10
Manufacturer: Intel Corporation
Name: Intel(R) 82915G/GV/910GL Express Chipset Family
PNP Device ID: PCI\VEN_8086&DEV_2582&SUBSYS_01C41028&REV_04\3&172E68DD&0&10
Service: ialm
==== System Restore Points ===================
RP200: 5/15/2009 9:10:17 AM - System Checkpoint
RP201: 5/16/2009 12:25:13 PM - System Checkpoint
RP202: 5/17/2009 2:47:00 PM - System Checkpoint
RP203: 5/18/2009 9:28:56 PM - System Checkpoint
RP204: 5/19/2009 11:39:37 PM - System Checkpoint
RP205: 5/21/2009 2:59:15 AM - System Checkpoint
RP206: 5/22/2009 3:50:15 AM - System Checkpoint
RP207: 5/23/2009 7:49:13 AM - System Checkpoint
RP208: 5/24/2009 11:49:04 AM - System Checkpoint
RP209: 5/25/2009 11:54:15 AM - System Checkpoint
RP210: 5/26/2009 12:09:32 PM - System Checkpoint
RP211: 5/27/2009 1:07:05 PM - System Checkpoint
RP212: 5/28/2009 2:59:08 PM - System Checkpoint
RP213: 5/28/2009 3:52:23 PM - Removed Adobe Reader 7.0.8
RP214: 5/28/2009 3:55:53 PM - Removed J2SE Runtime Environment 5.0 Update 11
RP215: 5/28/2009 3:56:44 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP216: 5/28/2009 3:58:22 PM - Removed Java(TM) 6 Update 7
RP217: 5/28/2009 4:00:28 PM - Installed Adobe Reader 9.1.
RP218: 5/29/2009 4:36:27 PM - System Checkpoint
RP219: 5/30/2009 5:38:54 PM - System Checkpoint
RP220: 5/31/2009 10:10:27 PM - System Checkpoint
==== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 4.64
AAC Decoder
Ad-Aware
Ad-Aware SE Personal
Adobe Acrobat 7.0 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Photoshop 7.0
Adobe Reader 9.1
Adobe Shockwave Player 11.5
AGEIA PhysX v7.11.13
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Avid DVD Limited by Sonic
Bejeweled 2 Deluxe
Bonjour
BufferChm
CEP - Color Enable Package
Championship Mah Jongg
Character Builder Beta
Conexant D850 56K V.9x DFVc Modem
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Data Access Objects (DAO) 3.0
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support Center (Support Software)
Dell System Restore
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
Diablo II
Digital Content Portal
Digital Line Detect
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Emperor: Rise of the Middle Kingdom
ERUNT 1.1j
eSupportQFolder
FLV Player 1.3.3
Font Creator Program 3.0
Form Fill (Windows Live Toolbar)
GdiplusUpgrade
Google Desktop
Google Toolbar for Internet Explorer
Google Video Player
GRE POWERPREP
H.264 Decoder
High Definition Audio Driver Package - KB835221
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Deskjet 3900 series
HP Extended Capabilities 5.0
HP Imaging Device Functions 5.0
HP Photosmart Essential
HP Product Detection
HP Solution Center & Imaging Support Tools 5.0
HP Update
HPDeskjet3900Series
HPProductAssistant
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
ISI ResearchSoft - Export Helper
iTunes
Java(TM) 6 Update 13
LiveReg (Symantec Corporation)
LiveUpdate 3.3 (Symantec Corporation)
Macromedia Shockwave Player
Map Button (Windows Live Toolbar)
MarketResearch
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Access 2003 Runtime
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Web Components
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Theme Nunavut
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft XML Parser
MKV Splitter
Modem Helper
Move Media Player
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Netflix Movie Viewer
NetWaiting
NVIDIA Drivers
PC Connectivity Solution
PhotoRecall Deluxe
QuickTime
RealPlayer
Rhapsody Player Engine
Road Runner Install
Road Runner Medic 6.1
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Roxio Update Manager
ScanSoft PDF Converter 4
Search Assist
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Sid Meier's Civilization 4
Sid Meier's Pirates!
Smart Menus (Windows Live Toolbar)
SolutionCenter
Sonic Activation Module
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Status
Symantec Endpoint Protection
Symantec Technical Support Web Controls
System Requirements Lab
The Sims 2 Open For Business
The Sims 2 University
The Sims™ 2 Deluxe
The Sims™ 2 FreeTime
The Sims™ 2 Seasons
TrayApp
Uniblue Registry Booster
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Outlook 2007 Junk Email Filter (kb968503)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
URL Assistant
VC80CRTRedist - 8.0.50727.762
VDMSound 2.0.4
Verizon Online Help & Support
Verizon Yahoo! Applications
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Warcraft III
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
Windows Desktop Search
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live OneCare safety scanner
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinUAE 1.4.2
Yahoo! Browser Services
Yahoo! Messenger
==== Event Viewer Messages From Past Week ========
5/31/2009 4:01:01 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
5/27/2009 6:14:06 PM, error: Service Control Manager [7000] - The MSSQL$MICROSOFTSMLBIZ service failed to start due to the following error: The system cannot find the path specified.
5/27/2009 3:46:02 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
5/27/2009 1:27:45 PM, error: SRTSP [4] - Error loading virus definitions.
==== End Of File ===========================
Hi
Both those files are related to DRM protection. Have you had any music files on that external drive?
I don't think so, I don't remember ever trying to transport music on the flash drive, but it is possible I guess.
So what about the Recycler? should that be there? and, like I said before, for the longest time I saw a autorun.inf file on the flash drive, not hidden, and I just assumed it was supposed to be there (I'm not talking about the one flash disinfector put there). My research on W32.SillyFDC virus suggested that it tends to come from infected flash drives.
I guess my question is; am I infected or not? What is going on with my machine that you are aware of? What is the virus Symantec caught doing? I just want to know what is going on.
Hi
So what about the Recycler? should that be there?
You may delete that. Don't think it should be there.
and, like I said before, for the longest time I saw a autorun.inf file on the flash drive, not hidden, and I just assumed it was supposed to be there (I'm not talking about the one flash disinfector put there).
Is the file still there? If it is what's the contents while opened in Notepad? Presence of autorun.inf file itself doesn't indicate infection. It's the contents of the file that counts.
Now lets uninstall ComboFix:
Click START then RUN
Now type "c:\documents and settings\Alexa\Desktop\ComboFix.exe" /u in the runbox and click OK
I can't delete the recycler file in the flash drive. It tells me that the file is called "Desktop.ini" and that it could screw up my pc to delete it. my pc seems to think that the recycle bin in my flash drive is the same one as on my desktop.
there is an autorun.inf on the flashdrive now, but the file says it was installed by flash disinfect. where the other one i was seeing a while ago went...i don't know.
Hi
The autorun.inf file might had been removed when you ran flash disinfector. You may leave the recycler folder there. It's actually ok.
So, in case there're no other infection related alarms I think the system is clean.
The Silly virus is still in my quarantene. What should I do with it?
Thank you very much for all your help. Just in case it is important to your notation, the silly virus's location was in F:\Recycler. That was why I originally thought it came from my flash drive. I had forgotten.
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.