View Full Version : Virus infects my niece school's laptop.
Cassie09
2009-12-13, 07:29
My niece's laptop uses for her fifth grade class has been infected with viruses. Please help. Her mini laptop has infected with virus for two weeks now and she could not use it for her class. She has to borrow the school's laptop. Here is the hijack log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:03 PM, on 12/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OA012Mon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\WSED\WSED.exe
C:\Program Files\Battery Meter\BTMeter.exe
C:\Program Files\CapsLKNotify\CapsLKNotify.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchslate.com/wp.ashx?ref=home&id=173
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USCON/1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 64.86.16.97 google.ae
O1 - Hosts: 64.86.16.97 google.as
O1 - Hosts: 64.86.16.97 google.at
O1 - Hosts: 64.86.16.97 google.az
O1 - Hosts: 64.86.16.97 google.ba
O1 - Hosts: 64.86.16.97 google.be
O1 - Hosts: 64.86.16.97 google.bg
O1 - Hosts: 64.86.16.97 google.bs
O1 - Hosts: 64.86.16.97 google.ca
O1 - Hosts: 64.86.16.97 google.cd
O1 - Hosts: 64.86.16.97 google.com.gh
O1 - Hosts: 64.86.16.97 google.com.hk
O1 - Hosts: 64.86.16.97 google.com.jm
O1 - Hosts: 64.86.16.97 google.com.mx
O1 - Hosts: 64.86.16.97 google.com.my
O1 - Hosts: 64.86.16.97 google.com.na
O1 - Hosts: 64.86.16.97 google.com.nf
O1 - Hosts: 64.86.16.97 google.com.ng
O1 - Hosts: 64.86.16.97 google.ch
O1 - Hosts: 64.86.16.97 google.com.np
O1 - Hosts: 64.86.16.97 google.com.pr
O1 - Hosts: 64.86.16.97 google.com.qa
O1 - Hosts: 64.86.16.97 google.com.sg
O1 - Hosts: 64.86.16.97 google.com.tj
O1 - Hosts: 64.86.16.97 google.com.tw
O1 - Hosts: 64.86.16.97 google.dj
O1 - Hosts: 64.86.16.97 google.de
O1 - Hosts: 64.86.16.97 google.dk
O1 - Hosts: 64.86.16.97 google.dm
O1 - Hosts: 64.86.16.97 google.ee
O1 - Hosts: 64.86.16.97 google.fi
O1 - Hosts: 64.86.16.97 google.fm
O1 - Hosts: 64.86.16.97 google.fr
O1 - Hosts: 64.86.16.97 google.ge
O1 - Hosts: 64.86.16.97 google.gg
O1 - Hosts: 64.86.16.97 google.gm
O1 - Hosts: 64.86.16.97 google.gr
O1 - Hosts: 64.86.16.97 google.ht
O1 - Hosts: 64.86.16.97 google.ie
O1 - Hosts: 64.86.16.97 google.im
O1 - Hosts: 64.86.16.97 google.in
O1 - Hosts: 64.86.16.97 google.it
O1 - Hosts: 64.86.16.97 google.ki
O1 - Hosts: 64.86.16.97 google.la
O1 - Hosts: 64.86.16.97 google.li
O1 - Hosts: 64.86.16.97 google.lv
O1 - Hosts: 64.86.16.97 google.ma
O1 - Hosts: 64.86.16.97 google.ms
O1 - Hosts: 64.86.16.97 google.mu
O1 - Hosts: 64.86.16.97 google.mw
O1 - Hosts: 64.86.16.97 google.nl
O1 - Hosts: 64.86.16.97 google.no
O1 - Hosts: 64.86.16.97 google.nr
O1 - Hosts: 64.86.16.97 google.nu
O1 - Hosts: 64.86.16.97 google.pl
O1 - Hosts: 64.86.16.97 google.pn
O1 - Hosts: 64.86.16.97 google.pt
O1 - Hosts: 64.86.16.97 google.ro
O1 - Hosts: 64.86.16.97 google.ru
O1 - Hosts: 64.86.16.97 google.rw
O1 - Hosts: 64.86.16.97 google.sc
O1 - Hosts: 64.86.16.97 google.se
O1 - Hosts: 64.86.16.97 google.sh
O1 - Hosts: 64.86.16.97 google.si
O1 - Hosts: 64.86.16.97 google.sm
O1 - Hosts: 64.86.16.97 google.sn
O1 - Hosts: 64.86.16.97 google.st
O1 - Hosts: 64.86.16.97 google.tl
O1 - Hosts: 64.86.16.97 google.tm
O1 - Hosts: 64.86.16.97 google.tt
O1 - Hosts: 64.86.16.97 google.us
O1 - Hosts: 64.86.16.97 google.vu
O1 - Hosts: 64.86.16.97 google.ws
O1 - Hosts: 64.86.16.97 google.co.ck
O1 - Hosts: 64.86.16.97 google.co.id
O1 - Hosts: 64.86.16.97 google.co.il
O1 - Hosts: 64.86.16.97 google.co.in
O1 - Hosts: 64.86.16.97 google.co.jp
O1 - Hosts: 64.86.16.97 google.co.kr
O1 - Hosts: 64.86.16.97 google.co.ls
O1 - Hosts: 64.86.16.97 google.co.ma
O1 - Hosts: 64.86.16.97 google.co.nz
O1 - Hosts: 64.86.16.97 google.co.tz
O1 - Hosts: 64.86.16.97 google.co.ug
O1 - Hosts: 64.86.16.97 google.co.uk
O1 - Hosts: 64.86.16.97 google.co.za
O1 - Hosts: 64.86.16.97 google.co.zm
O1 - Hosts: 64.86.16.97 google.com
O1 - Hosts: 64.86.16.97 google.com.af
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OA012Mon] C:\WINDOWS\OA012Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [WSED] C:\Program Files\WSED\WSED.exe
O4 - HKLM\..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe
O4 - HKLM\..\Run: [CapsLKNotify] C:\Program Files\CapsLKNotify\CapsLKNotify.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 13227 bytes
Hi,
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
Cassie09
2009-12-18, 04:13
Thank you for spending your time helping me. Here is the DDS log:
DDS (Ver_09-12-01.01) - NTFSx86
Run by Cassidy at 21:08:17.53 on Thu 12/17/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.337 [GMT -6:00]
AV: Windows Enterprise Defender *On-access scanning enabled* (Updated) {78C05814-A8CA-4957-9781-6DF05D1D83FB}
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Windows Enterprise Defender *enabled* {1520F7ED-C6CD-4CEF-9AC1-5053E9D3ADE1}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OA012Mon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\WSED\WSED.exe
C:\Program Files\Battery Meter\BTMeter.exe
C:\Program Files\CapsLKNotify\CapsLKNotify.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Documents and Settings\Cassidy\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.searchslate.com/wp.ashx?ref=home&id=173
uSearch Page = hxxp://www.live.com
mDefault_Page_URL = hxxp://www.dell.com
mStart Page = hxxp://www.dell.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OA012Mon] c:\windows\OA012Mon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [WSED] c:\program files\wsed\WSED.exe
mRun: [BTMeter] c:\program files\battery meter\BTMeter.exe
mRun: [CapsLKNotify] c:\program files\capslknotify\CapsLKNotify.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\cassidy\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\cassidy\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
IFEO: image file execution options - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Note: multiple HOSTS entries found. Please refer to Attach.txt
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\cassidy\applic~1\mozilla\firefox\profiles\23bqy5iz.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R?2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-10-17 108392]
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-9-25 14248]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-9-25 143840]
R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [2009-9-25 135168]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [2009-9-25 133632]
R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [2009-9-25 272032]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-25 162816]
S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-10-17 108392]
S2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-10-17 2436536]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-9-25 1684736]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-7-30 23888]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20091116.002\NAVENG.SYS [2009-11-16 84912]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20091116.002\NAVEX15.SYS [2009-11-16 1323568]
=============== Created Last 30 ================
2009-12-13 05:59:44 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2009-12-13 05:59:25 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-12-07 01:41:08 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-07 01:41:08 215920 ----a-w- c:\windows\system32\muweb.dll
2009-12-07 01:35:38 0 d-----w- c:\windows\system32\wbem\Repository
2009-12-07 01:34:32 0 d-----w- c:\program files\Symantec
2009-12-02 00:25:07 0 d-----w- c:\program files\Symantec(2)
2009-12-02 00:08:29 0 d-----w- c:\program files\Trend Micro
2009-12-01 23:53:18 0 d-----w- c:\windows\pss
2009-12-01 23:26:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Citrix
2009-12-01 23:25:49 0 d-----w- c:\program files\Citrix
2009-12-01 16:41:45 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-12-01 03:12:28 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2009-12-01 03:12:28 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2009-12-01 02:13:48 567584 ----a-w- C:\new_log.html
2009-12-01 02:13:25 0 d-----w- c:\program files\Wyeke
2009-12-01 02:13:25 0 d-----w- c:\program files\Freeze.com
2009-12-01 02:13:24 0 d-----w- c:\program files\AWS
==================== Find3M ====================
2009-12-13 05:59:08 13229 ----a-w- c:\program files\hijackthis.log
2009-11-17 01:17:56 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-10-28 03:16:52 144134 ----a-w- c:\windows\hpwins23.dat
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\SET733.tmp
2009-10-06 13:39:56 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-09-25 09:27:02 77824 ----a-w- c:\windows\setpwr32.exe
2009-09-25 06:54:46 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-09-25 05:37:10 1509888 ----a-w- c:\windows\system32\shdocvw(2).dll
============= FINISH: 21:08:58.07 ===============
Hi,
1. Download combofix (http://download.bleepingcomputer.com/sUBs/Beta/KittyFix.exe) and save it to Desktop
2. Run it & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log & fresh dds log in your next reply.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If you have problems with Combofix usage, see here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Cassie09
2009-12-18, 08:03
Here is the combofix log:
ComboFix 09-12-17.01 - Cassidy 12/18/2009 0:41.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.522 [GMT -6:00]
Running from: c:\documents and settings\Cassidy\My Documents\Downloads\KittyFix.exe
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IMAPISERVICE
-------\Service_ImapiService
((((((((((((((((((((((((( Files Created from 2009-11-18 to 2009-12-18 )))))))))))))))))))))))))))))))
.
2009-12-13 06:01 . 2009-12-13 06:02 -------- d-----w- c:\documents and settings\Administrator.CASSIDYPC
2009-12-13 05:59 . 2009-07-17 16:22 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2009-12-13 05:59 . 2009-09-04 21:03 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-12-07 01:41 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-07 01:41 . 2009-08-07 01:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-12-07 01:35 . 2009-12-07 01:35 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-07 01:34 . 2009-12-07 01:34 -------- d-----w- c:\program files\Symantec
2009-12-02 00:25 . 2009-12-07 01:34 -------- d-----w- c:\program files\Symantec(2)
2009-12-02 00:08 . 2009-12-02 00:08 -------- d-----w- c:\program files\Trend Micro
2009-12-01 23:41 . 2009-09-25 07:07 33416 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-01 23:26 . 2009-12-01 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2009-12-01 23:25 . 2009-12-01 23:25 -------- d-----w- c:\program files\Citrix
2009-12-01 23:25 . 2009-12-01 23:25 -------- d-----w- c:\documents and settings\Cassidy\Local Settings\Application Data\Citrix
2009-12-01 03:12 . 2007-03-22 01:33 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2009-12-01 03:12 . 2007-03-22 01:33 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2009-12-01 02:13 . 2009-12-01 02:13 -------- d-----w- c:\documents and settings\Cassidy\Local Settings\Application Data\WeatherBug
2009-12-01 02:13 . 2009-12-07 01:36 -------- d-----w- c:\program files\Wyeke
2009-12-01 02:13 . 2009-12-01 02:13 -------- d-----w- c:\program files\Freeze.com
2009-12-01 02:13 . 2009-12-01 02:13 -------- d-----w- c:\program files\AWS
2009-11-20 00:27 . 2009-11-20 00:27 -------- d-----w- c:\documents and settings\Cassidy\Local Settings\Application Data\HP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-18 06:28 . 2009-10-06 21:53 -------- d-----w- c:\documents and settings\Cassidy\Application Data\skypePM
2009-12-18 03:31 . 2009-09-25 07:12 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-18 03:12 . 2009-10-04 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-13 21:12 . 2009-09-25 07:02 -------- d-----w- c:\program files\Microsoft Works
2009-12-13 05:59 . 2009-12-13 05:59 13229 ----a-w- c:\program files\hijackthis.log
2009-12-09 19:37 . 2009-10-06 21:50 -------- d-----w- c:\documents and settings\Cassidy\Application Data\Skype
2009-12-07 22:32 . 2009-10-02 00:19 71224 ----a-w- c:\documents and settings\Cassidy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-07 01:42 . 2009-10-23 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-07 01:34 . 2009-10-06 13:38 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-07 01:34 . 2009-10-06 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-12-07 01:31 . 2009-10-06 00:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-07 00:55 . 2009-10-23 01:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-17 01:49 . 2009-11-17 01:48 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-11-17 01:48 . 2009-11-17 01:48 -------- d-----w- c:\documents and settings\Cassidy\Application Data\Thunderbird
2009-11-17 01:19 . 2009-10-29 16:24 -------- d-----w- c:\program files\Common Files\Stardock
2009-11-17 01:17 . 2009-11-17 01:17 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-11-17 01:08 . 2009-11-17 01:08 0 ----a-w- c:\windows\nsreg.dat
2009-11-12 00:15 . 2009-11-12 00:15 -------- d-----w- c:\documents and settings\Cassidy\Application Data\Reallusion
2009-11-12 00:15 . 2009-10-15 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-11-09 18:57 . 2009-11-09 15:53 79488 ----a-w- c:\documents and settings\Cassidy\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-02 19:41 . 2009-11-02 19:41 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-10-29 16:24 . 2009-10-29 16:24 -------- d-----w- c:\program files\Stardock
2009-10-29 05:38 . 2008-04-25 20:33 667136 ----a-w- c:\windows\system32\wininet.dll
2009-10-28 03:16 . 2009-10-28 03:07 144134 ----a-w- c:\windows\hpwins23.dat
2009-10-28 03:11 . 2009-10-28 03:11 -------- d-----w- c:\program files\Common Files\HP
2009-10-28 03:11 . 2009-10-28 03:11 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-10-28 03:11 . 2009-10-28 03:11 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-28 03:09 . 2009-10-28 03:09 -------- d-----w- c:\program files\HP
2009-10-23 02:52 . 2009-10-23 02:52 -------- d-----w- c:\program files\CCleaner
2009-10-23 02:52 . 2009-10-23 02:44 -------- d-----w- c:\program files\Wise Registry Cleaner
2009-10-23 02:48 . 2009-10-23 02:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-23 01:36 . 2009-10-17 14:13 -------- d-sh--w- c:\documents and settings\All Users\Application Data\62027dd
2009-10-22 23:33 . 2009-09-25 07:02 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-22 23:33 . 2009-10-22 23:33 152576 ----a-w- c:\documents and settings\Cassidy\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-10-21 05:38 . 2008-04-25 20:33 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-25 20:33 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 00:23 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2008-04-25 20:33 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-25 20:33 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-25 20:33 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-06 21:53 . 2009-10-06 21:53 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-06 13:39 . 2009-10-06 13:39 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-06 13:39 . 2009-10-06 13:39 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-25 09:27 . 2009-09-25 09:27 77824 ----a-w- c:\windows\setpwr32.exe
2009-09-25 07:07 . 2009-12-13 06:02 33416 ----a-w- c:\documents and settings\Administrator.CASSIDYPC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-25 07:05 . 2009-09-25 07:05 75 --sh--r- c:\windows\CT4CET.bin
2009-09-25 06:54 . 2009-09-25 06:54 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-09-25 06:41 . 2008-04-26 01:45 77423 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-09-25 05:37 . 2008-04-25 20:33 1509888 ----a-w- c:\windows\system32\shdocvw(2).dll
2009-09-25 05:37 . 2008-04-25 20:33 81920 ----a-w- c:\windows\system32\ieencode.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-15 1434920]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-15 17529856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-15 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-15 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-15 137752]
"OA012Mon"="c:\windows\OA012Mon.exe" [2009-05-11 24576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-25 148888]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-06 2289664]
"WSED"="c:\program files\WSED\WSED.exe" [2009-03-31 251176]
"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2008-11-05 623912]
"CapsLKNotify"="c:\program files\CapsLKNotify\CapsLKNotify.exe" [2009-02-23 320808]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 115560]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
c:\documents and settings\Cassidy\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Cassidy\\My Documents\\Downloads\\OJ6500vE709_Basic_12\\setup\\hpznui01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [9/25/2009 12:56 AM 14248]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [9/25/2009 1:04 AM 143840]
R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [9/25/2009 3:27 AM 135168]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [9/25/2009 3:27 AM 133632]
R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [9/25/2009 3:27 AM 272032]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [9/25/2009 3:26 AM 162816]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/25/2009 3:26 AM 1684736]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/30/2008 4:42 PM 23888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.searchslate.com/wp.ashx?ref=home&id=173
mStart Page = hxxp://www.dell.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Cassidy\Application Data\Mozilla\Firefox\Profiles\23bqy5iz.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -
SafeBoot-mcmscsvc
SafeBoot-MCODS
SafeBoot-Symantec Antvirus
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-18 00:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3984)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-12-18 00:51:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-18 06:51
Pre-Run: 132,629,663,744 bytes free
Post-Run: 132,522,459,136 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 29FB11CA559A95DC7E2C4AE0D4B38BC5
here is the DDs log:
DDS (Ver_09-12-01.01) - NTFSx86
Run by Cassidy at 0:53:05.59 on Fri 12/18/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.512 [GMT -6:00]
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OA012Mon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\WSED\WSED.exe
C:\Program Files\Battery Meter\BTMeter.exe
C:\Program Files\CapsLKNotify\CapsLKNotify.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Cassidy\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.searchslate.com/wp.ashx?ref=home&id=173
mStart Page = hxxp://www.dell.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OA012Mon] c:\windows\OA012Mon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [WSED] c:\program files\wsed\WSED.exe
mRun: [BTMeter] c:\program files\battery meter\BTMeter.exe
mRun: [CapsLKNotify] c:\program files\capslknotify\CapsLKNotify.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\cassidy\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\cassidy\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\cassidy\applic~1\mozilla\firefox\profiles\23bqy5iz.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R?2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-10-17 108392]
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-9-25 14248]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-9-25 143840]
R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [2009-9-25 135168]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [2009-9-25 133632]
R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [2009-9-25 272032]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-25 162816]
S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-10-17 108392]
S2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-10-17 2436536]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-9-25 1684736]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-7-30 23888]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20091116.002\NAVENG.SYS [2009-11-16 84912]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20091116.002\NAVEX15.SYS [2009-11-16 1323568]
=============== Created Last 30 ================
2009-12-18 06:40:36 0 d-sha-r- C:\cmdcons
2009-12-18 06:39:34 98816 ----a-w- c:\windows\sed.exe
2009-12-18 06:39:34 77312 ----a-w- c:\windows\MBR.exe
2009-12-18 06:39:34 261632 ----a-w- c:\windows\PEV.exe
2009-12-18 06:39:34 161792 ----a-w- c:\windows\SWREG.exe
2009-12-13 05:59:44 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2009-12-13 05:59:25 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-12-07 01:41:08 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-07 01:41:08 215920 ----a-w- c:\windows\system32\muweb.dll
2009-12-07 01:35:38 0 d-----w- c:\windows\system32\wbem\Repository
2009-12-07 01:34:32 0 d-----w- c:\program files\Symantec
2009-12-02 00:25:07 0 d-----w- c:\program files\Symantec(2)
2009-12-02 00:08:29 0 d-----w- c:\program files\Trend Micro
2009-12-01 23:53:18 0 d-----w- c:\windows\pss
2009-12-01 23:26:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Citrix
2009-12-01 23:25:49 0 d-----w- c:\program files\Citrix
2009-12-01 16:41:45 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-12-01 03:12:28 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2009-12-01 03:12:28 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2009-12-01 02:13:48 567584 ----a-w- C:\new_log.html
2009-12-01 02:13:25 0 d-----w- c:\program files\Wyeke
2009-12-01 02:13:25 0 d-----w- c:\program files\Freeze.com
2009-12-01 02:13:24 0 d-----w- c:\program files\AWS
==================== Find3M ====================
2009-12-13 05:59:08 13229 ----a-w- c:\program files\hijackthis.log
2009-11-17 01:17:56 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-10-29 05:38:23 667136 ------w- c:\windows\system32\wininet.dll
2009-10-28 03:16:52 144134 ----a-w- c:\windows\hpwins23.dat
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-06 13:39:56 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-09-25 09:27:02 77824 ----a-w- c:\windows\setpwr32.exe
2009-09-25 06:54:46 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-09-25 05:37:10 1509888 ----a-w- c:\windows\system32\shdocvw(2).dll
2009-09-25 05:37:09 81920 ----a-w- c:\windows\system32\ieencode.dll
============= FINISH: 0:53:22.75 ===============
Hi again,
Open notepad and copy/paste the text in the quotebox below into it:
DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into KittyFix.exe
Then post the resultant log.
Check here (http://www.adobe.com/software/flash/about/) to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 17 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
Cassie09
2009-12-18, 17:21
Here is the combofix log:
ComboFix 09-12-17.01 - Cassidy 12/18/2009 10:01:58.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.578 [GMT -6:00]
Running from: c:\documents and settings\Cassidy\My Documents\Downloads\KittyFix.exe
Command switches used :: c:\documents and settings\Cassidy\Desktop\cfscript.txt
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ImapiService
((((((((((((((((((((((((( Files Created from 2009-11-18 to 2009-12-18 )))))))))))))))))))))))))))))))
.
2009-12-13 06:01 . 2009-12-13 06:02 -------- d-----w- c:\documents and settings\Administrator.CASSIDYPC
2009-12-13 05:59 . 2009-07-17 16:22 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2009-12-13 05:59 . 2009-09-04 21:03 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-12-07 01:41 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-07 01:41 . 2009-08-07 01:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-12-07 01:35 . 2009-12-07 01:35 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-07 01:34 . 2009-12-07 01:34 -------- d-----w- c:\program files\Symantec
2009-12-02 00:25 . 2009-12-07 01:34 -------- d-----w- c:\program files\Symantec(2)
2009-12-02 00:08 . 2009-12-02 00:08 -------- d-----w- c:\program files\Trend Micro
2009-12-01 23:41 . 2009-09-25 07:07 33416 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-01 23:26 . 2009-12-01 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2009-12-01 23:25 . 2009-12-01 23:25 -------- d-----w- c:\program files\Citrix
2009-12-01 23:25 . 2009-12-01 23:25 -------- d-----w- c:\documents and settings\Cassidy\Local Settings\Application Data\Citrix
2009-12-01 03:12 . 2007-03-22 01:33 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2009-12-01 03:12 . 2007-03-22 01:33 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2009-12-01 02:13 . 2009-12-01 02:13 -------- d-----w- c:\documents and settings\Cassidy\Local Settings\Application Data\WeatherBug
2009-12-01 02:13 . 2009-12-07 01:36 -------- d-----w- c:\program files\Wyeke
2009-12-01 02:13 . 2009-12-01 02:13 -------- d-----w- c:\program files\Freeze.com
2009-12-01 02:13 . 2009-12-01 02:13 -------- d-----w- c:\program files\AWS
2009-11-20 00:27 . 2009-11-20 00:27 -------- d-----w- c:\documents and settings\Cassidy\Local Settings\Application Data\HP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-18 06:28 . 2009-10-06 21:53 -------- d-----w- c:\documents and settings\Cassidy\Application Data\skypePM
2009-12-18 03:31 . 2009-09-25 07:12 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-18 03:12 . 2009-10-04 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-13 21:12 . 2009-09-25 07:02 -------- d-----w- c:\program files\Microsoft Works
2009-12-13 05:59 . 2009-12-13 05:59 13229 ----a-w- c:\program files\hijackthis.log
2009-12-09 19:37 . 2009-10-06 21:50 -------- d-----w- c:\documents and settings\Cassidy\Application Data\Skype
2009-12-07 22:32 . 2009-10-02 00:19 71224 ----a-w- c:\documents and settings\Cassidy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-07 01:42 . 2009-10-23 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-07 01:34 . 2009-10-06 13:38 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-07 01:34 . 2009-10-06 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-12-07 01:31 . 2009-10-06 00:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-07 00:55 . 2009-10-23 01:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-17 01:49 . 2009-11-17 01:48 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-11-17 01:48 . 2009-11-17 01:48 -------- d-----w- c:\documents and settings\Cassidy\Application Data\Thunderbird
2009-11-17 01:19 . 2009-10-29 16:24 -------- d-----w- c:\program files\Common Files\Stardock
2009-11-17 01:17 . 2009-11-17 01:17 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-11-17 01:08 . 2009-11-17 01:08 0 ----a-w- c:\windows\nsreg.dat
2009-11-12 00:15 . 2009-11-12 00:15 -------- d-----w- c:\documents and settings\Cassidy\Application Data\Reallusion
2009-11-12 00:15 . 2009-10-15 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-11-09 18:57 . 2009-11-09 15:53 79488 ----a-w- c:\documents and settings\Cassidy\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-02 19:41 . 2009-11-02 19:41 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-10-29 16:24 . 2009-10-29 16:24 -------- d-----w- c:\program files\Stardock
2009-10-29 05:38 . 2008-04-25 20:33 667136 ------w- c:\windows\system32\wininet.dll
2009-10-28 03:16 . 2009-10-28 03:07 144134 ----a-w- c:\windows\hpwins23.dat
2009-10-28 03:11 . 2009-10-28 03:11 -------- d-----w- c:\program files\Common Files\HP
2009-10-28 03:11 . 2009-10-28 03:11 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-10-28 03:11 . 2009-10-28 03:11 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-28 03:09 . 2009-10-28 03:09 -------- d-----w- c:\program files\HP
2009-10-23 02:52 . 2009-10-23 02:52 -------- d-----w- c:\program files\CCleaner
2009-10-23 02:52 . 2009-10-23 02:44 -------- d-----w- c:\program files\Wise Registry Cleaner
2009-10-23 02:48 . 2009-10-23 02:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-23 01:36 . 2009-10-17 14:13 -------- d-sh--w- c:\documents and settings\All Users\Application Data\62027dd
2009-10-22 23:33 . 2009-09-25 07:02 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-22 23:33 . 2009-10-22 23:33 152576 ----a-w- c:\documents and settings\Cassidy\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-10-21 05:38 . 2008-04-25 20:33 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-25 20:33 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 00:23 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2008-04-25 20:33 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-25 20:33 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-25 20:33 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-06 21:53 . 2009-10-06 21:53 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-06 13:39 . 2009-10-06 13:39 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-06 13:39 . 2009-10-06 13:39 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-25 09:27 . 2009-09-25 09:27 77824 ----a-w- c:\windows\setpwr32.exe
2009-09-25 07:07 . 2009-12-13 06:02 33416 ----a-w- c:\documents and settings\Administrator.CASSIDYPC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-25 07:05 . 2009-09-25 07:05 75 --sh--r- c:\windows\CT4CET.bin
2009-09-25 06:54 . 2009-09-25 06:54 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-09-25 06:41 . 2008-04-26 01:45 77423 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-09-25 05:37 . 2008-04-25 20:33 1509888 ----a-w- c:\windows\system32\shdocvw(2).dll
2009-09-25 05:37 . 2008-04-25 20:33 81920 ----a-w- c:\windows\system32\ieencode.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-15 1434920]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-15 17529856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-15 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-15 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-15 137752]
"OA012Mon"="c:\windows\OA012Mon.exe" [2009-05-11 24576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-25 148888]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-06 2289664]
"WSED"="c:\program files\WSED\WSED.exe" [2009-03-31 251176]
"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2008-11-05 623912]
"CapsLKNotify"="c:\program files\CapsLKNotify\CapsLKNotify.exe" [2009-02-23 320808]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 115560]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
c:\documents and settings\Cassidy\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Cassidy\\My Documents\\Downloads\\OJ6500vE709_Basic_12\\setup\\hpznui01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [9/25/2009 12:56 AM 14248]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [9/25/2009 1:04 AM 143840]
R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [9/25/2009 3:27 AM 135168]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [9/25/2009 3:27 AM 133632]
R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [9/25/2009 3:27 AM 272032]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [9/25/2009 3:26 AM 162816]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/25/2009 3:26 AM 1684736]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/30/2008 4:42 PM 23888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.searchslate.com/wp.ashx?ref=home&id=173
mStart Page = hxxp://www.dell.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Cassidy\Application Data\Mozilla\Firefox\Profiles\23bqy5iz.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-18 10:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3780)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-12-18 10:12:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-18 16:12
ComboFix2.txt 2009-12-18 06:51
Pre-Run: 132,971,802,624 bytes free
Post-Run: 132,940,935,168 bytes free
- - End Of File - - 2256AAC158B07DAD261AA650468D1E00
Cassie09
2009-12-19, 03:03
Here is thdds log:
DDS (Ver_09-12-01.01) - NTFSx86
Run by Cassidy at 19:58:10.46 on Fri 12/18/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.620 [GMT -6:00]
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OA012Mon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\WSED\WSED.exe
C:\Program Files\Battery Meter\BTMeter.exe
C:\Program Files\CapsLKNotify\CapsLKNotify.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Cassidy\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
mStart Page = hxxp://www.dell.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OA012Mon] c:\windows\OA012Mon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [WSED] c:\program files\wsed\WSED.exe
mRun: [BTMeter] c:\program files\battery meter\BTMeter.exe
mRun: [CapsLKNotify] c:\program files\capslknotify\CapsLKNotify.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
StartupFolder: c:\docume~1\cassidy\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\cassidy\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\cassidy\applic~1\mozilla\firefox\profiles\23bqy5iz.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\documents and settings\cassidy\application data\mozilla\firefox\profiles\23bqy5iz.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R?2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-10-17 108392]
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-9-25 14248]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-9-25 143840]
R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [2009-9-25 135168]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [2009-9-25 133632]
R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [2009-9-25 272032]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-25 162816]
S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-10-17 108392]
S2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-10-17 2436536]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-9-25 1684736]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-7-30 23888]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20091116.002\NAVENG.SYS [2009-11-16 84912]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20091116.002\NAVEX15.SYS [2009-11-16 1323568]
=============== Created Last 30 ================
2009-12-18 16:38:12 0 d-----w- c:\program files\Sun
2009-12-18 16:38:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-12-18 06:40:36 0 d-sha-r- C:\cmdcons
2009-12-18 06:39:34 98816 ----a-w- c:\windows\sed.exe
2009-12-18 06:39:34 77312 ----a-w- c:\windows\MBR.exe
2009-12-18 06:39:34 261632 ----a-w- c:\windows\PEV.exe
2009-12-18 06:39:34 161792 ----a-w- c:\windows\SWREG.exe
2009-12-13 05:59:44 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2009-12-13 05:59:25 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-12-07 01:41:08 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-07 01:41:08 215920 ----a-w- c:\windows\system32\muweb.dll
2009-12-07 01:35:38 0 d-----w- c:\windows\system32\wbem\Repository
2009-12-07 01:34:32 0 d-----w- c:\program files\Symantec
2009-12-02 00:25:07 0 d-----w- c:\program files\Symantec(2)
2009-12-02 00:08:29 0 d-----w- c:\program files\Trend Micro
2009-12-01 23:53:18 0 d-----w- c:\windows\pss
2009-12-01 23:26:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Citrix
2009-12-01 23:25:49 0 d-----w- c:\program files\Citrix
2009-12-01 16:41:45 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-12-01 03:12:28 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2009-12-01 03:12:28 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2009-12-01 02:13:48 567584 ----a-w- C:\new_log.html
2009-12-01 02:13:25 0 d-----w- c:\program files\Wyeke
2009-12-01 02:13:25 0 d-----w- c:\program files\Freeze.com
2009-12-01 02:13:24 0 d-----w- c:\program files\AWS
==================== Find3M ====================
2009-12-18 16:37:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-13 05:59:08 13229 ----a-w- c:\program files\hijackthis.log
2009-11-17 01:17:56 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-10-29 05:38:23 667136 ------w- c:\windows\system32\wininet.dll
2009-10-28 03:16:52 144134 ----a-w- c:\windows\hpwins23.dat
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-06 13:39:56 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-09-25 09:27:02 77824 ----a-w- c:\windows\setpwr32.exe
2009-09-25 05:37:10 1509888 ----a-w- c:\windows\system32\shdocvw(2).dll
2009-09-25 05:37:09 81920 ----a-w- c:\windows\system32\ieencode.dll
============= FINISH: 19:58:46.43 ===============
Here is the Kas log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, December 18, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, December 18, 2009 15:00:06
Records in database: 3385140
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
Z:\
Scan statistics:
Objects scanned: 58634
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 03:13:10
No threats found. Scanned area is clean.
Selected area has been scanned.
Cassie09
2009-12-19, 03:08
Here is the dds attach file. I can't upload it this time. There is no link in the postreply page.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-12-01.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 10/1/2009 7:18:46 PM
System Uptime: 12/18/2009 2:39:59 PM (5 hours ago)
Motherboard: Dell Inc. | | CN0Y53
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | U1 | 1052/533mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 139 GiB total, 123.401 GiB free.
==== Disabled Device Manager Items =============
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet 6500 E709n
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 6500 E709n
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
Description: Officejet 6500 E709n
Device ID: ROOT\PRINTER\0000
Manufacturer: HP
Name: Officejet 6500 E709n
PNP Device ID: ROOT\PRINTER\0000
Service:
==== System Restore Points ===================
RP1: 11/16/2009 8:49:27 PM - System Checkpoint
RP2: 11/19/2009 6:50:52 PM - System Checkpoint
RP3: 11/20/2009 7:42:03 PM - System Checkpoint
RP4: 11/22/2009 9:42:43 AM - System Checkpoint
RP5: 11/30/2009 9:10:20 PM - Removed Symantec Endpoint Protection.
RP6: 12/1/2009 6:23:51 PM - Restore Operation
RP7: 12/1/2009 7:54:23 PM - Restore Operation
RP8: 12/1/2009 8:10:47 PM - Software Distribution Service 3.0
RP9: 12/2/2009 9:20:10 PM - Software Distribution Service 3.0
RP10: 12/4/2009 7:50:39 AM - Software Distribution Service 3.0
RP11: 12/6/2009 6:35:58 PM - Software Distribution Service 3.0
RP12: 12/6/2009 7:30:24 PM - Restore Operation
RP13: 12/6/2009 7:41:57 PM - Configured Microsoft Office Enterprise 2007
RP14: 12/13/2009 2:59:49 PM - Software Distribution Service 3.0
RP15: 12/17/2009 8:54:39 PM - Software Distribution Service 3.0
RP16: 12/18/2009 3:01:06 AM - Software Distribution Service 3.0
RP17: 12/18/2009 10:34:35 AM - Removed Java(TM) 6 Update 13
RP18: 12/18/2009 10:36:45 AM - Installed Java(TM) SE Development Kit 6 Update 17
RP19: 12/18/2009 10:37:45 AM - Installed Java(TM) 6 Update 17
==== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
6500_E709_BasicWeb
6500_E709_Help_BasicWeb
Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Advanced Audio FX Engine
Battery Meter
bpd_scan
BPDSoftware_Ini
CapsLKNotify
CCleaner (remove only)
Choice Guard
Compatibility Pack for the 2007 Office system
Dell Support Center (Support Software)
Dell System Restore
Dell Touchpad
Dell Video Chat
Dell Webcam Central
Dell Wireless WLAN Card Utility
EMSC
FirstClass® Client
Function Keys
HijackThis 2.0.2
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB968764)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Officejet 6500 E709 Series
Inspiration 7
Integrated Webcam Driver (1.02.02.0403)
Intel(R) Graphics Media Accelerator Driver
Java DB 10.4.2.1
Java(TM) 6 Update 17
Java(TM) SE Development Kit 6 Update 17
Junk Mail filter update
Live! Cam Avatar Creator
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.5.6)
Mozilla Thunderbird (2.0.0.23)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB927977)
Network
Realtek High Definition Audio Driver
Scan
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Segoe UI
Skype™ 4.1
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Symantec Endpoint Protection
Toolbox
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Outlook 2007 Junk Email Filter (kb976884)
Update for Windows XP (KB898461)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
WebReg
Windows Communication Foundation
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format Runtime
Windows Presentation Foundation
Windows Search 4.0
Windows Workflow Foundation
WinRAR archiver
Wise Registry Cleaner 4 Free 4.84
WSED
XML Paper Specification Shared Components Pack 1.0
==== Event Viewer Messages From Past Week ========
12/18/2009 3:04:02 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for Microsoft Office Outlook 2007 (KB969907).
12/18/2009 3:02:54 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office Publisher 2007 (KB969693).
12/18/2009 3:02:47 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office Visio Viewer 2007 (KB973709).
12/18/2009 3:02:41 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft PowerPoint 2007 (KB957789).
12/18/2009 3:02:34 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: The 2007 Microsoft Office Suite Service Pack 2 (SP2).
12/18/2009 3:01:52 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office Excel 2007 (KB973593).
12/18/2009 3:01:45 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for the 2007 Microsoft Office System (KB969559).
12/18/2009 3:01:38 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for Microsoft Office InfoPath 2007 (KB976416).
12/18/2009 3:01:32 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for the 2007 Microsoft Office System (KB974234).
12/18/2009 3:01:25 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office Outlook 2007 (KB972363).
12/18/2009 3:01:18 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office Word 2007 (KB969604).
12/18/2009 12:41:28 AM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
12/18/2009 10:34:58 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
12/13/2009 7:33:21 PM, error: Dhcp [1002] - The IP address lease 192.168.1.109 for the Network Card with network address 0C6076218E8E has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/13/2009 3:00:46 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
12/13/2009 3:00:46 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/13/2009 3:00:46 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/13/2009 12:03:27 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/13/2009 12:02:32 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips intelppm SRTSP SRTSPX SYMTDI
12/13/2009 12:02:32 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec Management Client service to connect.
12/13/2009 12:02:32 AM, error: Service Control Manager [7000] - The Symantec Management Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/13/2009 12:02:25 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/13/2009 11:08:33 PM, error: PSched [14103] - QoS [Adapter {B99D7677-5ED9-4E52-B49B-0FE330071AB4}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
12/12/2009 11:53:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP
12/12/2009 11:52:08 PM, error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
12/12/2009 11:52:08 PM, error: SRTSP [4] - Error loading virus definitions.
==== End Of File ===========================
Hi again :)
How's the system doing now? Any issues left?
Cassie09
2009-12-20, 07:00
I don't know why the symantec endpoint does run. A window open says "Failed to start Symantec Management Client service. Error code returned: 0x8007041d." Any idea? And I don't why in the post reply page there is no "attach file" button.
Hi,
It's recommended to reinstall Symantec EndPoint Protection. Clear Firefox cache (http://www.groovypost.com/howto/security/clear-firefox-browsing-history-and-private-data/) and see if the site shows properly.
Cassie09
2010-01-04, 07:10
Sorry taking this long replying. It's because I was out of town for the holidays. Hope you had a happy holidays. How do you uninstall the Symantec? It came with laptop when niece bought it new at Dell. And how do you reinstall it? Thanks
Hi,
There should be an entry for it in add/remove programs. Was the Symantec cd/dvd installation media included?