Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

IE hijack???

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

IE hijack???

Unread postby orlando » February 17th, 2008, 10:40 pm

Hello,
I was wondering if anyone could tell me if my IE is hijacked. Sometimes when I type into the browser to do a search what comes back is a bogus looking msn search page. I also noticed this too: http://www.searchingstart.com at the beginning of whatever it was I was searching for. Thanks for your help.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:53 PM, on 2/17/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

[size=85]Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Common Files\AOL\1199224386\ee\aolsoftware.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Simple Star\PhotoShow 5\data\Xtras\mssysmgr.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B862223} - C:\Program Files\Helper\1202339712.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1199224386\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Simple Star PhotoShow Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/St ... b55579.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/defaul ... 0.0.87.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZB ... b55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZP ... b55579.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zp ... b55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/St ... b55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A372AC4-87A6-4A2E-B00D-B9A632B884DC}: NameServer = 68.28.122.93 68.28.114.91
O17 - HKLM\System\CS1\Services\Tcpip\..\{3A372AC4-87A6-4A2E-B00D-B9A632B884DC}: NameServer = 68.28.122.93 68.28.114.91
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll (file missing)
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14823 bytes
[/size]
orlando
Regular Member
 
Posts: 18
Joined: February 17th, 2008, 6:27 pm
Advertisement
Register to Remove

Re: IE hijack???

Unread postby Katana » February 22nd, 2008, 8:27 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

I apologize for the delay in responding, but as you can probably see the forums are quite busy
and sometimes a post manages to slip by us.
Unfortunately there are far more people needing help than there are helpers.

----------------------------------------------------------------------------------------


If you still require help please post a fresh HJT log


Installed Programs

Please could you give me a list of the programs that are installed.
  • Start HijackThis
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: IE hijack???

Unread postby orlando » February 22nd, 2008, 11:01 am

Here is my list and my HJT log. I am also having problems with my PC-cillian this morning. I am getting an error that it is unable to start the program becasue a previous instance of the program is exiting and to please wait and try again. Well, it's been hours and i can't start it. It also won't let me turn on my malware protection. Also a side note, i can only run HJT in safe mode, will not run in normal mode.

123 Free Solitaire
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player ActiveX
Adobe Reader 8.1.1
AOL Install
Apple Software Update
AQUAZONE OpenWater
Blaze Video Magic 2.0
Broadcom Management Programs
Browser Address Error Redirector
BudgetExpress 3
CCleaner (remove only)
Conexant HDA D330 MDC V.92 Modem
Cook'n with Pillsbury
Corel Paint Shop Pro Photo X2
Crystal Quest for Windows Vista
Dell Getting Started Guide
Dell Support Center
Dell Touchpad
Dell Wireless WLAN Card
DellSupport
Desktop Encyclopedia
DHTML Editing Component
Digital Line Detect
Dynomite
Dynomite Deluxe 2.71
EarthLink Setup Files
Family Tree Heritage
Family Tree Heritage Collaboration Support
Family Tree Heritage Collaboration Support
Free Solitaire 3D 3.1
Google Desktop
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.480
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hoyle Board Games 2007
Hoyle Card Games 2007
Hoyle Puzzle Games 2007
InterVideo DeviceService
Java(TM) SE Runtime Environment 6
Kaspersky Online Scanner
Kid Pix Deluxe 4
L&H TTS3000 Español
Lernout & Hauspie TruVoice American English TTS Engine
Map Button (Windows Live Toolbar)
McAfee SiteAdvisor
MediaDirect
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Modem Diagnostic Tool
Mozilla Sunbird (0.5)
Mozilla Thunderbird (2.0.0.0)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
Music, Photos & Videos Launcher
NetWaiting
NetZeroInstallers
OutlookAddinSetup
PCmover
PCsync
PDF-XChange 3
PhotoShow 5
Product Documentation Launcher
QualxServ Service Agreement
Quicken WillMaker Plus 2008
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Smart Menus (Windows Live Toolbar)
Sonic Activation Module
Sprint Mobile Broadband (Novatel Wireless)
StuffIt Deluxe 11 for Windows
Sudoku Crunch
Total 3D Home and Landscape Deluxe Suite
TrayGames Client
Trend Micro PC-cillin Internet Security 14
Trend Micro PC-cillin Internet Security 14
Ulead VideoStudio 11
User's Guides
Wal-Mart Music Downloads Store
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live OneCare Family Safety
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
Yahoo! Toolbar




And here is my HJT


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:14 AM, on 2/22/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1199224386\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Simple Star PhotoShow Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/St ... b55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/defaul ... 0.0.87.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZB ... b55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZP ... b55579.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zp ... b55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/St ... b55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll (file missing)
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12539 bytes
orlando
Regular Member
 
Posts: 18
Joined: February 17th, 2008, 6:27 pm

Re: IE hijack???

Unread postby Katana » February 22nd, 2008, 11:26 am

Download and Run ComboFix
    Please visit this webpage for instructions on running ComboFix:
    http://www.bleepingcomputer.com/combofi ... e-combofix
  • Download Combofix from one of the links below :

    ComboFix.exe 1
    ComboFix.exe 2
    ComboFix.exe 3

  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
ComboFix SHOULD NOT be used unless requested by a forum helper


Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Go Here http://www.kaspersky.com/kos/eng/partne ... bscan.html

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: IE hijack???

Unread postby orlando » February 22nd, 2008, 2:07 pm

ComboFix 08-02-22.3 - Robin 2008-02-22 12:38:23.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1872 [GMT -5:00]
Running from: c:\Users\Robin\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-01-22 to 2008-02-22 )))))))))))))))))))))))))))))))
.

2008-02-21 19:16 . 2008-02-21 19:16 <DIR> d-------- C:\Users\Robin\AppData\Roaming\McAfee
2008-02-18 12:48 . 2008-02-18 12:48 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-02-17 20:09 . 2008-02-17 20:09 <DIR> d-------- C:\Users\All Users\CheckPoint
2008-02-17 20:09 . 2008-02-17 20:09 <DIR> d-------- C:\ProgramData\CheckPoint
2008-02-17 20:09 . 2008-01-09 03:32 276,368 --a------ C:\Windows\System32\drivers\~GLH0014.TMP
2008-02-17 20:07 . 2008-02-18 09:12 <DIR> d-------- C:\Windows\Internet Logs
2008-02-17 19:15 . 2008-02-17 19:15 <DIR> d-------- C:\Users\Robin\AppData\Roaming\TrojanHunter
2008-02-17 17:39 . 2008-02-18 09:09 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-02-15 16:07 . 2008-01-10 00:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-15 15:25 . 2008-02-17 13:42 318,537,759 --a------ C:\Windows\MEMORY.DMP
2008-02-15 13:20 . 2008-02-15 13:20 <DIR> d-------- C:\Program Files\CCleaner
2008-02-14 19:15 . 2008-02-14 19:15 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-14 19:15 . 2008-02-14 19:15 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-14 19:10 . 2008-02-14 19:10 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-14 19:10 . 2008-02-14 19:10 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-14 19:10 . 2008-02-14 19:10 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-14 19:10 . 2008-02-14 19:10 110,136 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-14 19:10 . 2008-02-14 19:10 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-14 19:10 . 2008-02-14 19:10 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-14 19:10 . 2008-02-14 19:10 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-02-14 19:09 . 2008-02-14 19:09 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 19:09 . 2008-02-14 19:09 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-14 19:09 . 2008-02-14 19:09 806,400 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-14 19:09 . 2008-02-14 19:09 217,144 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-14 19:09 . 2008-02-14 19:09 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-14 19:09 . 2008-02-14 19:09 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-14 19:09 . 2008-02-14 19:09 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-07 17:08 . 2008-02-15 13:07 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-02-07 17:08 . 2008-02-15 13:07 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-02-07 17:08 . 2008-02-15 13:09 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-06 20:09 . 2008-02-17 18:46 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-02-06 20:09 . 2008-02-17 18:46 <DIR> d-------- C:\ProgramData\Lavasoft
2008-02-06 20:08 . 2008-02-06 20:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-05 21:16 . 2008-02-05 21:16 <DIR> d-------- C:\Users\Robin\AppData\Roaming\InstallShield
2008-02-05 21:16 . 2008-02-05 21:16 <DIR> d-------- C:\Program Files\Wal-Mart Music Downloads Store

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-22 04:20 --------- d-----w C:\Users\Robin\AppData\Roaming\SiteAdvisor
2008-02-22 00:16 --------- d-----w C:\ProgramData\McAfee
2008-02-22 00:00 --------- d-----w C:\ProgramData\SiteAdvisor
2008-02-21 23:11 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-15 00:09 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-15 00:09 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-15 00:09 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-15 00:09 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-15 00:05 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-15 00:05 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-15 00:05 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-15 00:05 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-11 23:12 --------- d-----w C:\Program Files\Trend Micro
2008-01-31 01:57 --------- d-----w C:\ProgramData\WLInstaller
2008-01-22 00:06 --------- d-----w C:\ProgramData\CyberLink
2008-01-20 02:04 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-20 02:04 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-19 11:54 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-19 11:54 --------- d-----w C:\Program Files\Windows Mail
2008-01-19 11:47 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-18 23:36 --------- d-----w C:\ProgramData\Ulead Systems
2008-01-15 23:39 --------- d-----w C:\Users\Robin\AppData\Roaming\AOL
2008-01-12 23:20 --------- d-----w C:\Program Files\Total 3D
2008-01-09 08:32 276,368 ----a-w C:\Windows\system32\drivers\~GLH0014.TMP
2008-01-08 00:10 --------- d-----w C:\Users\Robin\AppData\Roaming\Simple Star
2008-01-06 13:47 --------- d-----w C:\Program Files\Dell Support Center
2008-01-06 13:47 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-01-06 11:39 --------- d-----w C:\ProgramData\Apple
2008-01-06 11:39 --------- d-----w C:\Program Files\Apple Software Update
2008-01-05 02:35 --------- d---a-w C:\ProgramData\TEMP
2008-01-04 01:33 --------- d-----w C:\ProgramData\Media Center Programs
2008-01-04 01:32 --------- d-----w C:\Program Files\MSN Games
2008-01-03 02:23 --------- d-----w C:\ProgramData\PopCap Games
2008-01-03 02:23 --------- d-----w C:\Program Files\PopCap Games
2008-01-03 02:12 --------- d-----w C:\Users\Robin\AppData\Roaming\123 Free Solitaire
2008-01-03 02:11 --------- d-----w C:\Program Files\123 Free Solitaire
2008-01-01 22:09 --------- d-----w C:\Users\Robin\AppData\Roaming\Roxio
2008-01-01 21:53 --------- d-----w C:\ProgramData\AOL
2008-01-01 21:53 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-01 12:29 --------- d-----w C:\Users\Robin\AppData\Roaming\Windows Live Writer
2007-12-25 21:33 --------- d-----w C:\ProgramData\Corel
2007-12-25 04:08 --------- d-----w C:\Users\Robin\AppData\Roaming\Apple Computer
2007-12-23 00:29 --------- d-----w C:\ProgramData\Citrix
2007-12-23 00:28 60,968 ----a-w C:\Users\Robin\GoToAssistDownloadHelper.exe
2007-12-23 00:28 --------- d-----w C:\Program Files\Citrix
2007-12-23 00:08 --------- d-----w C:\Users\Robin\AppData\Roaming\GrassGames
2007-12-23 00:08 --------- d-----w C:\Program Files\Free Solitaire 3D
2007-12-22 23:55 --------- d-----w C:\Program Files\SiteAdvisor
2007-12-22 19:25 --------- d-----w C:\Program Files\Family Tree Heritage
2007-12-18 01:46 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-18 01:46 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-18 01:46 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-18 01:46 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-18 01:46 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-18 01:46 299,008 ----a-w C:\Windows\System32\wlansec.dll
2007-12-18 01:46 289,280 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-18 01:46 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-18 01:46 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-18 01:46 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-18 01:45 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-12-18 01:45 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-12-18 01:45 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-12-18 01:45 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-12-18 01:45 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-18 01:44 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-18 01:44 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-12-18 01:44 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-12-18 01:44 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-18 01:41 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-12-17 23:12 80,896 ----a-w C:\Windows\System32\wudriver.dll
2007-12-17 23:12 549,720 ----a-w C:\Windows\System32\wuapi.dll
2007-12-17 23:12 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2007-12-17 23:12 43,352 ----a-w C:\Windows\System32\wups2.dll
2007-12-17 23:12 33,624 ----a-w C:\Windows\System32\wups.dll
2007-12-17 23:12 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2007-12-17 23:12 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2007-12-17 23:11 31,232 ----a-w C:\Windows\System32\wuapp.exe
2007-12-17 23:11 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2007-12-08 19:47 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2007-12-08 19:47 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2007-12-08 19:47 39,936 ----a-w C:\Windows\System32\slcinst.dll
2007-12-08 19:47 351,232 ----a-w C:\Windows\System32\SLUI.exe
2007-12-08 19:47 33,280 ----a-w C:\Windows\System32\slwmi.dll
2007-12-08 19:47 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2007-12-08 19:47 229,888 ----a-w C:\Windows\System32\msshsq.dll
2007-12-08 19:47 223,232 ----a-w C:\Windows\System32\SLC.dll
2007-12-08 19:47 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2007-12-08 19:47 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2007-12-08 19:46 87,040 ----a-w C:\Windows\System32\msoert2.dll
2007-12-08 19:46 750,080 ----a-w C:\Windows\System32\qmgr.dll
2007-12-08 19:46 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2007-12-08 19:46 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2007-12-08 19:46 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2007-12-08 19:45 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2007-12-08 19:45 61,952 ----a-w C:\Windows\System32\cmifw.dll
2007-12-08 19:45 475,136 ----a-w C:\Windows\System32\evr.dll
2007-12-08 19:45 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2007-12-08 19:45 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2007-12-08 19:45 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2007-12-08 19:45 16,896 ----a-w C:\Windows\System32\wfapigp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-12-17 11:12 56360 --a------ C:\Program Files\Windows Live\Family Safety\fssbho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 13:09 460784]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]
"Simple Star PhotoShow Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2007-02-28 23:44 308728]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 06:47 1232896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-08 14:38 1006264]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 01:03 17920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 19:35 857648]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-27 23:54 405504]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-09-26 05:47 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-26 05:47 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-09-26 05:47 129560]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-03-21 14:33 1548288]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 17:34 86960]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 14:02 1807960]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 17:10 184320]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-08 07:29 1838592]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 14:12 341488]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-09-12 12:00 531272]
"fssui"="C:\Program Files\Windows Live\Family Safety\fssui.exe" [2007-12-17 11:12 243240]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-12-04 16:03 36640]
"HostManager"="C:\Program Files\Common Files\AOL\1199224386\ee\AOLSoftware.exe" [2006-09-25 19:52 50736]
"EarthLink Installer"=" /C" []
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-12-08 07:07:41 50688]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-20 19:13:26 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 20:05]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-09-27 23:54]
R2 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
R2 fsssvc;Windows Live OneCare Family Safety;"C:\Program Files\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 11:13]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
R2 Stuffit Archive Name Service;Stuffit Archive Name Service;"C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe" [2007-05-01 10:15]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 19:39]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-26 05:47]
R3 NWADI;NWADI Bus Enumerator;C:\Windows\system32\DRIVERS\NWADIenum.sys [2007-08-16 15:24]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\system32\DRIVERS\nwusbser2.sys [2007-08-16 15:24]
S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service []
S3 NWUSBCDFIL;Novatel Wireless Installation CD;C:\Windows\system32\DRIVERS\NwUsbCdFil.sys [2007-08-16 15:24]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2007-08-16 15:24]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 02:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37addde4-e0df-11dc-be30-001d09a80e66}]
\shell\AutoRun\command - G:\Autorun.exe /run
\shell\Shell00\Command - G:\Autorun.exe /run
\shell\Shell01\Command - G:\Autorun.exe /action
\shell\Shell02\Command - G:\Autorun.exe /uninstall

.
Contents of the 'Scheduled Tasks' folder
"2007-12-18 22:41:18 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-09 00:15:29 C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
"2008-02-22 17:27:22 C:\Windows\Tasks\User_Feed_Synchronization-{D695535C-EDAD-45FD-9B3E-EB71A0DC1897}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-22 12:40:37
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]
-> C:\Windows\system32\DLAAPI_W.DLL
.
Completion time: 2008-02-22 12:41:42
ComboFix2.txt 2008-02-22 17:14:43
.
2008-02-21 23:12:13 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:33 PM, on 2/22/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1199224386\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Simple Star PhotoShow Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/St ... b55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/defaul ... 0.0.87.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZB ... b55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZP ... b55579.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zp ... b55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/St ... b55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll (file missing)
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12177 bytes
orlando
Regular Member
 
Posts: 18
Joined: February 17th, 2008, 6:27 pm

Re: IE hijack???

Unread postby Katana » February 22nd, 2008, 6:45 pm

Do you have the Kaspersky log ?




===================================================================================================
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6u4
http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The Java Runtime Environment (JRE) 6 update 4 allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check for any item with Java Runtime Environment (JRE or J2SE) in the name.
    Java(TM) SE Runtime Environment 6
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.

Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: IE hijack???

Unread postby orlando » February 23rd, 2008, 6:34 pm

Here are all fresh reports including kapersky:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:40 PM, on 2/22/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1199224386\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Simple Star PhotoShow Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/St ... b55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/defaul ... 0.0.87.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZB ... b55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZP ... b55579.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zp ... b55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/St ... b55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll (file missing)
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12177 bytes



ComboFix 08-02-22.3 - Robin 2008-02-23 14:41:29.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1653 [GMT -5:00]
Running from: C:\Users\Robin\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))
.

2008-02-22 19:55 . 2007-09-17 14:31 1,126,072 --a------ C:\Windows\System32\drivers\vsapint.sys
2008-02-22 19:55 . 2006-08-29 15:55 279,880 --a------ C:\Windows\System32\drivers\TM_CFW.sys
2008-02-22 19:55 . 2007-09-17 14:40 202,768 --a------ C:\Windows\System32\drivers\tmxpflt.sys
2008-02-22 19:55 . 2006-08-29 15:55 73,160 --a------ C:\Windows\System32\drivers\tmtdi.sys
2008-02-22 19:55 . 2007-09-17 14:40 35,856 --a------ C:\Windows\System32\drivers\tmpreflt.sys
2008-02-22 19:54 . 2008-02-22 19:56 <DIR> d-------- C:\Users\All Users\Trend Micro
2008-02-22 19:54 . 2008-02-22 19:56 <DIR> d-------- C:\PROGRA~2\Trend Micro
2008-02-21 19:16 . 2008-02-21 19:16 <DIR> d-------- C:\Users\Robin\AppData\Roaming\McAfee
2008-02-18 12:48 . 2008-02-18 12:48 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-02-17 20:09 . 2008-02-17 20:09 <DIR> d-------- C:\Users\All Users\CheckPoint
2008-02-17 20:09 . 2008-02-17 20:09 <DIR> d-------- C:\PROGRA~2\CheckPoint
2008-02-17 20:09 . 2008-01-09 03:32 276,368 --a------ C:\Windows\System32\drivers\~GLH0014.TMP
2008-02-17 20:07 . 2008-02-18 09:12 <DIR> d-------- C:\Windows\Internet Logs
2008-02-17 19:15 . 2008-02-17 19:15 <DIR> d-------- C:\Users\Robin\AppData\Roaming\TrojanHunter
2008-02-17 17:39 . 2008-02-18 09:09 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-02-15 16:07 . 2008-01-10 00:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-15 15:25 . 2008-02-17 13:42 318,537,759 --a------ C:\Windows\MEMORY.DMP
2008-02-14 19:15 . 2008-02-14 19:15 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-14 19:15 . 2008-02-14 19:15 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-14 19:10 . 2008-02-14 19:10 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-14 19:10 . 2008-02-14 19:10 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-14 19:10 . 2008-02-14 19:10 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-14 19:10 . 2008-02-14 19:10 110,136 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-14 19:10 . 2008-02-14 19:10 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-14 19:10 . 2008-02-14 19:10 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-14 19:10 . 2008-02-14 19:10 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-02-14 19:09 . 2008-02-14 19:09 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 19:09 . 2008-02-14 19:09 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-14 19:09 . 2008-02-14 19:09 806,400 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-14 19:09 . 2008-02-14 19:09 217,144 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-14 19:09 . 2008-02-14 19:09 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-14 19:09 . 2008-02-14 19:09 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-14 19:09 . 2008-02-14 19:09 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-07 17:08 . 2008-02-15 13:07 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-02-07 17:08 . 2008-02-15 13:09 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-07 17:08 . 2008-02-15 13:07 <DIR> d-------- C:\PROGRA~2\Spybot - Search & Destroy
2008-02-06 20:09 . 2008-02-17 18:46 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-02-06 20:09 . 2008-02-17 18:46 <DIR> d-------- C:\PROGRA~2\Lavasoft
2008-02-06 20:08 . 2008-02-06 20:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-05 21:16 . 2008-02-05 21:16 <DIR> d-------- C:\Users\Robin\AppData\Roaming\InstallShield
2008-02-05 21:16 . 2008-02-05 21:16 <DIR> d-------- C:\Program Files\Wal-Mart Music Downloads Store

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 00:16 --------- d-----w C:\Program Files\Trend Micro
2008-02-23 00:00 --------- d-----w C:\PROGRA~2\SiteAdvisor
2008-02-22 22:54 61,224 ----a-w C:\Users\Robin\GoToAssistDownloadHelper.exe
2008-02-22 04:20 --------- d-----w C:\Users\Robin\AppData\Roaming\SiteAdvisor
2008-02-22 00:16 --------- d-----w C:\PROGRA~2\McAfee
2008-02-21 23:11 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-02-15 00:09 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-15 00:09 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-15 00:09 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-15 00:09 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-15 00:05 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-15 00:05 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-15 00:05 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-15 00:05 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-31 01:57 --------- d-----w C:\PROGRA~2\WLInstaller
2008-01-22 00:06 --------- d-----w C:\PROGRA~2\CyberLink
2008-01-20 02:04 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-20 02:04 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-19 11:54 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-19 11:54 --------- d-----w C:\Program Files\Windows Mail
2008-01-19 11:47 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-18 23:36 --------- d-----w C:\PROGRA~2\Ulead Systems
2008-01-15 23:39 --------- d-----w C:\Users\Robin\AppData\Roaming\AOL
2008-01-12 23:20 --------- d-----w C:\Program Files\Total 3D
2008-01-09 08:32 276,368 ----a-w C:\Windows\system32\drivers\~GLH0014.TMP
2008-01-08 00:10 --------- d-----w C:\Users\Robin\AppData\Roaming\Simple Star
2008-01-06 13:47 --------- d-----w C:\Program Files\Dell Support Center
2008-01-06 13:47 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-01-06 11:39 --------- d-----w C:\Program Files\Apple Software Update
2008-01-06 11:39 --------- d-----w C:\PROGRA~2\Apple
2008-01-05 02:35 --------- d---a-w C:\PROGRA~2\TEMP
2008-01-04 01:33 --------- d-----w C:\PROGRA~2\Media Center Programs
2008-01-04 01:32 --------- d-----w C:\Program Files\MSN Games
2008-01-03 02:23 --------- d-----w C:\Program Files\PopCap Games
2008-01-03 02:23 --------- d-----w C:\PROGRA~2\PopCap Games
2008-01-03 02:12 --------- d-----w C:\Users\Robin\AppData\Roaming\123 Free Solitaire
2008-01-03 02:11 --------- d-----w C:\Program Files\123 Free Solitaire
2008-01-01 22:09 --------- d-----w C:\Users\Robin\AppData\Roaming\Roxio
2008-01-01 21:53 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-01 21:53 --------- d-----w C:\PROGRA~2\AOL
2008-01-01 12:29 --------- d-----w C:\Users\Robin\AppData\Roaming\Windows Live Writer
2007-12-25 21:33 --------- d-----w C:\PROGRA~2\Corel
2007-12-25 04:08 --------- d-----w C:\Users\Robin\AppData\Roaming\Apple Computer
2007-12-23 00:29 --------- d-----w C:\PROGRA~2\Citrix
2007-12-23 00:28 --------- d-----w C:\Program Files\Citrix
2007-12-23 00:08 --------- d-----w C:\Users\Robin\AppData\Roaming\GrassGames
2007-12-23 00:08 --------- d-----w C:\Program Files\Free Solitaire 3D
2007-12-18 01:46 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-18 01:46 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-18 01:46 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-18 01:46 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-18 01:46 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-18 01:46 299,008 ----a-w C:\Windows\System32\wlansec.dll
2007-12-18 01:46 289,280 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-18 01:46 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-18 01:46 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-18 01:46 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-18 01:45 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-12-18 01:45 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-12-18 01:45 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-12-18 01:45 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-12-18 01:45 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-18 01:44 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-18 01:44 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-12-18 01:44 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-12-18 01:44 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-18 01:41 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-12-17 23:12 80,896 ----a-w C:\Windows\System32\wudriver.dll
2007-12-17 23:12 549,720 ----a-w C:\Windows\System32\wuapi.dll
2007-12-17 23:12 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2007-12-17 23:12 43,352 ----a-w C:\Windows\System32\wups2.dll
2007-12-17 23:12 33,624 ----a-w C:\Windows\System32\wups.dll
2007-12-17 23:12 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2007-12-17 23:12 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2007-12-17 23:11 31,232 ----a-w C:\Windows\System32\wuapp.exe
2007-12-17 23:11 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2007-12-08 19:47 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2007-12-08 19:47 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2007-12-08 19:47 39,936 ----a-w C:\Windows\System32\slcinst.dll
2007-12-08 19:47 351,232 ----a-w C:\Windows\System32\SLUI.exe
2007-12-08 19:47 33,280 ----a-w C:\Windows\System32\slwmi.dll
2007-12-08 19:47 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2007-12-08 19:47 229,888 ----a-w C:\Windows\System32\msshsq.dll
2007-12-08 19:47 223,232 ----a-w C:\Windows\System32\SLC.dll
2007-12-08 19:47 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2007-12-08 19:47 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2007-12-08 19:46 87,040 ----a-w C:\Windows\System32\msoert2.dll
2007-12-08 19:46 750,080 ----a-w C:\Windows\System32\qmgr.dll
2007-12-08 19:46 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2007-12-08 19:46 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2007-12-08 19:46 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2007-12-08 19:45 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2007-12-08 19:45 61,952 ----a-w C:\Windows\System32\cmifw.dll
2007-12-08 19:45 475,136 ----a-w C:\Windows\System32\evr.dll
2007-12-08 19:45 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2007-12-08 19:45 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2007-12-08 19:45 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2007-12-08 19:45 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2007-12-08 19:43 72,192 ----a-w C:\Windows\System32\dot3msm.dll
2007-12-08 19:43 45,568 ----a-w C:\Windows\System32\dot3dlg.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-12-17 11:12 56360 --a------ C:\Program Files\Windows Live\Family Safety\fssbho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 13:09 460784]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]
"Simple Star PhotoShow Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2007-02-28 23:44 308728]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 06:47 1232896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-08 14:38 1006264]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 01:03 17920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 19:35 857648]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-27 23:54 405504]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-09-26 05:47 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-26 05:47 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-09-26 05:47 129560]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-03-21 14:33 1548288]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 17:34 86960]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 17:10 184320]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-08 07:29 1838592]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 14:12 341488]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-09-12 12:00 531272]
"fssui"="C:\Program Files\Windows Live\Family Safety\fssui.exe" [2007-12-17 11:12 243240]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-12-04 16:03 36640]
"HostManager"="C:\Program Files\Common Files\AOL\1199224386\ee\AOLSoftware.exe" [2006-09-25 19:52 50736]
"EarthLink Installer"=" /C" []
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 14:02 1807960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-12-08 07:07:41 50688]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-20 19:13:26 1180952]

C:\Users\Robin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 20:05]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-09-27 23:54]
R2 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
R2 fsssvc;Windows Live OneCare Family Safety;"C:\Program Files\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 11:13]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
R2 Stuffit Archive Name Service;Stuffit Archive Name Service;"C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe" [2007-05-01 10:15]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 19:39]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-26 05:47]
R3 NWADI;NWADI Bus Enumerator;C:\Windows\system32\DRIVERS\NWADIenum.sys [2007-08-16 15:24]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\system32\DRIVERS\nwusbser2.sys [2007-08-16 15:24]
S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe" Start=service []
S3 NWUSBCDFIL;Novatel Wireless Installation CD;C:\Windows\system32\DRIVERS\NwUsbCdFil.sys [2007-08-16 15:24]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2007-08-16 15:24]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 02:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37addde4-e0df-11dc-be30-001d09a80e66}]
\shell\AutoRun\command - G:\Autorun.exe /run
\shell\Shell00\Command - G:\Autorun.exe /run
\shell\Shell01\Command - G:\Autorun.exe /action
\shell\Shell02\Command - G:\Autorun.exe /uninstall

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 14:43:40
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]
-> C:\Windows\system32\DLAAPI_W.DLL
.
Completion time: 2008-02-23 14:44:30
ComboFix2.txt 2008-02-22 17:41:42
ComboFix3.txt 2008-02-22 17:14:43
.
2008-02-21 23:12:13 --- E O F ---




-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, February 23, 2008 5:11:59 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/02/2008
Kaspersky Anti-Virus database records: 577001
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 153306
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 01:59:07

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A81000000003}\Enterprise.mnt Object is locked skipped
C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.ilg Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7b2e4e99486d2830d1b86b9c2983e933_53af283c-a810-40f3-ba1c-33642515ba65 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c011af52d3f9542c296099d8a0a0bbe4_53af283c-a810-40f3-ba1c-33642515ba65 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dell.txt Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ee0c8a0b984d3fa3a17ad6b0839183ed_53af283c-a810-40f3-ba1c-33642515ba65 Object is locked skipped
C:\ProgramData\Microsoft\eHome\mediacenterdatastore.db Object is locked skipped
C:\ProgramData\Microsoft\eHome\SharedGuideBlocks_c02d096cdcc938637e851f40604a417d6129e0e6_0.mem Object is locked skipped
C:\ProgramData\Microsoft\eHome\SharedGuideHeader_c02d096cdcc938637e851f40604a417d6129e0e6.mem Object is locked skipped
C:\ProgramData\Microsoft\eHome\SharedGuideUpdates_c02d096cdcc938637e851f40604a417d6129e0e6.mem Object is locked skipped
C:\ProgramData\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\ProgramData\Trend Micro\PC-cillin\log\pcc_S-1-5-21-2211159594-3256084435-2579178106-1000.log Object is locked skipped
C:\ProgramData\Trend Micro\PC-cillin\log\TmPfw_S-1-5-21-2211159594-3256084435-2579178106-1000.log Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\dbc2e.ht1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\dbdam Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\dbdao Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\dbeam Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\dbeao Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\dbm Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\dbu2d.ht1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\dbvm.cf1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\dbvmh.ht1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\fii.cf1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\fiih.ht1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\hp Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\hpt2i.ht1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\rpm.cf1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\rpm1m.cf1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\rpm1mh.ht1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\rpmh.ht1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008022320080224\index.dat Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008022320080224\index.dat Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Robin\AppData\Roaming\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows\UsrClass.dat{d3853c2a-aa91-11dc-a42b-001d09a80e66}.TM.blf Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows\UsrClass.dat{d3853c2a-aa91-11dc-a42b-001d09a80e66}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows\UsrClass.dat{d3853c2a-aa91-11dc-a42b-001d09a80e66}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows Defender\FileTracker\{B184FC54-6F9E-4188-9006-2C64C8EEA92F} Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Robin\AppData\Local\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Users\Robin\AppData\Local\Temp\Low\~DF482A.tmp Object is locked skipped
C:\Users\Robin\AppData\Local\Temp\~DF2120.tmp Object is locked skipped
C:\Users\Robin\AppData\Local\Temp\~DFE5.tmp Object is locked skipped
C:\Users\Robin\AppData\Local\Temp\~DFF6.tmp Object is locked skipped
C:\Users\Robin\AppData\Roaming\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped
C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Robin\AppData\Roaming\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Users\Robin\AppData\Roaming\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Users\Robin\AppData\Roaming\GTek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Users\Robin\AppData\Roaming\GTek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Users\Robin\AppData\Local Settings\Roaming\SupportSoft\dellsupportcenter\Robin\state\logs\sprtcmd.log Object is locked skipped
C:\Users\Robin\ntuser.dat Object is locked skipped
C:\Users\Robin\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Robin\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Robin\ntuser.dat{0a6f98bb-c61c-11dc-9887-001d09a80e66}.TM.blf Object is locked skipped
C:\Users\Robin\ntuser.dat{0a6f98bb-c61c-11dc-9887-001d09a80e66}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Robin\ntuser.dat{0a6f98bb-c61c-11dc-9887-001d09a80e66}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\bthservsdp.dat Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\MEMORY.DMP Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\setupact.log Object is locked skipped
C:\Windows\Panther\setuperr.log Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.bld Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.bld Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{0a6f98a3-c61c-11dc-9887-001d09a80e66}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{0a6f98a3-c61c-11dc-9887-001d09a80e66}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{0a6f98a3-c61c-11dc-9887-001d09a80e66}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{0a6f98a3-c61c-11dc-9887-001d09a80e66}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.bld Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.bld Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Broadcom Wireless LAN.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
D:\Windows\security\database\secedit.sdb Object is locked skipped

Scan process completed.




Also my pc-cillin detected Freeloader_Smitfraud and Cookie_go
orlando
Regular Member
 
Posts: 18
Joined: February 17th, 2008, 6:27 pm

Re: IE hijack???

Unread postby Katana » February 23rd, 2008, 8:35 pm

There is very little showing in your logs, about when did you notice this problem ?
Please try the following.

Remove Programs

Now click Start---Control Panel. Double click Add or Remove Programs. If any of the following programs are listed there,
click on the program to highlight it, and click on remove.
  • Browser Address Error Redirector
Now close the Control Panel.

Fix With HJT

Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis

Delete Files and Folders
Find and delete the following Files and Folders if present
C:\Windows\Downloaded Program Files\popcaploader.dll << This File




Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\\Documents and Settings\\Username\\Application Data\\Malwarebytes\\Malwarebytes' Anti-Malware\\Logs\\mbam-log-date (time).txt


How are things now ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: IE hijack???

Unread postby orlando » February 24th, 2008, 10:47 am

I found the poploader file but it doesn't give the option to delete it, when i try to type it in up top i get an enexpected error. That's where i stopped. Wasn't sure if i should go ahead and download malwarebytes yet.
orlando
Regular Member
 
Posts: 18
Joined: February 17th, 2008, 6:27 pm

Re: IE hijack???

Unread postby Katana » February 24th, 2008, 1:12 pm

I'll sort the file deletion after you run MalwareBytes, so you can download that now.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: IE hijack???

Unread postby orlando » February 24th, 2008, 2:49 pm

Malwarebytes' Anti-Malware 1.05
Database version: 402

Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 191002
Time elapsed: 45 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WinSecureAv (Rogue.WinSecureAv) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{8113b5de-f7eb-4154-a311-497fb80d8bd0} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.
orlando
Regular Member
 
Posts: 18
Joined: February 17th, 2008, 6:27 pm

Re: IE hijack???

Unread postby Katana » February 24th, 2008, 3:09 pm

katana wrote:There is very little showing in your logs, about when did you notice this problem ?
How are things now ?




Delete a file
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Delete A File On Reboot button.
  • Navigate to C:\Windows\Downloaded Program Files\popcaploader.dll and click on it.
  • Click Open
  • In the window that opens click Yes


TotalScan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Please go to this site Link >> TotalScan << LINK
  • Under Scan Now click the Full Scan button
  • Follow the prompts to install the Active X if necessary
  • Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
  • When the scan is finished, a report will be generated
  • Next to Scan Details click the small Save button and save the report to your desktop.
  • Please post the report in your reply.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: IE hijack???

Unread postby orlando » February 24th, 2008, 3:26 pm

I can't navigate to it, it says i don't have permission to open the file.


Things aren't going well at all :( . I know very little about all of this, so when you say that not much is showing up in the log, but a scan does show things showing up, are those just things that i shouldn't be concerned about?
orlando
Regular Member
 
Posts: 18
Joined: February 17th, 2008, 6:27 pm

Re: IE hijack???

Unread postby Katana » February 24th, 2008, 3:41 pm

orlando wrote: I know very little about all of this, so when you say that not much is showing up in the log, but a scan does show things showing up, are those just things that i shouldn't be concerned about?


Correct :)
The items that have been found so far have all been inactive leftovers.

Do you still have the same problems ?


OTMoveIt
Please download OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: Select all
    C:\Windows\Downloaded Program Files\popcaploader.dll
    

  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: IE hijack???

Unread postby orlando » February 24th, 2008, 3:47 pm

The only problem i have now is that when i click on the internet icon from the desktop, my homepage (MSN) does not load and neither does hotmail. Even if i type it in the browser, neither one will load. I'm not sure if that is a malware induced problem or just settings within pc-cillin.
orlando
Regular Member
 
Posts: 18
Joined: February 17th, 2008, 6:27 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 12 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware