Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HiJack Log Google problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HiJack Log Google problem

Unread postby jetson145 » May 26th, 2009, 10:51 am

Hi There

I somehow got infected with the WinPC Defender crap. I downloaded PCTools-spyware doctor which seems to have taken care of that problem. But it seems that my Google toolbar has been Hijacked and maybe Internet Explorer has been infected. See below for my log.

Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:26 AM, on 5/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\firebird\firebird_1_5\bin\fbguard.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\firebird\firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Plaxo\3.19.0.16\PlaxoHelper_en.exe
C:\Program Files\Plaxo\3.19.0.16\PlaxoSysTray.exe
C:\Documents and Settings\JohnM\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=5060919
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=5060919
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.19.0.16\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.19.0.16\PlaxoSysTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\JohnM\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-21-288083018-2465357610-1430909132-500\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" (User 'Administrator')
O4 - HKUS\S-1-5-21-288083018-2465357610-1430909132-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TimeKron DE AutoStart.lnk = C:\Program Files\SoftwareTech\Diamond\TimeKronDE\TimeKronDE.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2917882710
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://biesseusa.webex.com/client/T23L ... eatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{30E0FFA1-F0DA-4AFF-9822-4AFD07A7F577}: Domain = hsc.local
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CADopia License Manager - Macrovision Corporation - C:\PROGRA~1\CADopia\CADOPI~1\LicenseManager\lmgrd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\firebird\firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\firebird\firebird_1_5\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\Interbase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Program Files\Borland\Interbase\bin\ibserver.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 14491 bytes
jetson145
Active Member
 
Posts: 3
Joined: May 26th, 2009, 10:31 am
Advertisement
Register to Remove

Re: HiJack Log Google problem

Unread postby MWR 3 day Mod » May 29th, 2009, 10:33 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: HiJack Log Google problem

Unread postby Bio-Hazard » May 30th, 2009, 2:31 pm

Hello and Welcome to forums!

My name is Bio-Hazard and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

  • I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • I f you don't know or understand something please don't hesitate to ask.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.

No Reply Within 5 Days Will Result In Your Topic Being Closed!!
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: HiJack Log Google problem

Unread postby Bio-Hazard » May 30th, 2009, 2:37 pm

STEP 1

Download DDS

Please download DDS by sUBs from one of the links below and save it to your desktop:

Image
Download DDS and save it to your desktop from:

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply


STEP 2


Gmer

Please download Gmer by Gmer and save it to your desktop.

  • Right click on gmer.zip and select Extract All....
  • Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  • Click on the Browse button. Click on Desktop. Then click OK.
  • Click Next. It will start extracting.
  • Once done, check (tick) the Show extracted files box and click Finish.
  • Double click on gmer.exe to run it.
  • Select the Rootkit tab.
  • On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click on the Scan button.
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard.
  • Open Notepad or a similar text editor.
  • Paste the clipboard contents into the text editor.
  • Save the Gmer scan log and post it in your next reply.
  • Close Gmer.

Note: Do not run any programs while Gmer is running.



Next Reply

Please reply with:
  • DDS.txt
  • Attach.txt
  • Gmer log
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: HiJack Log Google problem

Unread postby jetson145 » June 2nd, 2009, 3:57 pm

See attached files. The GMER scan has made my computer crash twice(memory dump). Does it always take 3 hours to run this scan. I need to back up before I scan again

See attached files


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/12/2006 4:03:06 PM
System Uptime: 6/1/2009 8:51:56 AM (3 hours ago)

Motherboard: Dell Inc. | | 0WG864
Processor: Intel(R) Pentium(R) D CPU 2.66GHz | Microprocessor | 2660/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 144 GiB total, 108.801 GiB free.
D: is CDROM ()
R: is NetworkDisk (NTFS) - 453 GiB total, 407.659 GiB free.
S: is NetworkDisk (NTFS) - 453 GiB total, 407.659 GiB free.
T: is NetworkDisk (NTFS) - 453 GiB total, 407.659 GiB free.
U: is NetworkDisk (NTFS) - 453 GiB total, 407.659 GiB free.
Z: is NetworkDisk (NTFS) - 453 GiB total, 407.659 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ROOT\MEDIA\0000
Manufacturer: SndTDriverV32
Name:
PNP Device ID: ROOT\MEDIA\0000
Service:

==== System Restore Points ===================

RP910: 2/28/2009 5:11:28 AM - System Checkpoint
RP911: 3/1/2009 7:47:36 AM - System Checkpoint
RP912: 3/2/2009 8:11:48 AM - System Checkpoint
RP913: 3/3/2009 12:15:00 PM - System Checkpoint
RP914: 3/4/2009 2:29:49 PM - System Checkpoint
RP915: 3/5/2009 5:25:14 PM - System Checkpoint
RP916: 3/6/2009 5:30:41 PM - System Checkpoint
RP917: 3/7/2009 6:11:35 PM - System Checkpoint
RP918: 3/8/2009 6:23:37 PM - System Checkpoint
RP919: 3/9/2009 7:05:27 PM - System Checkpoint
RP920: 3/10/2009 7:11:38 PM - System Checkpoint
RP921: 3/11/2009 2:00:21 AM - Software Distribution Service 3.0
RP922: 3/12/2009 2:12:15 AM - System Checkpoint
RP923: 3/13/2009 3:00:27 AM - System Checkpoint
RP924: 3/14/2009 3:12:17 AM - System Checkpoint
RP925: 3/15/2009 5:12:19 AM - System Checkpoint
RP926: 3/16/2009 6:24:20 AM - System Checkpoint
RP927: 3/17/2009 3:00:15 AM - Software Distribution Service 3.0
RP928: 3/18/2009 3:16:51 AM - System Checkpoint
RP929: 3/19/2009 4:16:52 AM - System Checkpoint
RP930: 3/20/2009 6:17:01 AM - System Checkpoint
RP931: 3/21/2009 7:16:52 AM - System Checkpoint
RP932: 3/22/2009 8:16:54 AM - System Checkpoint
RP933: 3/23/2009 10:56:29 AM - System Checkpoint
RP934: 3/24/2009 5:20:44 PM - System Checkpoint
RP935: 3/25/2009 5:27:48 PM - System Checkpoint
RP936: 3/26/2009 5:43:34 PM - System Checkpoint
RP937: 3/27/2009 9:05:04 PM - System Checkpoint
RP938: 3/28/2009 9:16:58 PM - System Checkpoint
RP939: 3/29/2009 10:24:28 PM - System Checkpoint
RP940: 3/30/2009 3:45:00 PM - Installed CADopia Standard 6
RP941: 3/31/2009 4:59:39 PM - System Checkpoint
RP942: 4/1/2009 5:38:14 PM - System Checkpoint
RP943: 4/2/2009 7:49:54 PM - System Checkpoint
RP944: 4/3/2009 8:15:50 PM - System Checkpoint
RP945: 4/4/2009 9:15:48 PM - System Checkpoint
RP946: 4/5/2009 10:28:37 PM - System Checkpoint
RP947: 4/6/2009 11:15:51 PM - System Checkpoint
RP948: 4/8/2009 12:15:50 AM - System Checkpoint
RP949: 4/9/2009 1:15:42 AM - System Checkpoint
RP950: 4/10/2009 2:15:42 AM - System Checkpoint
RP951: 4/11/2009 2:15:45 AM - System Checkpoint
RP952: 4/12/2009 3:15:49 AM - System Checkpoint
RP953: 4/13/2009 7:27:53 AM - System Checkpoint
RP954: 4/14/2009 8:59:58 AM - System Checkpoint
RP955: 4/15/2009 9:16:55 AM - System Checkpoint
RP956: 4/16/2009 3:00:32 AM - Software Distribution Service 3.0
RP957: 4/17/2009 3:17:07 AM - System Checkpoint
RP958: 4/18/2009 4:17:06 AM - System Checkpoint
RP959: 4/19/2009 5:17:08 AM - System Checkpoint
RP960: 4/20/2009 5:17:19 AM - System Checkpoint
RP961: 4/21/2009 6:53:09 AM - System Checkpoint
RP962: 4/22/2009 12:27:39 PM - System Checkpoint
RP963: 4/23/2009 2:11:39 PM - System Checkpoint
RP964: 4/24/2009 2:54:06 PM - System Checkpoint
RP965: 4/25/2009 3:31:13 PM - System Checkpoint
RP966: 4/26/2009 6:07:19 PM - System Checkpoint
RP967: 4/27/2009 6:31:17 PM - System Checkpoint
RP968: 4/28/2009 7:31:16 PM - System Checkpoint
RP969: 4/29/2009 8:31:16 PM - System Checkpoint
RP970: 4/30/2009 3:00:18 AM - Software Distribution Service 3.0
RP971: 5/1/2009 3:31:20 AM - System Checkpoint
RP972: 5/2/2009 4:31:16 AM - System Checkpoint
RP973: 5/3/2009 5:31:18 AM - System Checkpoint
RP974: 5/4/2009 6:31:21 AM - System Checkpoint
RP975: 5/5/2009 6:55:25 AM - System Checkpoint
RP976: 5/6/2009 7:31:21 AM - System Checkpoint
RP977: 5/7/2009 8:32:29 AM - System Checkpoint
RP978: 5/8/2009 9:16:13 AM - System Checkpoint
RP979: 5/9/2009 9:43:25 AM - System Checkpoint
RP980: 5/10/2009 10:31:25 AM - System Checkpoint
RP981: 5/11/2009 10:46:35 AM - System Checkpoint
RP982: 5/12/2009 11:31:30 AM - System Checkpoint
RP983: 5/13/2009 12:31:31 PM - System Checkpoint
RP984: 5/14/2009 3:00:20 AM - Software Distribution Service 3.0
RP985: 5/15/2009 5:12:22 AM - System Checkpoint
RP986: 5/16/2009 6:16:03 AM - System Checkpoint
RP987: 5/17/2009 6:31:39 AM - System Checkpoint
RP988: 5/18/2009 8:28:54 AM - System Checkpoint
RP989: 5/19/2009 8:32:45 AM - System Checkpoint
RP990: 5/20/2009 9:27:47 AM - System Checkpoint
RP991: 5/21/2009 9:36:39 AM - System Checkpoint
RP992: 5/22/2009 11:30:24 AM - System Checkpoint
RP993: 5/26/2009 11:23:57 AM - System Checkpoint
RP994: 5/27/2009 1:11:47 PM - System Checkpoint
RP995: 5/28/2009 2:16:07 PM - System Checkpoint

==== Installed Programs ======================

ACE Mega CoDecS Pack
Ad-Aware SE Personal
Adobe Acrobat 8 Standard
Adobe Acrobat 8 Standard - English, Français, Deutsch
Adobe Acrobat 8.1.5 - CPSID_49013
Adobe Acrobat 8.1.5 Standard
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Help Center 2.1
Adobe Photoshop Elements 5.0
Adobe Reader 7.0.9
AOLIcon
Apple Mobile Device Support
Apple Software Update
Bonjour
CADopia Standard 6
Citrix Web Client
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Corel Applications
Critical Update for Windows Media Player 11 (KB959772)
CURRIES Order Writing
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell System Restore
Digital Content Portal
DING!
Documentation & Support Launcher
ELIcon
Frontier PowerBids - Eggers
Garmin Communicator Plugin
Garmin POI Loader
GemMaster Mystic
Genesis Evolution 7.0 Sp5
Google Chrome
Google SketchUp 6
Google Toolbar for Internet Explorer
GoToMyPC
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections
iTunes
J2SE Runtime Environment 5.0 Update 6
LAN-Fax Utilities
LiveUpdate 3.0 (Symantec Corporation)
MAS 200 Workstation (C:\Program Files\Best\MAS 200 Client\Version4\MAS90\)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Access 2002 Runtime
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Small Business Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
MobileMe Control Panel
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NVIDIA Drivers
NVT Malware Remover Tool v2.0.8b1
Otto
Plaxo Toolbar for Windows
PRO-TECH
PRO-TECH+
PWS
QuickTime
RealPlayer
Registry Mechanic 8.0
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Sentinel Protection Installer 7.4.0
Sentinel System Driver Installer 7.4.2
SmartDraw 2007
SoftTime Diamond Edition
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Spybot - Search & Destroy 1.4
Spyware Doctor 6.0
Symantec AntiVirus
The ITEMIZER 7.0
TimeKron Diamond Edition
TOADCRT
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
VNC Enterprise Edition E4.2.8
WebEx
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

5/27/2009 9:08:35 PM, error: SAVRT [20] - Unable to initialize the virus scanning engine database files.
5/26/2009 7:51:11 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
5/26/2009 7:46:53 AM, error: Service Control Manager [7024] - The Symantec SPBBCSvc service terminated with service-specific error 4294967295 (0xFFFFFFFF).
5/26/2009 7:44:18 AM, error: Service Control Manager [7034] - The CADopia License Manager service terminated unexpectedly. It has done this 1 time(s).
5/26/2009 7:44:18 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PC Tools Security Service service to connect.
5/26/2009 7:44:18 AM, error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/26/2009 11:00:58 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .
5/26/2009 11:00:58 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80U.DLL. Reference error message: The operation completed successfully. .
5/26/2009 11:00:58 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.

==== End Of File ===========================



DDS (Ver_09-05-14.01) - NTFSx86
Run by JohnM at 11:34:41.48 on Mon 06/01/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.676 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\firebird\firebird_1_5\bin\fbguard.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Plaxo\3.19.0.16\PlaxoHelper_en.exe
C:\Program Files\Plaxo\3.19.0.16\PlaxoSysTray.exe
C:\Program Files\firebird\firebird_1_5\bin\fbserver.exe
C:\Documents and Settings\JohnM\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Symantec AntiVirus\VPC32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\JohnM\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=5060919
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [PlaxoUpdate] c:\program files\plaxo\3.19.0.16\PlaxoHelper_en.exe -a
uRun: [PlaxoSysTray] c:\program files\plaxo\3.19.0.16\PlaxoSysTray.exe
uRun: [Google Update] "c:\documents and settings\johnm\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\apdproxy.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [GoToMyPC] "c:\program files\citrix\gotomypc\g2svc.exe" -logon
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\docume~1\johnm\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\johnm\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\timekr~1.lnk - c:\program files\softwaretech\diamond\timekronde\TimeKronDE.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} - hxxps://www.plaxo.com/down/latest/PlaxoInstall.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 2917882710
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/f ... wflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://biesseusa.webex.com/client/T23L ... eatgpc.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-22 130936]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-7 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-7 169632]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_1_5\bin\fbguard.exe [2004-12-13 65536]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-3-17 115952]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-5-22 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-5-22 1095560]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-3-17 1799408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-10 101936]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_1_5\bin\fbserver.exe [2004-12-13 1527893]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090531.003\naveng.sys [2009-6-1 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090531.003\navex15.sys [2009-6-1 876144]
S2 CADopia License Manager;CADopia License Manager;c:\progra~1\cadopia\cadopi~1\licensemanager\lmgrd.exe [2004-2-4 696320]

=============== Created Last 30 ================

2009-05-22 20:20 <DIR> --d----- c:\program files\Trend Micro
2009-05-22 19:36 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-05-22 19:36 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-05-22 19:36 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-22 19:36 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-05-22 19:36 <DIR> --d----- c:\program files\common files\PC Tools
2009-05-22 19:36 <DIR> --d----- c:\program files\Spyware Doctor
2009-05-22 19:36 <DIR> --d----- c:\docume~1\johnm\applic~1\PC Tools
2009-05-22 19:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-05-22 18:43 <DIR> --d----- c:\program files\NVT Malware Remover Tool
2009-05-22 18:02 224 a------- c:\windows\system32\UACoyumhpckkgqrqhd.dat
2009-05-21 10:02 753,257 a------- C:\100278.prj
2009-05-15 08:43 1,362,432 a------- c:\windows\system32\UDFPricing.dll
2009-05-15 08:42 <DIR> --d-h--- c:\program files\Zero G Registry
2009-05-15 08:42 <DIR> --d-h--- c:\documents and settings\johnm\InstallAnywhere
2009-05-13 08:00 552 a------- c:\windows\system32\d3d8caps.dat

==================== Find3M ====================

2009-03-21 09:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 09:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2008-05-05 16:31 3,902,784 a------- c:\documents and settings\johnm\gosetup.exe
2008-04-28 17:03 724,984 a------- c:\documents and settings\johnm\gotomypc_437.exe
2007-08-23 14:57 722,176 a------- c:\documents and settings\johnm\gotomypc_428.exe
2007-05-09 17:39 251 a------- c:\program files\wt3d.ini
2006-11-29 16:17 78 a------- c:\docume~1\johnm\applic~1\wklnhst.dat
2006-10-12 17:49 88 ---shr-- c:\windows\system32\3992416D67.sys
2006-10-12 17:49 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-24 11:12 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092420080925\index.dat

============= FINISH: 11:35:23.62 ===============
jetson145
Active Member
 
Posts: 3
Joined: May 26th, 2009, 10:31 am

Re: HiJack Log Google problem

Unread postby Bio-Hazard » June 2nd, 2009, 6:34 pm

See attached files. The GMER scan has made my computer crash twice(memory dump). Does it always take 3 hours to run this scan. I need to back up before I scan again


I am sorry you had problems with Gmer. It looks like it is due to a infection you have.


Download and Run ComboFix

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Here you can find a tutorial about Combofix: HOW TO USE COMBOFIX

  • You must download it to and run it from your Desktop
  • ComboFix SHOULD NOT be used unless requested by a forum helper.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. A guide to do this can be found HERE
  • Double click on ComboFix.exe and follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • Combofix should never take more that 20 minutes including the reboot if malware is detected.

IMPORTANT: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.



Next Reply

Please reply with:
  • ComboFix log (found at C:\Combofix.txt)
  • New HijackThis log
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: HiJack Log Google problem

Unread postby NonSuch » June 7th, 2009, 3:02 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 268 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware