webdeb59 Posted August 5, 2009 ID:106406 Share Posted August 5, 2009 I have been trying to run Malwarebytes to attempt to fix a problem on my computer. Everywhere I look I'm told to run Malwarebytes program. I have downloaded and installed this several times each time getting VbAccelerator SGrid II Control Run-time Error 0 and Malwarebytes' Anti-Malware Run-time Error 440 Automation Error I get both error one after another multiple times. I have installed and uninstalled the software, purchased the software and still get the same results. Now I've posted to get help after reading about someone else's similar problem and running combofix and am posting the HJT log here for assistance. Please let me know if you would like to see the combofix log as well.Any help would be appreciated!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:04:46 PM, on 8/5/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exeC:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\HPZipm12.exeC:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXEC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\UAService7.exeC:\Program Files\Common Files\Dell\EUSW\Support.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\System32\DSentry.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\explorer.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dllO2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLLO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dllO4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exeO4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeO4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenterO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnkO9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnkO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: http://www.washingtonpost.comO16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cabO16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CABO16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/Install...ive/HS_live.cabO16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cabO16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cabO16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cabO16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 9, 2009 Root Admin ID:107822 Share Posted August 9, 2009 Please let me know if you still need help with this. Link to post Share on other sites More sharing options...
webdeb59 Posted August 9, 2009 Author ID:107852 Share Posted August 9, 2009 Please let me know if you still need help with this.Yes, I do. My computer freezes up arbitrarily more and more and I still can not install Malwarebytes to run through the steps prior to really addressing the problem.Any help would be much appreciated. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 9, 2009 Root Admin ID:108051 Share Posted August 9, 2009 Okay please disable your Anti-Virus and run this scanner and post back the log.Please visit this webpage for instructions for downloading ComboFix to your DESKTOP : how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first.NOTE!!: You must save and run ComboFix.exe on your DESKTOP and not from any other folder.Also, DO NOT click the mouse or launch any other applications while this is running or it may stall the programAdditional links to download the tool:ComboFix.exeComboFix.exeComboFix.exeNote: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system. Link to post Share on other sites More sharing options...
webdeb59 Posted August 10, 2009 Author ID:108098 Share Posted August 10, 2009 Here is the combo-fix log and the hjt.ComboFix 09-08-09.04 - Deborah Chase 08/09/2009 20:07.3.2 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.244 [GMT -4:00]Running from: c:\documents and settings\Deborah Chase\Desktop\ComboFix.exeAV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\recycler\NPROTECTc:\recycler\NPROTECT\00000000.DATc:\recycler\NPROTECT\00000001.DATc:\recycler\NPROTECT\00000002c:\recycler\NPROTECT\00000003c:\recycler\NPROTECT\00000004c:\recycler\NPROTECT\00000005c:\recycler\NPROTECT\00000006c:\recycler\NPROTECT\00000007c:\recycler\NPROTECT\00000009c:\recycler\NPROTECT\00000011c:\recycler\NPROTECT\00000012c:\recycler\NPROTECT\00000013c:\recycler\NPROTECT\00000014c:\recycler\NPROTECT\00000017.DATc:\recycler\NPROTECT\00000018c:\recycler\NPROTECT\00000019c:\recycler\NPROTECT\00000020c:\recycler\NPROTECT\00000021c:\recycler\NPROTECT\00000022c:\recycler\NPROTECT\00000023c:\recycler\NPROTECT\00000024c:\recycler\NPROTECT\00000027c:\recycler\NPROTECT\00000028.DATc:\recycler\NPROTECT\00000029c:\recycler\NPROTECT\00000030c:\recycler\NPROTECT\00000031c:\recycler\NPROTECT\00000032c:\recycler\NPROTECT\00000033c:\recycler\NPROTECT\00000034c:\recycler\NPROTECT\00000035c:\recycler\NPROTECT\00000036c:\recycler\NPROTECT\00000037c:\recycler\NPROTECT\00000038c:\recycler\NPROTECT\00000039c:\recycler\NPROTECT\00000040c:\recycler\NPROTECT\00000041c:\recycler\NPROTECT\00000042c:\recycler\NPROTECT\00000043c:\recycler\NPROTECT\00000044c:\recycler\NPROTECT\00000045c:\recycler\NPROTECT\00000048c:\recycler\NPROTECT\00000049c:\recycler\NPROTECT\00000051c:\recycler\NPROTECT\00000052c:\recycler\NPROTECT\00000053c:\recycler\NPROTECT\00000054c:\recycler\NPROTECT\00000055c:\recycler\NPROTECT\00000056c:\recycler\NPROTECT\00000057c:\recycler\NPROTECT\00000058c:\recycler\NPROTECT\00000059c:\recycler\NPROTECT\00000060c:\recycler\NPROTECT\00000061c:\recycler\NPROTECT\00000062c:\recycler\NPROTECT\00000063c:\recycler\NPROTECT\00000064c:\recycler\NPROTECT\00000065c:\recycler\NPROTECT\00000066c:\recycler\NPROTECT\00000067c:\recycler\NPROTECT\00000069c:\recycler\NPROTECT\00000070c:\recycler\NPROTECT\00000072c:\recycler\NPROTECT\00000073c:\recycler\NPROTECT\00000074c:\recycler\NPROTECT\00000077c:\recycler\NPROTECT\00000078c:\recycler\NPROTECT\00000079c:\recycler\NPROTECT\00000080c:\recycler\NPROTECT\00000082c:\recycler\NPROTECT\00000084c:\recycler\NPROTECT\00000085c:\recycler\NPROTECT\00000086c:\recycler\NPROTECT\00000087c:\recycler\NPROTECT\00000088c:\recycler\NPROTECT\00000090c:\recycler\NPROTECT\00000091c:\recycler\NPROTECT\00000092c:\recycler\NPROTECT\00000093c:\recycler\NPROTECT\00000094c:\recycler\NPROTECT\00000095c:\recycler\NPROTECT\00000096c:\recycler\NPROTECT\00000097c:\recycler\NPROTECT\00000099c:\recycler\NPROTECT\00000100c:\recycler\NPROTECT\00000101c:\recycler\NPROTECT\00000103c:\recycler\NPROTECT\00000104c:\recycler\NPROTECT\00000105c:\recycler\NPROTECT\00000107c:\recycler\NPROTECT\00000108c:\recycler\NPROTECT\00000109c:\recycler\NPROTECT\00000110c:\recycler\NPROTECT\00000111c:\recycler\NPROTECT\00000112c:\recycler\NPROTECT\00000114c:\recycler\NPROTECT\00000115c:\recycler\NPROTECT\00000116c:\recycler\NPROTECT\00000117c:\recycler\NPROTECT\00000118c:\recycler\NPROTECT\00000120c:\recycler\NPROTECT\00000121c:\recycler\NPROTECT\00000122c:\recycler\NPROTECT\00000123c:\recycler\NPROTECT\00000124c:\recycler\NPROTECT\00000125c:\recycler\NPROTECT\00000126c:\recycler\NPROTECT\00000127c:\recycler\NPROTECT\00000128c:\recycler\NPROTECT\00000129c:\recycler\NPROTECT\00000130c:\recycler\NPROTECT\00000131c:\recycler\NPROTECT\00000132c:\recycler\NPROTECT\00000136c:\recycler\NPROTECT\00000137.datc:\recycler\NPROTECT\00000138.datc:\recycler\NPROTECT\00000139.datc:\recycler\NPROTECT\00000140.datc:\recycler\NPROTECT\00000142c:\recycler\NPROTECT\00000143c:\recycler\NPROTECT\00000144c:\recycler\NPROTECT\00000145c:\recycler\NPROTECT\00000146c:\recycler\NPROTECT\00000147c:\recycler\NPROTECT\00000148c:\recycler\NPROTECT\00000149c:\recycler\NPROTECT\00000150c:\recycler\NPROTECT\00000151c:\recycler\NPROTECT\00000152c:\recycler\NPROTECT\00000154c:\recycler\NPROTECT\00000156.datc:\recycler\NPROTECT\00000158c:\recycler\NPROTECT\00000159.batc:\recycler\NPROTECT\00000160c:\recycler\NPROTECT\00000161c:\recycler\NPROTECT\00000162c:\recycler\NPROTECT\00000163c:\recycler\NPROTECT\00000164c:\recycler\NPROTECT\00000165c:\recycler\NPROTECT\00000167c:\recycler\NPROTECT\00000168c:\recycler\NPROTECT\00000170c:\recycler\NPROTECT\00000171c:\recycler\NPROTECT\00000172c:\recycler\NPROTECT\00000175c:\recycler\NPROTECT\00000176c:\recycler\NPROTECT\00000177c:\recycler\NPROTECT\00000178c:\recycler\NPROTECT\00000179c:\recycler\NPROTECT\00000180c:\recycler\NPROTECT\00000181c:\recycler\NPROTECT\00000183c:\recycler\NPROTECT\00000184c:\recycler\NPROTECT\00000185c:\recycler\NPROTECT\00000186c:\recycler\NPROTECT\00000187c:\recycler\NPROTECT\00000188c:\recycler\NPROTECT\00000189c:\recycler\NPROTECT\00000190c:\recycler\NPROTECT\00000191c:\recycler\NPROTECT\00000192c:\recycler\NPROTECT\00000193c:\recycler\NPROTECT\00000194c:\recycler\NPROTECT\00000195c:\recycler\NPROTECT\00000196c:\recycler\NPROTECT\00000197c:\recycler\NPROTECT\00000198c:\recycler\NPROTECT\00000199c:\recycler\NPROTECT\00000200c:\recycler\NPROTECT\00000201c:\recycler\NPROTECT\00000202c:\recycler\NPROTECT\00000203c:\recycler\NPROTECT\00000204c:\recycler\NPROTECT\00000205c:\recycler\NPROTECT\00000206c:\recycler\NPROTECT\00000208c:\recycler\NPROTECT\00000209c:\recycler\NPROTECT\00000210c:\recycler\NPROTECT\00000211c:\recycler\NPROTECT\00000213c:\recycler\NPROTECT\00000216c:\recycler\NPROTECT\00000217c:\recycler\NPROTECT\00000218c:\recycler\NPROTECT\00000219c:\recycler\NPROTECT\00000220c:\recycler\NPROTECT\00000221.datc:\recycler\NPROTECT\00000222c:\recycler\NPROTECT\00000223.badc:\recycler\NPROTECT\00000224c:\recycler\NPROTECT\00000225c:\recycler\NPROTECT\00000226c:\recycler\NPROTECT\00000227c:\recycler\NPROTECT\00000228c:\recycler\NPROTECT\00000235c:\recycler\NPROTECT\00000236.md5c:\recycler\NPROTECT\NPROTECT.LOG.((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 ))))))))))))))))))))))))))))))).2009-08-09 22:55 . 2009-07-27 18:24 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090809.020\NAVENG32.DLL2009-08-09 22:55 . 2009-07-27 18:24 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090809.020\NAVEX32A.DLL2009-08-09 22:55 . 2009-07-27 08:00 87888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090809.020\NAVENG.SYS2009-08-09 22:55 . 2009-07-27 08:00 875728 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090809.020\NAVEX15.SYS2009-08-09 22:55 . 2009-07-27 18:25 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090809.020\EECTRL.SYS2009-08-09 22:55 . 2009-07-27 18:25 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090809.020\ERASER.SYS2009-08-09 22:55 . 2009-07-27 18:24 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090809.020\ECMSVR32.DLL2009-08-09 22:55 . 2009-07-27 18:24 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090809.020\CCERASER.DLL2009-08-05 19:04 . 2009-08-05 19:04 -------- d-----w- c:\program files\Trend Micro2009-08-04 23:06 . 2009-08-04 23:06 152576 ----a-w- c:\documents and settings\Deborah Chase\Application Data\Sun\Java\jre1.6.0_15\lzma.dll2009-08-02 03:23 . 2009-08-02 03:23 -------- d-----w- C:\Symlogs2009-08-02 02:10 . 2009-04-03 15:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys2009-08-02 02:10 . 2008-12-18 16:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys2009-08-02 02:10 . 2009-08-02 02:10 -------- d-----w- c:\program files\Common Files\PC Tools2009-08-02 02:10 . 2009-08-02 02:10 -------- d-----w- c:\program files\PC Tools AntiVirus2009-08-01 19:14 . 2009-08-01 19:14 -------- d-----w- c:\program files\ERUNT2009-07-30 22:33 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\Scxpx86.dll2009-07-30 22:32 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys2009-07-30 22:32 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSxpx86.dll2009-07-30 22:32 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys2009-07-30 22:32 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSviA64.sys2009-07-30 04:34 . 2009-07-31 01:51 -------- d-----w- c:\documents and settings\Deborah Chase\Local Settings\Application Data\Deployment2009-07-30 02:22 . 2009-07-30 02:22 -------- d-----w- c:\program files\Lavalys2009-07-27 21:19 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090722.001\IDSXpx86.sys2009-07-27 21:19 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090722.001\Scxpx86.dll2009-07-27 21:19 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090722.001\IDSxpx86.dll2009-07-27 21:19 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090722.001\IDSvix86.sys2009-07-27 21:19 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090722.001\IDSviA64.sys2009-07-27 18:28 . 2009-07-27 18:24 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll2009-07-27 18:27 . 2009-07-27 18:25 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys2009-07-27 18:24 . 2009-07-27 18:24 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll2009-07-27 18:24 . 2009-07-27 18:24 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll2009-07-27 18:24 . 2009-07-27 18:24 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll2009-07-27 18:23 . 2009-07-27 18:23 -------- d-----w- c:\windows\system32\drivers\NIS2009-07-27 18:23 . 2009-07-27 18:23 -------- d-----w- c:\program files\Windows Sidebar2009-07-27 18:10 . 2009-07-27 18:10 -------- d-----w- c:\program files\NortonInstaller2009-07-27 17:44 . 2009-07-27 17:44 10134 ----a-r- c:\documents and settings\Deborah Chase\Application Data\Microsoft\Installer\{4CCC7F68-A437-4559-A840-F5E010934951}\ARPPRODUCTICON.exe2009-07-27 16:06 . 2009-07-27 16:06 -------- d-----w- c:\documents and settings\Deborah Chase\Local Settings\Application Data\Symantec2009-07-26 01:11 . 2009-08-02 20:24 -------- d-----w- c:\program files\Spybot - Search & Destroy2009-07-25 06:45 . 2009-08-04 15:27 -------- d-----w- c:\program files\Norton SystemWorks Basic Edition2009-07-25 06:08 . 2009-07-27 18:24 -------- d-----w- c:\program files\Norton Internet Security2009-07-25 06:06 . 2009-07-27 18:26 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL2009-07-25 06:06 . 2009-07-27 18:26 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS2009-07-25 06:06 . 2009-07-27 18:26 -------- d-----w- c:\program files\Symantec2009-07-25 02:25 . 2009-07-25 02:25 -------- d-sh--w- c:\documents and settings\Administrator.DEB\PrivacIE2009-07-25 02:24 . 2009-07-25 02:24 -------- d-sh--w- c:\documents and settings\Administrator.DEB\IETldCache2009-07-23 16:18 . 2009-07-23 16:18 152576 ----a-w- c:\documents and settings\Deborah Chase\Application Data\Sun\Java\jre1.6.0_14\lzma.dll2009-07-23 15:54 . 2009-07-23 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink2009-07-23 15:53 . 2009-07-23 15:53 -------- d-----w- c:\program files\Common Files\CyberLink2009-07-23 15:51 . 2009-07-25 03:06 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-08-06 00:45 . 2009-01-29 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2009-08-04 23:08 . 2004-05-29 02:43 -------- d-----w- c:\program files\Java2009-08-02 20:49 . 2005-07-28 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2009-08-01 22:46 . 2007-05-05 15:12 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software2009-08-01 22:46 . 2004-05-29 02:52 -------- d--h--w- c:\program files\InstallShield Installation Information2009-07-27 19:00 . 2004-07-02 21:25 -------- d-----w- c:\documents and settings\Deborah Chase\Application Data\Symantec2009-07-27 18:26 . 2009-07-25 06:06 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF2009-07-27 18:26 . 2009-07-25 06:06 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT2009-07-27 18:23 . 2004-05-29 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec2009-07-27 18:22 . 2009-06-13 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller2009-07-27 18:21 . 2004-05-29 03:04 -------- d-----w- c:\program files\Common Files\Symantec Shared2009-07-27 18:11 . 2009-06-13 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton2009-07-27 17:44 . 2004-07-02 21:41 -------- d-----w- c:\program files\HP2009-07-26 23:59 . 2009-03-16 01:59 -------- d-----w- c:\documents and settings\Deborah Chase\Application Data\OfficeUpdate122009-07-25 09:23 . 2008-11-10 18:44 411368 ----a-w- c:\windows\system32\deploytk.dll2009-07-25 03:41 . 2009-01-29 13:55 -------- d-----w- c:\documents and settings\Deborah Chase\Application Data\Malwarebytes2009-07-25 03:07 . 2004-05-29 02:54 -------- d-----w- c:\program files\CyberLink2009-07-23 15:51 . 2008-07-10 16:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP2009-07-23 15:50 . 2003-12-06 03:11 353576 ----a-w- c:\windows\system32\msvcr71.dll2009-07-23 15:50 . 2003-12-06 03:11 505128 ----a-w- c:\windows\system32\msvcp71.dll2009-07-23 15:50 . 2003-12-06 03:09 29480 ----a-w- c:\windows\system32\msxml3a.dll2009-07-05 12:31 . 2009-07-05 12:31 -------- d-----w- c:\program files\OverDrive Media Console2009-07-03 17:09 . 2004-08-24 00:32 915456 ----a-w- c:\windows\system32\wininet.dll2009-06-30 00:07 . 2009-03-16 01:59 264704 ------w- c:\documents and settings\Deborah Chase\Application Data\OfficeUpdate12\oudetect.dll2009-06-16 14:36 . 2002-08-29 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll2009-06-16 14:36 . 2002-08-29 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll2009-06-14 10:16 . 2009-06-13 21:22 -------- d-----w- c:\program files\Windows Installer Clean Up2009-06-13 21:22 . 2008-08-05 02:47 -------- d-----w- c:\program files\MSECache2009-06-13 19:35 . 2009-01-31 00:01 664 ----a-w- c:\windows\system32\d3d9caps.dat2009-06-13 19:23 . 2009-06-13 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee2009-06-13 16:40 . 2004-07-02 21:25 108664 ----a-w- c:\documents and settings\Deborah Chase\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2009-06-13 15:32 . 2007-02-02 05:08 -------- d-----w- c:\program files\Yahoo!2009-06-13 12:52 . 2009-06-13 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings2009-06-03 19:09 . 2003-05-30 14:00 1291264 ----a-w- c:\windows\system32\quartz.dll2009-06-03 00:49 . 2009-06-03 00:49 390664 ----a-w- c:\documents and settings\Deborah Chase\Application Data\Real\RealPlayer\Update\RealPlayer11.exe.((((((((((((((((((((((((((((( SnapShot@2009-08-05_18.53.39 ))))))))))))))))))))))))))))))))))))))))).+ 2009-08-09 20:36 . 2009-08-09 20:36 16384 c:\windows\temp\Perflib_Perfdata_890.dat+ 2009-08-10 00:19 . 2009-08-10 00:19 16384 c:\windows\temp\Perflib_Perfdata_56c.dat+ 2009-03-20 15:48 . 2009-03-20 15:48 183808 c:\windows\Installer\b4b05.msp.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584]"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-12-06 50688]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-08 185896]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]"NSWosCheck"="c:\program files\Norton SystemWorks Basic Edition\osCheck.exe" [2007-09-18 25472]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoViewOnDrive"= 0 (0x0)[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ ????\0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]@="FSFilter Activity Monitor"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"YahooAUService"=2 (0x2)"VSS"=3 (0x3)"RSVP"=3 (0x3)"aspnet_state"=3 (0x3)"Apple Mobile Device"=2 (0x2)"Alerter"=2 (0x2)"Adobe LM Service"=3 (0x3)[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"="c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016"500:UDP"= 500:UDP:@xpsp2res.dll,-22017R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [8/1/2009 10:10 PM 130936]R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\NIS\1005000.087\SymEFA.sys [7/27/2009 2:25 PM 310320]R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\SYSTEM32\DRIVERS\NIS\1005000.087\BHDrvx86.sys [7/27/2009 2:25 PM 258608]R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\NIS\1005000.087\cchpx86.sys [7/27/2009 2:25 PM 482352]R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys [7/30/2009 6:32 PM 276344]R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [7/27/2009 2:25 PM 115560]R2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~2\NORTON~1\NPROTECT.EXE [11/3/2005 11:08 PM 95832]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/6/2009 8:33 PM 101936]S3 MotDev;Motorola Inc. USB Device;c:\windows\SYSTEM32\DRIVERS\motodrv.sys [8/26/2008 3:22 PM 42112]S4 Intacd;Intacd; [x][HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12.Contents of the 'Scheduled Tasks' folder2009-08-03 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job- c:\program files\Norton SystemWorks Basic Edition\OBC.exe [2007-09-18 12:22]..------- Supplementary Scan -------.uStart Page = hxxp://www.yahoo.com/mWindow Title = Microsoft Internet Explorer provided by ComcastmSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.htmluInternet Connection Wizard,ShellNext = iexploreuSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.comTrusted Zone: washingtonpost.com\wwwDPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cabDPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} - hxxp://www.shockwave.com/content/ballistik/sis/slgwebinstall.cabDPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - hxxp://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-08-09 20:20Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???x???x???????????????????x???8???????x???x???????????x???????????x???x????????????????????????????????????????D?w????????????7??w????x???x?????????????? scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton Internet Security]"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1".--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'explorer.exe'(576)c:\windows\system32\WININET.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll.------------------------ Other Running Processes ------------------------.c:\program files\Common Files\Symantec Shared\CCSVCHST.EXEc:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exec:\program files\Java\jre6\bin\jqs.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\windows\SYSTEM32\nvsvc32.exec:\windows\SYSTEM32\hpzipm12.exec:\progra~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.exec:\program files\Dell Support Center\bin\sprtsvc.exec:\windows\SYSTEM32\UAService7.exec:\program files\Dell\Support\Alert\bin\NotifyAlert.exec:\program files\Common Files\Symantec Shared\CCSVCHST.EXEc:\windows\SYSTEM32\wscntfy.exe.**************************************************************************.Completion time: 2009-08-10 20:32 - machine was rebootedComboFix-quarantined-files.txt 2009-08-10 00:32ComboFix2.txt 2009-08-06 01:39ComboFix3.txt 2009-08-05 19:02ComboFix4.txt 2009-07-25 04:23Pre-Run: 93,263,249,408 bytes freePost-Run: 94,134,419,456 bytes freeCurrent=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4442 --- E O F --- 2009-08-09 11:28Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:38:04 PM, on 8/9/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exeC:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\HPZipm12.exeC:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXEC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\UAService7.exeC:\Program Files\Common Files\Dell\EUSW\Support.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exeC:\WINDOWS\System32\DSentry.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exeC:\WINDOWS\explorer.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dllO2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLLO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dllO4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exeO4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeO4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenterO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnkO9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnkO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: http://www.washingtonpost.comO16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cabO16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CABO16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/Install...ive/HS_live.cabO16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cabO16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cabO16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cabO16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 11, 2009 Root Admin ID:108648 Share Posted August 11, 2009 STEP 01Disable the Spybot Tea Timer - DO NOT continue until you've disabled the Tea TimerDisable TeatimerFirst step: Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol) If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless. If you have Version 1.4, Click on Exit Spybot S&D Resident Second step, For Either Version : Open Spybot S&D Click Mode, choose Advanced Mode Go To the bottom of the Vertical Panel on the Left, Click Tools then, also in left panel, click Resident shows a red/white shield. If your firewall raises a question, say OK In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active OK any prompts. Use File, Exit to terminate Spybot Reboot your machine for the changes to take effect.STEP 02Write down or verify your installation key in your email for Symantec and temporarily fully uninstall the product.(we will re-install it soon so make sure you have the media to reinstall it and the activation key)STEP 03Once you have completed steps 1 and 2 then run the following.Please visit this webpage for instructions for downloading ComboFix to your DESKTOP : how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first.NOTE!!: You must save and run ComboFix.exe on your DESKTOP and not from any other folder.Also, DO NOT click the mouse or launch any other applications while this is running or it may stall the programAdditional links to download the tool:ComboFix.exeComboFix.exeComboFix.exeNote: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.STEP 04Please download the following scanning tool. GMERDownload the randomly named EXE and copy the file to your Desktop. Remember what its name is.Double click on random named exe file and run it.It may take a minute to load and become available.Do not make any changes. Click on the SCAN button and DO NOT use the computer while it's scanning.Once the scan is done click on the SAVE button and browse to your Desktop and save the file as GMER.LOGZip up the GMER.LOG file and save it as gmerlog.zip and attach it to your reply post.DO NOT directly post this log into a reply. You MUST attach it as a .ZIP file.Click OK and quit the GMER program.How To Use Compressed (Zipped) Folders in Windows XPCompress and uncompress files (zip files) in Vista Link to post Share on other sites More sharing options...
webdeb59 Posted August 11, 2009 Author ID:108731 Share Posted August 11, 2009 Here are the CombFix file and HJT. The GMER file is attached as instructed.ComboFix 09-08-10.05 - Deborah Chase 08/11/2009 6:53.4.2 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.225 [GMT -4:00]Running from: c:\documents and settings\Deborah Chase\Desktop\ComboFix.exe * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\recycler\NPROTECTc:\windows\Installer\347d13.msi.((((((((((((((((((((((((( Files Created from 2009-07-11 to 2009-08-11 ))))))))))))))))))))))))))))))).2009-08-05 19:04 . 2009-08-05 19:04 -------- d-----w- c:\program files\Trend Micro2009-08-04 23:06 . 2009-08-04 23:06 152576 ----a-w- c:\documents and settings\Deborah Chase\Application Data\Sun\Java\jre1.6.0_15\lzma.dll2009-08-02 03:23 . 2009-08-02 03:23 -------- d-----w- C:\Symlogs2009-08-02 02:10 . 2009-04-03 15:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys2009-08-02 02:10 . 2008-12-18 16:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys2009-08-02 02:10 . 2009-08-02 02:10 -------- d-----w- c:\program files\Common Files\PC Tools2009-08-02 02:10 . 2009-08-02 02:10 -------- d-----w- c:\program files\PC Tools AntiVirus2009-08-01 19:14 . 2009-08-01 19:14 -------- d-----w- c:\program files\ERUNT2009-07-30 04:34 . 2009-07-31 01:51 -------- d-----w- c:\documents and settings\Deborah Chase\Local Settings\Application Data\Deployment2009-07-30 02:22 . 2009-07-30 02:22 -------- d-----w- c:\program files\Lavalys2009-07-27 17:44 . 2009-07-27 17:44 10134 ----a-r- c:\documents and settings\Deborah Chase\Application Data\Microsoft\Installer\{4CCC7F68-A437-4559-A840-F5E010934951}\ARPPRODUCTICON.exe2009-07-27 16:06 . 2009-08-11 10:42 -------- d-----w- c:\documents and settings\Deborah Chase\Local Settings\Application Data\Symantec2009-07-26 01:11 . 2009-08-02 20:24 -------- d-----w- c:\program files\Spybot - Search & Destroy2009-07-25 06:06 . 2009-08-11 10:45 -------- d-----w- c:\program files\Symantec2009-07-25 02:25 . 2009-07-25 02:25 -------- d-sh--w- c:\documents and settings\Administrator.DEB\PrivacIE2009-07-25 02:24 . 2009-07-25 02:24 -------- d-sh--w- c:\documents and settings\Administrator.DEB\IETldCache2009-07-23 16:18 . 2009-07-23 16:18 152576 ----a-w- c:\documents and settings\Deborah Chase\Application Data\Sun\Java\jre1.6.0_14\lzma.dll2009-07-23 15:54 . 2009-07-23 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink2009-07-23 15:53 . 2009-07-23 15:53 -------- d-----w- c:\program files\Common Files\CyberLink2009-07-23 15:51 . 2009-07-25 03:06 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-08-11 10:46 . 2004-05-29 03:04 -------- d-----w- c:\program files\Common Files\Symantec Shared2009-08-11 10:45 . 2004-05-29 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec2009-08-11 10:37 . 2009-06-13 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton2009-08-06 00:45 . 2009-01-29 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2009-08-04 23:08 . 2004-05-29 02:43 -------- d-----w- c:\program files\Java2009-08-02 20:49 . 2005-07-28 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2009-08-01 22:46 . 2007-05-05 15:12 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software2009-08-01 22:46 . 2004-05-29 02:52 -------- d--h--w- c:\program files\InstallShield Installation Information2009-07-27 19:00 . 2004-07-02 21:25 -------- d-----w- c:\documents and settings\Deborah Chase\Application Data\Symantec2009-07-27 18:22 . 2009-06-13 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller2009-07-27 17:44 . 2004-07-02 21:41 -------- d-----w- c:\program files\HP2009-07-26 23:59 . 2009-03-16 01:59 -------- d-----w- c:\documents and settings\Deborah Chase\Application Data\OfficeUpdate122009-07-25 09:23 . 2008-11-10 18:44 411368 ----a-w- c:\windows\system32\deploytk.dll2009-07-25 03:41 . 2009-01-29 13:55 -------- d-----w- c:\documents and settings\Deborah Chase\Application Data\Malwarebytes2009-07-25 03:07 . 2004-05-29 02:54 -------- d-----w- c:\program files\CyberLink2009-07-23 15:51 . 2008-07-10 16:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP2009-07-23 15:50 . 2003-12-06 03:11 353576 ----a-w- c:\windows\system32\msvcr71.dll2009-07-23 15:50 . 2003-12-06 03:11 505128 ----a-w- c:\windows\system32\msvcp71.dll2009-07-23 15:50 . 2003-12-06 03:09 29480 ----a-w- c:\windows\system32\msxml3a.dll2009-07-05 12:31 . 2009-07-05 12:31 -------- d-----w- c:\program files\OverDrive Media Console2009-07-03 17:09 . 2004-08-24 00:32 915456 ----a-w- c:\windows\system32\wininet.dll2009-06-30 00:07 . 2009-03-16 01:59 264704 ------w- c:\documents and settings\Deborah Chase\Application Data\OfficeUpdate12\oudetect.dll2009-06-16 14:36 . 2002-08-29 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll2009-06-16 14:36 . 2002-08-29 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll2009-06-14 10:16 . 2009-06-13 21:22 -------- d-----w- c:\program files\Windows Installer Clean Up2009-06-13 21:22 . 2008-08-05 02:47 -------- d-----w- c:\program files\MSECache2009-06-13 19:35 . 2009-01-31 00:01 664 ----a-w- c:\windows\system32\d3d9caps.dat2009-06-13 19:23 . 2009-06-13 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee2009-06-13 16:40 . 2004-07-02 21:25 108664 ----a-w- c:\documents and settings\Deborah Chase\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2009-06-13 15:32 . 2007-02-02 05:08 -------- d-----w- c:\program files\Yahoo!2009-06-13 12:52 . 2009-06-13 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings2009-06-03 19:09 . 2003-05-30 14:00 1291264 ----a-w- c:\windows\system32\quartz.dll2009-06-03 00:49 . 2009-06-03 00:49 390664 ----a-w- c:\documents and settings\Deborah Chase\Application Data\Real\RealPlayer\Update\RealPlayer11.exe.((((((((((((((((((((((((((((( SnapShot@2009-08-05_18.53.39 ))))))))))))))))))))))))))))))))))))))))).+ 2009-08-11 10:50 . 2009-08-11 10:50 16384 c:\windows\temp\Perflib_Perfdata_e8.dat+ 2009-03-20 15:48 . 2009-03-20 15:48 183808 c:\windows\Installer\b4b05.msp.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584]"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-12-06 50688]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-08 185896]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoViewOnDrive"= 0 (0x0)[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ ????\0[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"YahooAUService"=2 (0x2)"VSS"=3 (0x3)"RSVP"=3 (0x3)"aspnet_state"=3 (0x3)"Apple Mobile Device"=2 (0x2)"Alerter"=2 (0x2)"Adobe LM Service"=3 (0x3)[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"="c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016"500:UDP"= 500:UDP:@xpsp2res.dll,-22017R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [8/1/2009 10:10 PM 130936]S3 MotDev;Motorola Inc. USB Device;c:\windows\SYSTEM32\DRIVERS\motodrv.sys [8/26/2008 3:22 PM 42112]S4 Intacd;Intacd; [x][HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12..------- Supplementary Scan -------.uStart Page = hxxp://www.yahoo.com/mWindow Title = Microsoft Internet Explorer provided by ComcastmSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.htmluInternet Connection Wizard,ShellNext = iexploreuSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.comTrusted Zone: washingtonpost.com\wwwDPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cabDPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} - hxxp://www.shockwave.com/content/ballistik/sis/slgwebinstall.cabDPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - hxxp://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-08-11 07:02Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???x???x???????????????????x???8???????x???x???????????x???????????x???x????????????????????????????????????????D?w????????????7??w????x???x?????????????? scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2009-08-11 7:06ComboFix-quarantined-files.txt 2009-08-11 11:06ComboFix2.txt 2009-08-10 00:32ComboFix3.txt 2009-08-06 01:39ComboFix4.txt 2009-08-05 19:02ComboFix5.txt 2009-08-11 10:52Pre-Run: 94,270,242,816 bytes freePost-Run: 94,768,054,272 bytes free160 --- E O F --- 2009-08-09 11:28Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:08:03 AM, on 8/11/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Dell\EUSW\Support.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\System32\DSentry.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\HPZipm12.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\UAService7.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\explorer.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exeO4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeO4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenterO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk (file missing)O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: http://www.washingtonpost.comO16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cabO16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CABO16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/Install...ive/HS_live.cabO16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cabO16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cabO16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cabO16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games gmerlog.zipgmerlog.zip Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 12, 2009 Root Admin ID:109147 Share Posted August 12, 2009 Please run the following now.1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel or from the Start Menu2. Restart your computer (very important).3. Download and run this utility. http://www.malwarebytes.org/mbam-clean.exe4. It will ask to restart your computer (please allow it to).5. After the computer restarts, install the latest version from here. http://www.malwarebytes.org/mbam-download.phpNote: You will need to reactivate the program using the license you were sent if this is a paid versionLaunch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.Then do a Quick Scan and post back that log or if you run into any errors please let me know what they are. Link to post Share on other sites More sharing options...
webdeb59 Posted August 12, 2009 Author ID:109154 Share Posted August 12, 2009 I have done exactly as instructed and still get VbAccelerator SGrid II Control Run-time Error 0 and Malwarebytes' Anti-Malware Run-time Error 440 Automation Error they pop up sequentially at least four times starting at the end of the installation. Then when I try to run the software it pops up again 4 more times. This is exactly what was happening when I first posted. Nothing has changed. Did I do something wrong? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 13, 2009 Root Admin ID:109393 Share Posted August 13, 2009 No, it's just that some setting or software on your computer seems to be in conflict with installing MBAM and we need to try and track down what might be causing that.Let me review a few things and I'll try to post back some more things to try later tonight if you still want to continue. This may require temporarily removing your Anti-Virus so make sure you have the registration key for the product if needed. Link to post Share on other sites More sharing options...
webdeb59 Posted August 13, 2009 Author ID:109491 Share Posted August 13, 2009 No, it's just that some setting or software on your computer seems to be in conflict with installing MBAM and we need to try and track down what might be causing that.Let me review a few things and I'll try to post back some more things to try later tonight if you still want to continue. This may require temporarily removing your Anti-Virus so make sure you have the registration key for the product if needed.Thanks Ron,I definitely want to continue, please. Your help is very much appreciated.In an earlier instruction you had me remove Norton which I did and have been accessing the Internet in Safe Mode w/Networking to get your further instructions.Thanks for all your help.Deb Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 13, 2009 Root Admin ID:109766 Share Posted August 13, 2009 Okay then, let's get started. Please read all of the steps and if possible print them out so that you know what you're doing before you get started.If you have any questions or concerns before getting started please let me know.STEP 01Well the removal process from Symantec leaves a LOT of stuff behind and still active. Please download and run this tool to fully remove Symantec AVftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exeSTEP 02Please FULLY remove Spybot - Search & Destroy for now. (we can reinstall when all done)STEP 03Please FULLY remove PC Tools for now. (we can reinstall when all done)STEP 04Please click on START - RUN and type in the exact command below or start regedit and go to this key and remove it.CMD /K REG DELETE "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services"STEP 05Click on START - RUN and copy / paste the entry below into the run line and click OKCMD /C NETSH FIREWALL RESETClick on START - RUN and copy / paste the entry below into the run line and click OKCMD /C NETSH int ip reset c:\resetlog.txtSTEP 06RESTART THE COMPUTER nowSTEP 07Once that is completely done removing then run the CCleaner again.Download and install CCleanerCCleaner Double-click on the downloaded file "ccsetup222_slim.exe" and install the application.Keep the default installation folder "C:\Program Files\CCleaner"Click finish when done and close ALL PROGRAMSStart the CCleaner program.Click on Registry and Uncheck Registry Integrity so that it does not run (basically the very top, uncheck it)Click on Options - Advanced and Uncheck "Only delete files in Windows Temp folders older than 48 hours"Click back to Cleaner and under SYSTEM uncheck the Memory Dumps and Windows Log FilesClick on Run Cleaner button on the bottom right side of the program.Click OK to any promptsSTEP 08Please start the computer in NORMAL mode and uninstall, roll back Internet Explorer to IE7 or IE6 whichever was the previous version before the IE8 update.STEP 09Reconfigure Windows XP to show hidden files:To enable the viewing of Hidden files follow these steps: * Close all programs so that you are at your desktop. * Double-click on the My Computer icon. * Select the Tools menu and click Folder Options. * After the new window appears select the View tab. * Put a checkmark in the checkbox labeled Display the contents of system folders. * Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. * Remove the checkmark from the checkbox labeled Hide file extensions for known file types. * Remove the checkmark from the checkbox labeled Hide protected operating system files. * Press the Apply button and then the OK button and exit My Computer. * Now your computer is configured to show all hidden files. STEP 101. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.2. Restart your computer (very important).3. Download and run this utility. http://www.malwarebytes.org/mbam-clean.exe4. It will ask to restart your computer (please allow it to).5. Then browse to these locations and delete the folders if they still exist.C:\Documents and Settings\All Users\Application Data\MalwarebytesC:\Documents and Settings\username\Application Data\MalwarebytesC:\Program Files\Malwarebytes' Anti-MalwareSTEP 11Please download and run the following fix from Microsoft How do I restore security settings to the default settings?When completed please reboot your computer.STEP 12Service Pack 6 for Visual Basic 6.0: Run-Time Redistribution Pack (vbrun60sp6.exe)Brief Description:vbrun60sp6.exe is a self-extracting executable file that installs versions of the Microsoft Visual Basic run-time files required by all applications created with Visual Basic 6.0.Download: vbrun60sp6.exeSTEP 13Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVAThen run this tool to help cleanup any left over JavaYour Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.Please download JavaRa and unzip it to your desktop.***Please close any instances of Internet Explorer (or other web browser) before continuing!***Double-click on JavaRa.exe to start the program.From the drop-down menu, choose English and click on Select.JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.A logfile will pop up. Please save it to a convenient location and post it back when you replyThen look for the following Java folders and if found delete them.C:\Program Files\JavaC:\Program Files\Common Files\JavaC:\Windows\SunC:\Documents and Settings\All Users\Application Data\JavaC:\Documents and Settings\All Users\Application Data\Sun\JavaC:\Documents and Settings\username\Application Data\JavaC:\Documents and Settings\username\Application Data\Sun\JavaRESTART THE COMPUTER NOWSTEP 14Download and Update Java RuntimeThe most current version of Sun Java is: Java Runtime Environment (JRE) 6 Update 16.Go to http://java.sun.com/javase/downloads/index.jspGo to Java SE Runtime Environment (JRE) - JRE 6 Update 16 about half way down the page and click on the Download button.In Platform box choose Windows.Check the box to Accept License Agreement and click Continue.Click on Windows Offline Installation, click on the link under it which says jre-6u16-windows-i586.exe and save the downloaded file to your desktop.Install the new version by running the newly-downloaded file with the java icon which will be on your desktop, and follow the on-screen instructions.Uncheck the Toolbar button (unless you want the toolbar)Reboot your computerSTEP 15Start in Normal mode and run the following Online AV scanner and post back the log please.Run Eset NOD32 Online AntiVirusNote: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click Start When asked, allow the activex control to installDisable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.Click Start Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checkedClick ScanWait for the scan to finishRe-enable your Anvirisus software.A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post. Link to post Share on other sites More sharing options...
webdeb59 Posted August 13, 2009 Author ID:109804 Share Posted August 13, 2009 Okay Ron,I put my full faith in you! I've downloaded and printed off everything and am on my way home now to attack my PC. Thanks again for all your help. I'll be sending you another post in a couple of hours.Sincerely,Deb Link to post Share on other sites More sharing options...
webdeb59 Posted August 14, 2009 Author ID:109884 Share Posted August 14, 2009 Here you go.....I had trouble rolling back ie, but managed to get there. Also, I don't have anti-virus software without reinstalling Norton, so please let me know if there is something else I need to do before reinstalling Norton.JavaRa LogJavaRa 1.15 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Thu Aug 13 21:48:02 2009Found and removed: C:\Documents and Settings\Deborah Chase\Application Data\Sun\Java\jre1.6.0_13Found and removed: C:\Windows\System32\jpicpl32.cplFound and removed: SOFTWARE\Classes\JavaSoft.JavaBeansBridgeFound and removed: SOFTWARE\Classes\JavaSoft.JavaBeansBridge.1Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\javaw.ExeFound and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4Found and removed: Software\JavaSoft\Java2D\1.5.0_02Found and removed: Software\JavaSoft\Java2D\1.5.0_04Found and removed: Software\JavaSoft\Java2D\1.5.0_06Found and removed: Software\JavaSoft\Java2D\1.5.0_09Found and removed: SOFTWARE\Classes\JavaPlugin.150_09Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\JavaPlugin.141Found and removed: SOFTWARE\Classes\JavaPlugin.142Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.1Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.1Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}Found and removed: Software\Classes\JavaPlugin.141Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}Found and removed: C:\Program Files\JavaSoft------------------------------------Finished reporting.Eset LogESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=6# iexplore.exe=7.00.6000.16827 (vista_gdr.090226-1506)# OnlineScanner.ocx=1.0.0.6048# api_version=3.0.2# EOSSerial=2dd81657286cd14abf01df58056b9b52# end=finished# remove_checked=false# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2009-08-14 02:50:32# local_time=2009-08-13 10:50:32 (-0500, Eastern Daylight Time)# country="United States"# lang=1033# osver=5.1.2600 NT Service Pack 3# scanned=125866# found=2# cleaned=0# scan_time=2546C:\Documents and Settings\Deborah Chase\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Deleted Items.dbx HTML/TrojanSpy.Bayfraud.CO trojan 00000000000000000000000000000000 IC:\Documents and Settings\Deborah Chase\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Inbox.dbx multiple threats 00000000000000000000000000000000 INext??? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 14, 2009 Root Admin ID:109955 Share Posted August 14, 2009 quite late and time to get to bed. Just hang in there and I'll respond with next instructions in the morning. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 14, 2009 Root Admin ID:110228 Share Posted August 14, 2009 Please run the following scanner so that I can see what it thinks is still possibly there.Are you sure you ran STEPS 11 and 12 without any errors?Did you use the special tool from Symantec to finish up the full removal?What about step 8? Are you on IE6 now or IE7 ?Download DDS and save it to your desktophttp://download.bleepingcomputer.com/sUBs/dds.scrDisable any script blocker if your Anti-Virus/Anti-Malware has it.Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.Then double click dds.scr to run the tool.When done, the DDS.txt will open.Click Yes at the next prompt for Optional Scan.When done, DDS will open two (2) logs:DDS.txtAttach.txtSave both reports to your desktopPlease include the following logs in your next reply: DDS.txt and Attach.txt Link to post Share on other sites More sharing options...
webdeb59 Posted August 15, 2009 Author ID:110236 Share Posted August 15, 2009 Please run the following scanner so that I can see what it thinks is still possibly there. Done, logs included although the attach.txt was supposed to be attached rather than included in the post. Please let me know if I need to repost.Are you sure you ran STEPS 11 and 12 without any errors? YesDid you use the special tool from Symantec to finish up the full removal? I think so...I did exactly what your instructions said to do.What about step 8? Are you on IE6 now or IE7 ? I am on IE7 now which was the version prior to upgrading to IE8DDS (Ver_09-07-30.01) - NTFSx86 Run by Deborah Chase at 20:11:30.82 on Fri 08/14/2009Internet Explorer: 7.0.5730.11Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.204 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Dell\EUSW\Support.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\System32\DSentry.exeC:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exesvchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\HPZipm12.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\WINDOWS\system32\UAService7.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\wuauclt.exeC:\Documents and Settings\Deborah Chase\Desktop\dds.scrC:\WINDOWS\SoftwareDistribution\Download\5d36f2aa7b9a0b7eeabfa4c3afb200cb\update\update.exe============== Pseudo HJT Report ===============uStart Page = hxxp://www.yahoo.com/uWindow Title = Microsoft Internet Explorer provided by ComcastmStart Page = hxxp://www.google.commWindow Title = Microsoft Internet Explorer provided by ComcastmSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.htmluInternet Connection Wizard,ShellNext = iexploreuSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.comBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRunOnce: [<NO NAME>] c:\program files\internet explorer\IEXPLORE.EXE http://www.symantec.com/techsupp/servlet/P...00001A.000000B7mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exemRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exemRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -startmRun: [intelMeM] c:\program files\intel\modem event monitor\IntelMEM.exemRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"mRun: [DVDSentry] c:\windows\system32\DSentry.exemRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcentermRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osbootmRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"uPolicies-explorer: NoViewOnDrive = 0 (0x0)IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLLTrusted Zone: washingtonpost.com\wwwDPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cabDPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cabDPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CABDPF: {01CA75F1-054B-4A63-9221-C6926369EC52} - hxxp://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cabDPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cabDPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cabDPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cabDPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cabDPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - hxxp://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cabDPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cabDPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cabDPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cabDPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cabDPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} - hxxp://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cabDPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233345024093DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabDPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cabDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233238421843DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} - hxxp://www.shockwave.com/content/ballistik/sis/slgwebinstall.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cabDPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cabDPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - hxxp://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cabDPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cabDPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cabDPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cabDPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cabDPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cabHandler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dllHandler: G7PS - {9EACF0FB-4FC7-436E-989B-3197142AD979} - c:\windows\system32\G7PS.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll============= SERVICES / DRIVERS ===============R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-8-1 130936]S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-8-11 66056]S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-8-26 42112]S4 Intacd;Intacd; [x]S4 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]=============== Created Last 30 ================2009-08-13 22:03 <DIR> --d----- c:\program files\ESET2009-08-13 21:58 73,728 a------- c:\windows\system32\javacpl.cpl2009-08-13 21:44 <DIR> --d----- C:\msvb2009-08-13 21:12 2,105,344 a------- c:\windows\system32\secsetup.sdb2009-08-13 20:36 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx2009-08-13 20:35 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll2009-08-13 20:28 <DIR> --d----- c:\program files\CCleaner2009-08-11 09:25 22 a------- C:\New Compressed (zipped) Folder.zip2009-08-05 15:04 <DIR> --d----- c:\program files\Trend Micro2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll2009-08-01 23:23 <DIR> --d----- C:\Symlogs2009-08-01 22:10 130,936 a------- c:\windows\system32\drivers\PCTCore.sys2009-08-01 22:10 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys2009-07-30 22:01 0 a------- c:\windows\exctrlst.INI2009-07-29 22:25 45 a------- c:\windows\system32\initdebug.nfo2009-07-29 22:22 <DIR> --d----- c:\program files\Lavalys2009-07-25 00:20 <DIR> --d----- c:\windows\system32\dllcache\cache2009-07-25 00:01 <DIR> a-dshr-- C:\cmdcons2009-07-24 23:59 216,064 a------- c:\windows\PEV.exe2009-07-24 23:59 161,792 a------- c:\windows\SWREG.exe2009-07-24 23:59 98,816 a------- c:\windows\sed.exe2009-07-23 11:53 <DIR> --d----- c:\program files\common files\CyberLink2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll==================== Find3M ====================2009-08-13 21:58 411,368 a------- c:\windows\system32\deploytk.dll2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll2009-07-23 11:50 505,128 a------- c:\windows\system32\msvcp71.dll2009-07-23 11:50 353,576 a------- c:\windows\system32\msvcr71.dll2009-07-23 11:50 29,480 a------- c:\windows\system32\msxml3a.dll2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\cache\mshtml.dll2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll2009-07-13 23:43 10,841,088 a------- c:\windows\system32\dllcache\wmp.dll2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll2009-07-13 23:43 286,208 a------- c:\windows\system32\dllcache\wmpdxm.dll2009-07-03 13:09 915,456 a------- c:\windows\system32\dllcache\cache\wininet.dll2009-07-03 13:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll2009-07-03 13:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe2009-06-12 08:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll2009-06-10 10:13 84,992 -------- c:\windows\system32\dllcache\avifil32.dll2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll2009-06-10 09:19 2,066,432 -------- c:\windows\system32\dllcache\mstscax.dll2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll2009-06-10 02:14 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll2009-06-03 15:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll2009-02-20 23:41 34 a------- c:\documents and settings\deborah chase\jagex_runescape_preferences.dat2005-08-04 22:37 22,502 a------- c:\docume~1\debora~1\applic~1\wklnhst.dat2008-06-02 15:04 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008060220080603\index.dat============= FINISH: 20:12:26.89 ===============Attach.zip Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 15, 2009 Root Admin ID:110302 Share Posted August 15, 2009 STEP 01Please click on START - RUN and type in or copy/paste the following into the run line and click OKCMD /K SC DELETE PCTCoreThen let me know what it says.STEP 02Please click on START - RUN and type in or copy/paste the following into the run line and click OKCMD /K SC DELETE YahooAUServiceThen let me know what it says.STEP 03Please click on START - RUN and type in or copy/paste the following into the run line and click OKCMD /K SC DELETE IntacdThen let me know what it says.STEP 04Go into your Control Panel, Add/Remove and please remove the following software at least temporarily.DVDSentryESET Online Scanner v3Shockwave (I think this is the older version)Windows Live OneCare safety scannerSTEP 05Please click on START - RUN and type in or copy/paste the following into the run line and click OKCMD /K reg query HKEY_LOCAL_MACHINE\SYSTEM\Setup /v SystemPartitionThen let me know what it says.(it should look something like this)HKEY_LOCAL_MACHINE\SYSTEM\Setup SystemPartition REG_SZ \Device\HarddiskVolume1STEP 06Please download and run this program: Dial-a-fixLet me know if any errors pop up or not. Link to post Share on other sites More sharing options...
webdeb59 Posted August 15, 2009 Author ID:110341 Share Posted August 15, 2009 STEP 01Please click on START - RUN and type in or copy/paste the following into the run line and click OKCMD /K SC DELETE PCTCoreThen let me know what it says.[sC] DeleteService SUCCESSSTEP 02Please click on START - RUN and type in or copy/paste the following into the run line and click OKCMD /K SC DELETE YahooAUServiceThen let me know what it says.[sC] DeleteService SUCCESSSTEP 03Please click on START - RUN and type in or copy/paste the following into the run line and click OKCMD /K SC DELETE IntacdThen let me know what it says.[sC] DeleteService SUCCESSSTEP 04Go into your Control Panel, Add/Remove and please remove the following software at least temporarily.DVDSentryESET Online Scanner v3Shockwave (I think this is the older version)Windows Live OneCare safety scannerSTEP 05Please click on START - RUN and type in or copy/paste the following into the run line and click OKCMD /K reg query HKEY_LOCAL_MACHINE\SYSTEM\Setup /v SystemPartitionThen let me know what it says.(it should look something like this)HKEY_LOCAL_MACHINE\SYSTEM\Setup SystemPartition REG_SZ \Device\HarddiskVolume1SystemPartition REG_SZ \Device\Harddisk Volume2STEP 06Please download and run this program: Dial-a-fixLet me know if any errors pop up or not.Before the program ran a pop up came up with the following note:regsvr32.exe was not found in C:\WINDOWS\System32. This will not affect Dial-a-fix but it will affect the installation of other programs. It is suggested that you extract this file from your installation media. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 15, 2009 Root Admin ID:110487 Share Posted August 15, 2009 Do you have the Windows XP CD to expand that file back to the system or another computer running the same version of Windows that you can get a copy of regsvr32.exe and copy it to your system? Link to post Share on other sites More sharing options...
webdeb59 Posted August 15, 2009 Author ID:110490 Share Posted August 15, 2009 Do you have the Windows XP CD to expand that file back to the system or another computer running the same version of Windows that you can get a copy of regsvr32.exe and copy it to your system?I don't have one available until Monday at the office but can't I get it online? Link to post Share on other sites More sharing options...
webdeb59 Posted August 15, 2009 Author ID:110494 Share Posted August 15, 2009 I don't have one available until Monday at the office but can't I get it online?I ran a search for the file and found three instances of it already:C:\I386C:\WINDOWS\ServicePackFiles\i386C:\ProgramFiles\Intuit\Quick books 2005\components\PConfig\Data1.cabCan any of these be used?Deb Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 16, 2009 Root Admin ID:110968 Share Posted August 16, 2009 Yes, please use the one that is the newest version and copy it to C:\WINDOWS\SYSTEM32 and then download a NEW installer of MBAM 1.40 and try to re-install the program now. Link to post Share on other sites More sharing options...
webdeb59 Posted August 16, 2009 Author ID:110982 Share Posted August 16, 2009 Ron, thank you soooooo much!!! That did the trick. I was able to install the program and ran a full scann with no infections. You are awsome! Thanks so much for your patience and persistence.Is there anything else you would recommend I do?DebMalwarebytes' Anti-Malware 1.40Database version: 2636Windows 5.1.2600 Service Pack 38/16/2009 7:52:48 PMmbam-log-2009-08-16 (19-52-48).txtScan type: Full Scan (C:\|)Objects scanned: 245108Time elapsed: 34 minute(s), 33 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 17, 2009 Root Admin ID:111059 Share Posted August 17, 2009 Yes, you need to put back your Anti-Virus (though I'd recommend switching to Avira myself as I'm not a big fan of Symantec AV, but that's up to you) then any of the other security software we removed if you want it back.Thank you and I hope all is okay now. Link to post Share on other sites More sharing options...
Recommended Posts