Skip to main content

bamajim

10.4K Posts

July 30th, 2008 17:00

Hill08

Please download Combofix and save to your desktop:
  • Note: It is important that it is saved directly to your desktop
    Close any open browsers.
    Double click on combofix.exe and follow the prompts.
    When it's finished it will produce a log.
    Post the contents of the C:\ComboFix.txt into your next reply.
    Note: Do not mouseclick combofix's window whilst it's running.
    That may cause the program to freeze/hang.














Microsoft MVP Consumer-Security

 


"The world is what you make of it"




Hill08

15 Posts

July 31st, 2008 18:00

Thank you for the quick response! Here's the combofix log:

 

ComboFix 08-07-31.01 - Hillary Stick 2008-07-31 14:59:58.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.488 [GMT -4:00]
Running from: C:\Documents and Settings\Hillary Stick\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((   Files Created from 2008-06-28 to 2008-07-31  )))))))))))))))))))))))))))))))
.

2008-07-31 14:48 . 2008-07-31 14:59 

 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-07-30 13:46 . 2008-07-30 13:46   d-------- C:\Program Files\Trend Micro
2008-07-28 14:58 . 2008-07-28 14:58   d-------- C:\Documents and Settings\Hillary Stick\Application Data\Thinstall
2008-07-28 13:31 . 2007-03-22 13:38 215,144 -ra------ C:\WINDOWS\patchw32.dll
2008-07-28 13:30 . 2007-03-22 13:38 215,144 -ra------ C:\WINDOWS\pw32a.dll
2008-07-26 15:11 . 2008-07-26 15:11 91,648 --a------ C:\WINDOWS\system32\avjrmcwq.dll
2008-07-24 15:27 . 2008-07-24 15:27   d-------- C:\Program Files\Webroot
2008-07-24 15:27 . 2008-07-24 15:27   d-------- C:\Program Files\AskSBar
2008-07-24 15:27 . 2008-07-24 15:27   d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-24 15:27 . 2008-07-24 15:27   d-------- C:\Documents and Settings\Hillary Stick\Application Data\Webroot
2008-07-24 15:27 . 2008-07-24 15:27   d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-24 15:27 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-07-24 15:27 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-24 15:27 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-07-24 15:27 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-24 15:27 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-07-24 15:26 . 2008-07-24 15:26 164 --a------ C:\install.dat
2008-07-24 14:22 . 2008-07-24 14:22   d-------- C:\Program Files\Windows Sidebar
2008-07-24 14:22 . 2008-07-28 13:45   d-------- C:\Program Files\Norton AntiVirus
2008-07-24 14:21 . 2008-07-28 13:40 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-07-24 14:21 . 2008-07-28 13:40 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-07-24 14:21 . 2008-07-28 13:40 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-07-24 14:21 . 2008-07-28 13:40 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-07-24 13:10 . 2008-07-24 13:10 105,472 --a------ C:\WINDOWS\system32\bfhncx.dll
2008-07-24 13:09 . 2008-07-24 13:10 105,472 --a------ C:\WINDOWS\system32\rexirtnt.dll
2008-07-24 13:05 . 2008-07-24 13:05 83,456 --a------ C:\WINDOWS\system32\mttgwush.dll
2008-07-24 13:05 . 2008-07-31 15:04 3,202 ---hs---- C:\WINDOWS\system32\hsuwgttm.ini
2008-07-22 21:41 . 2008-07-24 13:02 44,293 --ahs---- C:\WINDOWS\system32\qibmaflk.ini
2008-07-22 16:02 . 2008-07-24 13:56   d-------- C:\Program Files\K7 Computing
2008-07-22 16:02 . 2008-07-24 13:56   d-------- C:\Documents and Settings\All Users\Application Data\K7 Computing
2008-07-22 15:41 . 2008-07-22 15:41 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-07-22 15:36 . 2008-07-22 19:09 43,873 --ahs---- C:\WINDOWS\system32\opfosolf.ini
2008-07-21 16:25 . 2008-07-24 15:48   d-------- C:\WINDOWS\system32\carH01
2008-07-21 16:25 . 2008-07-21 16:25   d-------- C:\Temp\btxv15
2008-07-21 16:25 . 2008-07-21 16:25   d-------- C:\Temp
2008-07-15 21:30 . 2008-07-15 21:30   d-------- C:\Program Files\Windows Media Connect 2
2008-07-15 21:30 . 2006-10-04 10:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-07-15 21:30 . 2006-10-04 10:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-07-15 21:30 . 2006-10-04 10:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-07-15 21:29 . 2008-07-24 14:30   d-------- C:\WINDOWS\system32\LogFiles
2008-07-15 21:29 . 2008-07-15 21:30   d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-15 21:29 . 2008-07-15 21:29   d-------- C:\ace6709c17df2f3f1f748ba81f
2008-07-15 21:29 . 2008-07-15 21:30   d-------- C:\8f9146ef920f4a88413755f618fe1e52
2008-07-10 22:39 . 2008-07-10 22:39   d-------- C:\Documents and Settings\Hillary Stick\Application Data\Leadertech
2008-06-20 13:41 . 2008-06-20 13:41 245,248 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 06:44 . 2008-06-20 06:44 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-13 14:45 . 2008-06-13 14:45 579,464 --a------ C:\WINDOWS\system32\SymNeti.dll
2008-06-13 14:45 . 2008-06-13 14:45 207,240 --a------ C:\WINDOWS\system32\SymRedir.dll
2008-06-13 14:14 . 2008-06-13 14:14 31,280 --a------ C:\WINDOWS\system32\drivers\SymIM.sys
2008-06-13 14:14 . 2008-06-13 14:14 13,093 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat
2008-06-13 14:14 . 2008-06-13 14:14 1,611 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf
2008-06-13 14:13 . 2008-06-13 14:13 184,240 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2008-06-13 14:13 . 2008-06-13 14:13 96,432 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2008-06-13 14:13 . 2008-06-13 14:13 41,008 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
2008-06-13 14:13 . 2008-06-13 14:13 38,576 --a------ C:\WINDOWS\system32\drivers\symids.sys
2008-06-13 14:13 . 2008-06-13 14:13 37,424 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2008-06-13 14:13 . 2008-06-13 14:13 22,320 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2008-06-13 14:13 . 2008-06-13 14:13 13,616 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2008-06-10 21:43 . 2008-06-13 09:10 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 21:43 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-08 11:00 . 2008-06-08 11:00   d-------- C:\Program Files\Linksys
2008-06-08 11:00 . 2008-06-08 11:00   d-------- C:\Documents and Settings\Hillary Stick\Application Data\InstallShield
2008-06-08 11:00 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-06-08 11:00 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
2008-06-08 11:00 . 2005-02-01 18:18 17,992 --a------ C:\WINDOWS\system32\bcm42rly.sys
2008-06-08 11:00 . 2008-06-08 11:00 17,801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-06-08 11:00 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2008-06-08 10:59 . 2008-06-08 10:59 670 --a------ C:\WINDOWS\system32\WLAN.INI

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-30 17:42 --------- d-----w C:\Program Files\Dl_cats
2008-07-30 17:08 4,392 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-07-30 10:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-28 19:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-28 19:31 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-07-28 17:40 --------- d-----w C:\Program Files\Symantec
2008-07-28 17:32 --------- d-----w C:\Program Files\Norton Ghost
2008-07-25 23:12 38,222 ----a-w C:\Documents and Settings\Hillary Stick\Application Data\wklnhst.dat
2008-07-24 19:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-07-24 18:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-24 01:22 --------- d-----w C:\Documents and Settings\Hillary Stick\Application Data\AdobeUM
2008-07-22 21:51 --------- d-----w C:\Program Files\EarthLink TotalAccess
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-17 10:46 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2006-11-25 16:58 59,400 ----a-w C:\Documents and Settings\Hillary Stick\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((   snapshot@2008-07-31_14.45.25.98   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-31 19:04:21 69,400 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Data\settings.dat
- 2008-07-31 18:43:26 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-31 18:56:17 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-31 18:43:26 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-31 18:56:17 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-07-31 18:43:26 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-31 18:56:17 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-31 18:56:53 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_da8.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-07-24 15:27 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ab296e48-105d-420c-ab79-8991afc985b8}]
C:\WINDOWS\system32\aqzdry.dll [BU]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F062B81F-52DC-2B54-F74E-78A290EC19C7}]
C:\WINDOWS\system32\slptqef.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lrdxt"="C:\WINDOWS\system32\??crosoft\?ttrib.exe" [?]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 13:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 13:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 13:50 114688]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 03:12 94208]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [2007-04-10 12:01 1537640]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-19 13:53 1838592]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-13 17:50 73728]
"dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-20 19:40 430080]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16 1121792]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-18 14:17 98304]
"5058cedb"="C:\WINDOWS\system32\mttgwush.dll" [2008-07-24 13:05 83456]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-25 00:53 714608]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-18 14:13:12 24576]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 11:02]
R2 WUSB54GSC;WUSB54GSC;C:\Program Files\Linksys\WUSB54GSC\WLService.exe WUSB54GSC.exe []
S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\system32\Drivers\BW2NDIS5.sys []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-07-22 C:\WINDOWS\Tasks\K7AntiVirus 7.job
- C:\Documents and Settings\All Users\Start Menu\Programs\K7AntiVirus\K7AntiVirus 7.0.lnk []

2008-07-24 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Hillary Stick.job
- C:\Program Files\Norton AntiVirus\Navw32.exe [2007-08-26 21:19]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.dell.com/
R0 -: HKLM-Main,Start Page = hxxp://www.dell.com
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 15:04:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\mttgwush.dll
.
Completion time: 2008-07-31 15:06:40
ComboFix-quarantined-files.txt  2008-07-31 19:06:27
ComboFix2.txt  2008-07-31 18:47:32

Pre-Run: 105,700,859,904 bytes free
Post-Run: 105,672,351,744 bytes free

206 --- E O F --- 2008-07-20 02:00:40

Hill08

15 Posts

August 2nd, 2008 15:00

Thank you! My computer is working great!

bamajim

10.4K Posts

August 4th, 2008 12:00

Hill08

 

You are most welcome.

 

Please post a fresh Hijackthis log.

 



 

Microsoft MVP Consumer-Security

 


"The world is what you make of it"
 

 

 

 

Hill08

15 Posts

September 30th, 2008 22:00

Bamajim,

 

I really appreciated the help with the Automatic Update denial I was having! I never posted a new Hijack file like you suggested... sorry... My computer was working great and I neglected doing it.

 

However, I'm posted my latest Hijack file. If you'd take a look I'd really appreciate it!

 

My wireless adapter gets disabled once in a while and I wondered if you could work your magic! I know it's not magic, but computers still seem like it to me sometimes.

 

ComboFix 08-09-30.03 - Hillary Stick 2008-09-30 18:53:27.4 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.590 [GMT -4:00]
Running from: C:\Documents and Settings\Hillary Stick\Desktop\ComboFix.exe
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_APPMGMT
-------\Legacy_BROWSER
-------\Legacy_DMSERVER
-------\Legacy_HELPSVC
-------\Legacy_LANMANWORKSTATION
-------\Legacy_LMHOSTS
-------\Legacy_NETMAN
-------\Legacy_PROTECTEDSTORAGE
-------\Legacy_SCHEDULE
-------\Legacy_TRKWKS
-------\Legacy_W32TIME
-------\Legacy_WEBCLIENT
-------\Legacy_WS2IFSL
-------\Legacy_WUAUSERV
-------\Service_AppMgmt
-------\Service_Browser
-------\Service_dmserver
-------\Service_helpsvc
-------\Service_Ip6Fw
-------\Service_lanmanworkstation
-------\Service_LmHosts
-------\Service_Messenger
-------\Service_Netlogon
-------\Service_Netman
-------\Service_NtmsSvc
-------\Service_ProtectedStorage
-------\Service_Schedule
-------\Service_Secdrv
-------\Service_TrkWks
-------\Service_UPS
-------\Service_w32time
-------\Service_WebClient
-------\Service_WS2IFSL
-------\Service_wuauserv


(((((((((((((((((((((((((   Files Created from 2008-08-28 to 2008-09-30  )))))))))))))))))))))))))))))))
.

2008-09-30 18:19 . 2008-09-30 18:19 63 --a------ C:\WINDOWS\av_affiliate.ini
2008-09-30 18:19 . 2008-09-30 18:19 63 --a------ C:\WINDOWS\as_affiliate.ini
2008-09-30 18:17 . 2008-09-30 18:18 

 d-------- C:\Program Files\CyberDefender
2008-09-30 18:17 . 2008-09-30 18:16 67,424 --a------ C:\WINDOWS\system32\drivers\CDAVFS.sys
2008-09-29 19:34 . 2008-09-29 19:34   d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-09-28 19:35 . 2008-09-28 19:35 10,165 --a------ C:\Addendum.docx
2008-09-21 14:09 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-09-21 14:09 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-09-21 14:09 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-09-21 13:18 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-09-21 13:16 . 2008-09-21 13:16   d-------- C:\Program Files\Microsoft.NET
2008-09-21 13:12 . 2008-09-21 22:14   d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-21 13:10 . 2008-09-21 13:10   dr-h----- C:\MSOCache
2008-08-31 09:53 . 2006-07-18 14:18   d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-08-31 09:53 . 2008-08-31 09:53   d-------- C:\Documents and Settings\Administrator
2008-08-24 17:35 . 2008-08-24 17:35   d-------- C:\Program Files\CONEXANT
2008-08-24 17:31 . 2002-02-02 00:00 1,497,088 --------- C:\WINDOWS\system32\cc3260mt.dll
2008-08-24 17:31 . 2005-03-18 15:35 31,744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-08-24 17:31 . 2000-01-31 05:00 25,600 --------- C:\WINDOWS\system32\borlndmm.dll
2008-08-24 17:31 . 2004-10-25 13:40 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-08-23 20:23 . 2008-04-11 15:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-20 22:46 . 2008-05-01 10:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-20 21:03 . 2005-10-28 11:38 402,432 --a------ C:\WINDOWS\system32\drivers\ZD1211BU.sys
2008-08-01 19:17 . 2008-08-01 19:17   d-------- C:\WINDOWS\system32\scripting
2008-08-01 19:17 . 2008-08-01 19:17   d-------- C:\WINDOWS\system32\en
2008-08-01 19:17 . 2008-08-01 19:17   d-------- C:\WINDOWS\system32\bits
2008-08-01 19:17 . 2008-08-01 19:17   d-------- C:\WINDOWS\l2schemas
2008-08-01 19:08 . 2008-08-01 19:17   d-------- C:\WINDOWS\ServicePackFiles
2008-08-01 18:49 . 2008-08-01 18:49   d-------- C:\WINDOWS\EHome
2008-08-01 18:28 . 2004-08-03 22:41 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2008-08-01 18:27 . 2008-04-13 20:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-08-01 18:26 . 2008-04-13 20:12 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-08-01 18:26 . 2008-04-13 20:12 1,306,624 --------- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-08-01 18:26 . 2008-04-13 20:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-08-01 18:26 . 2008-04-13 20:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-01 18:26 . 2008-04-13 20:12 155,136 --------- C:\WINDOWS\system32\mssha.dll
2008-08-01 18:26 . 2008-04-13 20:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-01 18:26 . 2008-04-13 13:27 79,872 --------- C:\WINDOWS\system32\msxml6r.dll
2008-08-01 18:26 . 2008-04-13 13:27 79,872 --------- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-08-01 18:26 . 2008-04-13 14:14 76,800 --------- C:\WINDOWS\system32\msshavmsg.dll
2008-08-01 18:26 . 2008-04-13 20:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-08-01 18:24 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-30 22:19 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-29 03:07 36,946 ----a-w C:\Documents and Settings\Hillary Stick\Application Data\wklnhst.dat
2008-09-29 03:06 --------- d-----w C:\Program Files\Dl_cats
2008-09-27 20:51 --------- d-----w C:\Documents and Settings\Hillary Stick\Application Data\AdobeUM
2008-09-22 02:06 --------- d-----w C:\Program Files\Microsoft Works
2008-09-21 18:02 --------- d-----w C:\Program Files\Common Files\Corel
2008-09-08 02:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-08 01:44 60,176 ----a-w C:\Documents and Settings\Hillary Stick\Application Data\GDIPFONTCACHEV1.DAT
2008-08-21 02:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-21 02:40 --------- d-----w C:\Program Files\Linksys
2008-07-30 21:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 21:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 21:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-07-30 17:46 --------- d-----w C:\Program Files\Trend Micro
2008-07-28 19:31 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-07-28 18:58 --------- d-----w C:\Documents and Settings\Hillary Stick\Application Data\Thinstall
2008-07-28 17:45 --------- d-----w C:\Program Files\Norton AntiVirus
2008-07-28 17:40 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-07-28 17:40 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-07-28 17:40 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-07-28 17:40 --------- d-----w C:\Program Files\Symantec
2008-07-24 19:26 164 ----a-w C:\install.dat
.

(((((((((((((((((((((((((((((   snapshot_2008-09-30_18.44.01.62   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-30 22:41:15 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-30 22:56:21 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-09-30 22:41:15 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-09-30 22:56:21 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-09-30 22:41:15 245,760 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-30 22:56:21 245,760 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-07-24 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ab296e48-105d-420c-ab79-8991afc985b8}]
C:\WINDOWS\system32\aqzdry.dll [BU]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F062B81F-52DC-2B54-F74E-78A290EC19C7}]
C:\WINDOWS\system32\slptqef.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lrdxt"="C:\WINDOWS\system32\??crosoft\?ttrib.exe" [?]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"CyberDefender Early Detection Center"="C:\Program Files\CyberDefender\AntiSpyware\cdas6b.exe" [2008-09-30 619848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 114688]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 51048]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-14 29744]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-13 73728]
"dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-20 430080]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-18 98304]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-25 714608]
"CyberDefender Early Detection Center"="C:\Program Files\CyberDefender\AntiSpyware\ISSIntro.exe" [2008-09-30 566600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-18 24576]
Linksys Wireless Network Monitor.lnk - C:\Program Files\Linksys\WUSBF54G\wlMonitor.exe [2008-08-24 3348480]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\CyberDefender\\AntiSpyware\\cdas6b.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 149864]
R2 NICSer_WUSBF54G;NICSer_WUSBF54G;C:\Program Files\Linksys\WUSBF54G\NICServ.exe [2005-10-20 530432]
R3 CDAVFS;CDAVFS;C:\WINDOWS\system32\DRIVERS\CDAVFS.sys [2008-09-30 67424]
R3 ZD1211BU(Linksys A Division of Cisco Systems Inc.);Linksys Wireless-G USB Network Adapter Driver(Linksys A Division of Cisco Systems Inc.);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 402432]
S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\system32\Drivers\BW2NDIS5.sys [ ]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-14 29744]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.valdosta.edu/sowk/
R0 -: HKLM-Main,Start Page = hxxp://www.dell.com
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 18:56:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-09-30 18:59:29 - machine was rebooted
ComboFix-quarantined-files.txt  2008-09-30 22:59:23
ComboFix2.txt  2008-09-30 22:44:32
ComboFix3.txt  2008-07-31 19:06:42
ComboFix4.txt  2008-07-31 18:47:32

Pre-Run: 101,413,310,464 bytes free
Post-Run: 101,405,970,432 bytes free

232 --- E O F --- 2008-09-22 02:14:41

bamajim

10.4K Posts

October 1st, 2008 13:00

Hill08

 

You are welcome.

 

The log you posted was a Combofix log. What I would like to see is a fresh Hijackthis log :smileywink:

 



 

 

 


"The world is what you make of it"

 

 

Hill08

15 Posts

October 1st, 2008 23:00

Automatic updates went down again. I'm also having trouble when I start up my computer. The wireless adapter is being inactivated. Here's my Hijack log.

 


Scan saved at 8:23:13 PM, on 10/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Linksys\WUSBF54G\NICServ.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys\WUSBF54G\wlMonitor.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SymCUW.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.valdosta.edu/sowk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {F062B81F-52DC-2B54-F74E-78A290EC19C7} - C:\WINDOWS\system32\slptqef.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Lrdxt] C:\WINDOWS\system32\??crosoft\?ttrib.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Linksys Wireless Network Monitor.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://library.valdosta.edu:2310/lib/valdosta/support/plugins/ebraryRdr.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: dlcc_device -   - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NICSer_WUSBF54G - Unknown owner - C:\Program Files\Linksys\WUSBF54G\NICServ.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8568 bytes

bamajim

10.4K Posts

October 2nd, 2008 12:00

Hill08

O.K. We still have a little work to do here. But I wanted to see a Hijackthis log because of the time lag.
We are going to start with Combofix.

1. Open NotePad (not wordpad). Copy and paste the following into Notepad

File::
C:\WINDOWS\av_affiliate.ini
C:\WINDOWS\as_affiliate.ini
C:\WINDOWS\system32\aqzdry.dll
C:\WINDOWS\system32\slptqef.dll

Folder::
C:\Program Files\CyberDefender

Driver::
CDAVFS

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ab296e48-105d-420c-ab79-8991afc985b8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F062B81F-52DC-2B54-F74E-78A290EC19C7}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lrdxt"=-
"CyberDefender Early Detection Center"=-

Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

Using the Image as a reference, drag CFScript into ComboFix.exe

user posted image
  • You will be prompted to run Combofix again, Do so
    Following the same rules as indicated in my first post
    Then post the contents of the C:\ComboFix.txt log in your reply




 


"The world is what you make of it"

Hill08

15 Posts

October 2nd, 2008 21:00

Thank you sir!

 

I did as you directed.

 

Here's the new Combofix log.

 

ComboFix 08-09-30.03 - Hillary Stick 2008-10-02 18:37:25.5 - NTFSx86
Running from: C:\Documents and Settings\Hillary Stick\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Hillary Stick\Desktop\CFScript.txt
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\as_affiliate.ini
C:\WINDOWS\av_affiliate.ini
C:\WINDOWS\system32\aqzdry.dll
C:\WINDOWS\system32\slptqef.dll
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CDAVFS
-------\Service_LmHosts
-------\Service_Netlogon
-------\Service_Schedule
-------\Service_wuauserv


(((((((((((((((((((((((((   Files Created from 2008-09-02 to 2008-10-02  )))))))))))))))))))))))))))))))
.

2008-09-30 19:12 . 2008-09-30 19:13 

 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-30 19:12 . 2008-09-30 19:12   d-------- C:\Documents and Settings\Hillary Stick\Application Data\Malwarebytes
2008-09-30 19:12 . 2008-09-30 19:12   d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-30 19:12 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-30 19:12 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-29 19:34 . 2008-09-29 19:34   d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-09-28 19:35 . 2008-09-28 19:35 10,165 --a------ C:\Addendum.docx
2008-09-21 14:09 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-09-21 14:09 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-09-21 14:09 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-09-21 13:18 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-09-21 13:16 . 2008-09-21 13:16   d-------- C:\Program Files\Microsoft.NET
2008-09-21 13:12 . 2008-09-21 22:14   d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-21 13:10 . 2008-09-21 13:10   dr-h----- C:\MSOCache

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-02 00:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-01 03:02 36,942 ----a-w C:\Documents and Settings\Hillary Stick\Application Data\wklnhst.dat
2008-10-01 03:01 --------- d-----w C:\Program Files\Dl_cats
2008-09-27 20:51 --------- d-----w C:\Documents and Settings\Hillary Stick\Application Data\AdobeUM
2008-09-22 02:06 --------- d-----w C:\Program Files\Microsoft Works
2008-09-21 18:02 --------- d-----w C:\Program Files\Common Files\Corel
2008-09-08 02:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-08 01:44 60,176 ----a-w C:\Documents and Settings\Hillary Stick\Application Data\GDIPFONTCACHEV1.DAT
2008-08-24 21:35 --------- d-----w C:\Program Files\CONEXANT
2008-08-21 02:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-21 02:40 --------- d-----w C:\Program Files\Linksys
2008-07-24 19:26 164 ----a-w C:\install.dat
.

(((((((((((((((((((((((((((((   snapshot_2008-09-30_18.58.59.68   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-30 22:56:21 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-10-02 22:42:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-09-30 22:56:21 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-10-02 22:42:10 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-09-30 22:56:21 245,760 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-02 22:42:10 245,760 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-07-24 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 114688]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 51048]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-14 29744]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-13 73728]
"dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-20 430080]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-18 98304]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-25 714608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-18 24576]
Linksys Wireless Network Monitor.lnk - C:\Program Files\Linksys\WUSBF54G\wlMonitor.exe [2008-08-24 3348480]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 149864]
R2 NICSer_WUSBF54G;NICSer_WUSBF54G;C:\Program Files\Linksys\WUSBF54G\NICServ.exe [2005-10-20 530432]
R3 ZD1211BU(Linksys A Division of Cisco Systems Inc.);Linksys Wireless-G USB Network Adapter Driver(Linksys A Division of Cisco Systems Inc.);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 402432]
S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\system32\Drivers\BW2NDIS5.sys [ ]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-14 29744]

*Newly Created Service* - HELPSVC
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)

 

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 18:42:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\ComboFix\pv.cfexe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-10-02 18:45:16 - machine was rebooted
ComboFix-quarantined-files.txt  2008-10-02 22:45:08
ComboFix2.txt  2008-09-30 22:59:31
ComboFix3.txt  2008-09-30 22:44:32
ComboFix4.txt  2008-07-31 19:06:42
ComboFix5.txt  2008-10-02 22:36:38

Pre-Run: 101,325,893,632 bytes free
Post-Run: 101,335,392,256 bytes free

155 --- E O F --- 2008-09-22 02:14:41

bamajim

10.4K Posts

October 5th, 2008 22:00

Hill08

Rerun Hijackthis and post a fresh Hijackthis log and in your reply give me an update on how your Pc is running now






 


 


"The world is what you make of it"




Hill08

15 Posts

October 6th, 2008 22:00

Wireless reciever is working great; however, the Windows automatic updates is still disabled.

 

Here's my latest Hijack This log:

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:52:39 PM, on 10/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Linksys\WUSBF54G\NICServ.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Linksys\WUSBF54G\wlMonitor.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.valdosta.edu/sowk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Linksys Wireless Network Monitor.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://library.valdosta.edu:2310/lib/valdosta/support/plugins/ebraryRdr.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: dlcc_device -   - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NICSer_WUSBF54G - Unknown owner - C:\Program Files\Linksys\WUSBF54G\NICServ.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8239 bytes

bamajim

10.4K Posts

October 7th, 2008 12:00

Hill08

Let's do a couple fo things here.

1. Go HERE. Download, install and do a full scan with Windows Defender.

2. Rerun Hijackthis (scan only) and place checks beside the following entries
  • O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
    O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Close all other open windows except Hijackthis and Select " Fix checked"

Close Hijackthis ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log. And in your reply tell me about the Auto Update Status














 


"The world is what you make of it"



Hill08

15 Posts

October 7th, 2008 22:00

Thanks for all your help!

 

I did as you requested; however the Automatic Updates are still disabled.

 

Here's my new Hijack This log:

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:28:23 PM, on 10/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Linksys\WUSBF54G\NICServ.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Linksys\WUSBF54G\wlMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.valdosta.edu/sowk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Linksys Wireless Network Monitor.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://library.valdosta.edu:2310/lib/valdosta/support/plugins/ebraryRdr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: dlcc_device -   - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NICSer_WUSBF54G - Unknown owner - C:\Program Files\Linksys\WUSBF54G\NICServ.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8249 bytes

bamajim

10.4K Posts

October 8th, 2008 12:00

Hill08

Is the option to turn on Automatic Updates option greyed out?

Do you get a warning that the Automatic updates are turned off on boot up?

Give me a little more detail please.










 


 


"The world is what you make of it"




Hill08

15 Posts

October 8th, 2008 22:00

I get the Automatic Updates is turned off ballon when I boot it up, but the Turn On button is not greyed out.

 

However, when I click on Turn On Updates, I get the following message: We're sorry. The Security Center could not change your Automatic Updates settings. To try changing these settings yourself, go to System in Control Panel. On the Automatic Updates tab, select, Automatic (recommended), and then click OK.

 

When I do so, I get the message that the website has encountered problems...

Was this post helpful?

View All

No Events found!

Top