|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
08-16-2007, 10:30 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jul 2007
Posts: 57
OS: XP
|
Dell issues
Here is the HJT log I was asked to post. I can't seem to get all the symantec files out.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:28:19 PM, on 8/23/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: 207.44.240.65 ads.x10.com O1 - Hosts: 207.44.240.65 images.x10.com O1 - Hosts: 207.44.240.65 count.exitexchange.com O1 - Hosts: 207.44.240.65 servedby.netadvertising.com O1 - Hosts: 207.44.240.65 images.trafficmp.com O1 - Hosts: 207.44.240.65 ad.uk.doubleclick.net O1 - Hosts: 207.44.240.65 ad.ca.doubleclick.net O1 - Hosts: 207.44.240.65 ads.specificpop.com O1 - Hosts: 207.44.240.65 ads.specificclick.com O1 - Hosts: 207.44.240.65 ads.popupsponsor.com O1 - Hosts: 207.44.240.65 adfarm.mediaplex.com O1 - Hosts: 207.44.240.65 media1.fastclick.net O1 - Hosts: 207.44.240.65 media19.fastclick.net O1 - Hosts: 207.44.240.65 media28.fastclick.net O1 - Hosts: 207.44.240.65 media29.fastclick.net O1 - Hosts: 207.44.240.65 media39.fastclick.net O1 - Hosts: 207.44.240.65 adserv.internetfuel.com O1 - Hosts: 207.44.240.65 www.satellitepop.com O1 - Hosts: 207.44.240.65 count.exitexchange.com O1 - Hosts: 207.44.240.65 z1.adserver.com O1 - Hosts: 207.44.240.65 view.atdmt.com O1 - Hosts: 207.44.240.65 servedfor.valuead.com O1 - Hosts: 207.44.240.65 banners.valuead.com O1 - Hosts: 207.44.240.65 img.mediaplex.com O1 - Hosts: 207.44.240.65 ln.doubleclick.net O1 - Hosts: 207.44.240.65 m2.doubleclick.net O1 - Hosts: 207.44.240.65 m.doubleclick.net O1 - Hosts: 207.44.240.65 ad.doubleclick.net O1 - Hosts: 207.44.240.65 media28.fastclick.net O1 - Hosts: 207.44.240.65 media39.fastclick.net O1 - Hosts: 207.44.240.65 popuptraffic.com O1 - Hosts: 207.44.240.65 leader.linkexchange.com O1 - Hosts: 207.44.240.65 view.atdmt.com O1 - Hosts: 207.44.240.65 iv.doubleclick.net O1 - Hosts: 207.44.240.65 focusin.ads.targetnet.com O1 - Hosts: 207.44.240.65 a.tribalfusion.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: symsupportutil - https://www-secure.symantec.com/tech...upportutil.CAB O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/995...TunesSetup.exe O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/tech...rl/tgctlsi.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...rl/tgctlsr.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/26336d45...p/RdxIE601.cab O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/inst...l/pinstall.cab O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/bi.../GoogleNav.cab O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://16755.dialer.lincassa.com/ParisVoyeur.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yaho...bio5_1_2_0.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe O24 - Desktop Component 0: (no name) - http://www.wyeth.com/root_images/home_center_image.gif -- End of file - 8131 bytes |
|
     
|
|
08-16-2007, 11:29 PM
|
#2 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 19,747
OS: WinXP and Vista
|
Re: Dell issues
Hello Poppygirl,
You've got a bit more going on here than just leftover Symantec.  Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. Also be sure to carry out the instructions in the sequence listed below. *************************************************** Close any open browsers. -------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries: All of those O1 entries: O1 - Hosts: 207.44.240.65 ads.x10.com O1 - Hosts: 207.44.240.65 images.x10.com O1 - Hosts: 207.44.240.65 count.exitexchange.com O1 - Hosts: 207.44.240.65 servedby.netadvertising.com O1 - Hosts: 207.44.240.65 images.trafficmp.com O1 - Hosts: 207.44.240.65 ad.uk.doubleclick.net O1 - Hosts: 207.44.240.65 ad.ca.doubleclick.net O1 - Hosts: 207.44.240.65 ads.specificpop.com O1 - Hosts: 207.44.240.65 ads.specificclick.com O1 - Hosts: 207.44.240.65 ads.popupsponsor.com O1 - Hosts: 207.44.240.65 adfarm.mediaplex.com O1 - Hosts: 207.44.240.65 media1.fastclick.net O1 - Hosts: 207.44.240.65 media19.fastclick.net O1 - Hosts: 207.44.240.65 media28.fastclick.net O1 - Hosts: 207.44.240.65 media29.fastclick.net O1 - Hosts: 207.44.240.65 media39.fastclick.net O1 - Hosts: 207.44.240.65 adserv.internetfuel.com O1 - Hosts: 207.44.240.65 www.satellitepop.com O1 - Hosts: 207.44.240.65 count.exitexchange.com O1 - Hosts: 207.44.240.65 z1.adserver.com O1 - Hosts: 207.44.240.65 view.atdmt.com O1 - Hosts: 207.44.240.65 servedfor.valuead.com O1 - Hosts: 207.44.240.65 banners.valuead.com O1 - Hosts: 207.44.240.65 img.mediaplex.com O1 - Hosts: 207.44.240.65 ln.doubleclick.net O1 - Hosts: 207.44.240.65 m2.doubleclick.net O1 - Hosts: 207.44.240.65 m.doubleclick.net O1 - Hosts: 207.44.240.65 ad.doubleclick.net O1 - Hosts: 207.44.240.65 media28.fastclick.net O1 - Hosts: 207.44.240.65 media39.fastclick.net O1 - Hosts: 207.44.240.65 popuptraffic.com O1 - Hosts: 207.44.240.65 leader.linkexchange.com O1 - Hosts: 207.44.240.65 view.atdmt.com O1 - Hosts: 207.44.240.65 iv.doubleclick.net O1 - Hosts: 207.44.240.65 focusin.ads.targetnet.com O1 - Hosts: 207.44.240.65 a.tribalfusion.com Click 'Fix Checked' and close HijackThis. -------------------------------------------------------------------- Reboot your system. -------------------------------------------------------------------- Here is a guide for uninstalling Norton, including uninstallers. Be sure to use the uninstaller for the version of Norton/Symantec that is active on your system. http://basconotw.mvps.org/SymRem.htm -------------------------------------------------------------------- Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course: Perform an online scan with Internet Explorer with Panda ActiveScan
* Turn off the real time scanner of any existing antivirus program while performing the online scan -------------------------------------------------------------------- Lastly, as noted in our sticky topic (Updated!) IMPORTANT - Read This Before Posting A Log.... Download Deckard's System Scanner (DSS) to your Desktop. What DSS will do:
Note: You must be logged onto an account with administrator privileges.
Please include the following in your next reply: Panda results main.txt an attached extra.txt |
|
|
|
|
08-23-2007, 10:03 PM
|
#3 (permalink) |
|
Registered User
Join Date: Jul 2007
Posts: 57
OS: XP
|
Re: Dell issues
Here are the HJK and DSS logfiles.
Deckard's System Scanner v20070819.64 Run by Daniel F. Cellucci on 2007-08-28 12:22:52 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 16: 2007-08-28 16:23:10 UTC - RP1226 - Deckard's System Scanner Restore Point 15: 2007-08-26 19:16:41 UTC - RP1225 - System Checkpoint 14: 2007-08-25 18:22:23 UTC - RP1224 - System Checkpoint 13: 2007-08-24 17:48:24 UTC - RP1223 - System Checkpoint 12: 2007-08-23 17:19:10 UTC - RP1222 - System Checkpoint -- First Restore Point -- 1: 2007-08-13 17:00:37 UTC - RP1211 - Software Distribution Service 3.0 Backed up registry hives. Performed disk cleanup. Total Physical Memory: 510 MiB (512 MiB recommended). -- HijackThis (run as Daniel F. Cellucci.exe) ---------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:28:19 PM, on 8/23/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: 207.44.240.65 ads.x10.com O1 - Hosts: 207.44.240.65 images.x10.com O1 - Hosts: 207.44.240.65 count.exitexchange.com O1 - Hosts: 207.44.240.65 servedby.netadvertising.com O1 - Hosts: 207.44.240.65 images.trafficmp.com O1 - Hosts: 207.44.240.65 ad.uk.doubleclick.net O1 - Hosts: 207.44.240.65 ad.ca.doubleclick.net O1 - Hosts: 207.44.240.65 ads.specificpop.com O1 - Hosts: 207.44.240.65 ads.specificclick.com O1 - Hosts: 207.44.240.65 ads.popupsponsor.com O1 - Hosts: 207.44.240.65 adfarm.mediaplex.com O1 - Hosts: 207.44.240.65 media1.fastclick.net O1 - Hosts: 207.44.240.65 media19.fastclick.net O1 - Hosts: 207.44.240.65 media28.fastclick.net O1 - Hosts: 207.44.240.65 media29.fastclick.net O1 - Hosts: 207.44.240.65 media39.fastclick.net O1 - Hosts: 207.44.240.65 adserv.internetfuel.com O1 - Hosts: 207.44.240.65 www.satellitepop.com O1 - Hosts: 207.44.240.65 count.exitexchange.com O1 - Hosts: 207.44.240.65 z1.adserver.com O1 - Hosts: 207.44.240.65 view.atdmt.com O1 - Hosts: 207.44.240.65 servedfor.valuead.com O1 - Hosts: 207.44.240.65 banners.valuead.com O1 - Hosts: 207.44.240.65 img.mediaplex.com O1 - Hosts: 207.44.240.65 ln.doubleclick.net O1 - Hosts: 207.44.240.65 m2.doubleclick.net O1 - Hosts: 207.44.240.65 m.doubleclick.net O1 - Hosts: 207.44.240.65 ad.doubleclick.net O1 - Hosts: 207.44.240.65 media28.fastclick.net O1 - Hosts: 207.44.240.65 media39.fastclick.net O1 - Hosts: 207.44.240.65 popuptraffic.com O1 - Hosts: 207.44.240.65 leader.linkexchange.com O1 - Hosts: 207.44.240.65 view.atdmt.com O1 - Hosts: 207.44.240.65 iv.doubleclick.net O1 - Hosts: 207.44.240.65 focusin.ads.targetnet.com O1 - Hosts: 207.44.240.65 a.tribalfusion.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: symsupportutil - https://www-secure.symantec.com/tech...upportutil.CAB O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/995...TunesSetup.exe O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/tech...rl/tgctlsi.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...rl/tgctlsr.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/26336d45...p/RdxIE601.cab O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/inst...l/pinstall.cab O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/bi.../GoogleNav.cab O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://16755.dialer.lincassa.com/ParisVoyeur.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yaho...bio5_1_2_0.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe O24 - Desktop Component 0: (no name) - http://www.wyeth.com/root_images/home_center_image.gif -- End of file - 8131 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20070812-084532-125 O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file) backup-20070812-084532-668 O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) backup-20070827-114654-102 O1 - Hosts: 207.44.240.65 ad.uk.doubleclick.net backup-20070827-114654-105 O1 - Hosts: 207.44.240.65 count.exitexchange.com backup-20070827-114654-171 O1 - Hosts: 207.44.240.65 banners.valuead.com backup-20070827-114654-179 O1 - Hosts: 207.44.240.65 focusin.ads.targetnet.com backup-20070827-114654-199 O1 - Hosts: 207.44.240.65 servedby.netadvertising.com backup-20070827-114654-229 O1 - Hosts: 207.44.240.65 servedfor.valuead.com backup-20070827-114654-301 O1 - Hosts: 207.44.240.65 ad.ca.doubleclick.net backup-20070827-114654-334 O1 - Hosts: 207.44.240.65 www.satellitepop.com backup-20070827-114654-346 O1 - Hosts: 207.44.240.65 media19.fastclick.net backup-20070827-114654-393 O1 - Hosts: 207.44.240.65 adfarm.mediaplex.com backup-20070827-114654-502 O1 - Hosts: 207.44.240.65 ln.doubleclick.net backup-20070827-114654-517 O1 - Hosts: 207.44.240.65 view.atdmt.com backup-20070827-114654-566 O1 - Hosts: 207.44.240.65 a.tribalfusion.com backup-20070827-114654-609 O1 - Hosts: 207.44.240.65 img.mediaplex.com backup-20070827-114654-656 O1 - Hosts: 207.44.240.65 ads.popupsponsor.com backup-20070827-114654-679 O1 - Hosts: 207.44.240.65 count.exitexchange.com backup-20070827-114654-693 O1 - Hosts: 207.44.240.65 media29.fastclick.net backup-20070827-114654-714 O1 - Hosts: 207.44.240.65 media28.fastclick.net backup-20070827-114654-731 O1 - Hosts: 207.44.240.65 m.doubleclick.net backup-20070827-114654-742 O1 - Hosts: 207.44.240.65 media39.fastclick.net backup-20070827-114654-757 O1 - Hosts: 207.44.240.65 media39.fastclick.net backup-20070827-114654-774 O1 - Hosts: 207.44.240.65 media28.fastclick.net backup-20070827-114654-795 O1 - Hosts: 207.44.240.65 ads.x10.com backup-20070827-114654-806 O1 - Hosts: 207.44.240.65 m2.doubleclick.net backup-20070827-114654-818 O1 - Hosts: 207.44.240.65 iv.doubleclick.net backup-20070827-114654-835 O1 - Hosts: 207.44.240.65 images.trafficmp.com backup-20070827-114654-836 O1 - Hosts: 207.44.240.65 adserv.internetfuel.com backup-20070827-114654-876 O1 - Hosts: 207.44.240.65 view.atdmt.com backup-20070827-114654-899 O1 - Hosts: 207.44.240.65 images.x10.com backup-20070827-114654-901 O1 - Hosts: 207.44.240.65 ads.specificclick.com backup-20070827-114654-908 O1 - Hosts: 207.44.240.65 ads.specificpop.com backup-20070827-114654-916 O1 - Hosts: 207.44.240.65 media1.fastclick.net backup-20070827-114654-923 O1 - Hosts: 207.44.240.65 popuptraffic.com backup-20070827-114654-950 O1 - Hosts: 207.44.240.65 leader.linkexchange.com backup-20070827-114654-955 O1 - Hosts: 207.44.240.65 ad.doubleclick.net backup-20070827-114654-994 O1 - Hosts: 207.44.240.65 z1.adserver.com -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 cdrbsvsd - c:\windows\system32\drivers\cdrbsvsd.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7> R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver> R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.5.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.5.0> S3 EraserUtilRebootDrv - c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys (file missing) S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2007-08-28 12:25:00 592 --a------ C:\WINDOWS\Tasks\NDETECT.job 2007-08-28 03:00:00 522 --a------ C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job -- Files created between 2007-07-28 and 2007-08-28 ----------------------------- 2007-08-22 13:05:18 0 d-------- C:\Program Files\MSXML 6.0 2007-08-17 19:20:49 0 dr-h----- C:\Documents and Settings\Daniel F. Cellucci\Recent 2007-08-15 17:53:38 0 d-------- C:\Program Files\IObit 2007-08-15 12:31:09 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-08-12 10:53:16 0 d-------- C:\WINDOWS\E31C348B63A94CBF8D7FD932ABB63244.TMP 2007-08-12 10:48:34 0 d-------- C:\Program Files\Lavasoft 2007-08-12 10:48:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-08-12 10:46:41 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-12 09:19:49 0 d-------- C:\Documents and Settings\Daniel F. Cellucci\Application Data\AdwareAlert 2007-08-12 09:19:18 0 d-------- C:\Program Files\AdwareAlert 2007-08-12 08:23:09 0 d-------- C:\Program Files\CCleaner 2007-08-12 08:12:11 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64> 2007-08-12 07:18:55 0 d-------- C:\Program Files\MSBuild 2007-08-12 07:11:51 0 d-------- C:\WINDOWS\system32\XPSViewer 2007-08-12 07:10:35 0 d-------- C:\Program Files\Reference Assemblies 2007-08-12 07:08:15 0 d-------- C:\fb7bf94ab66fe424318032a3 2007-08-11 22:52:14 0 d-------- C:\Program Files\Trend Micro -- Find3M Report --------------------------------------------------------------- 2007-08-27 12:40:19 0 d-------- C:\Program Files\QuickTime 2007-08-27 12:37:23 0 d-------- C:\Program Files\Lexmark Fax Solutions 2007-08-27 11:55:39 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-08-12 10:46:41 0 d-------- C:\Program Files\Common Files 2007-08-12 08:32:04 0 d-------- C:\Program Files\lx_cats 2007-08-12 06:13:29 0 d-------- C:\Program Files\SpywareBlaster 2007-07-18 12:11:22 4096 --a------ C:\WINDOWS\system32\sysres.dll 2007-07-18 12:11:20 38567 --a------ C:\WINDOWS\system32\pcpbios.exe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/08/2005 01:47 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM] "Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "1A:Stardock TrayMonitor"= [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "LinkResolveIgnoreLinkInfo"=0 (0x0) "NoResolveSearch"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "LinkResolveIgnoreLinkInfo"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless G Desktop Card Client Utility.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless G Desktop Card Client Utility.lnk backup=C:\WINDOWS\pss\Belkin Wireless G Desktop Card Client Utility.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Forget Me Not.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk backup=C:\WINDOWS\pss\Forget Me Not.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reality Fusion GameCam SE.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Reality Fusion GameCam SE.lnk backup=C:\WINDOWS\pss\Reality Fusion GameCam SE.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Daniel F. Cellucci^Start Menu^Programs^Startup^XPFiremon.lnk] path=C:\Documents and Settings\Daniel F. Cellucci\Start Menu\Programs\Startup\XPFiremon.lnk backup=C:\WINDOWS\pss\XPFiremon.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1A:Stardock TrayMonitor] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet -- End of Deckard's System Scanner: finished at 2007-08-28 12:29:21 ------------ Deckard's System Scanner v20070819.64 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Pentium(R) 4 CPU 1.80GHz Percentage of Memory in Use: 60% Physical Memory (total/avail): 510 MiB / 201.95 MiB Pagefile Memory (total/avail): 1245.4 MiB / 969.88 MiB Virtual Memory (total/avail): 2047.88 MiB / 1967.82 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 37.24 GiB total, 28.06 GiB free. D: is CDROM (No Media) E: is Removable (No Media) -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. AV: CA Anti-Virus v8.3.0.1 (CA, Inc.) [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\Daniel F. Cellucci\\Local Settings\\Temporary Internet Files\\Content.IE5\\8S53MBCV\\incredimail_install[1].exe"="C:\\Documents and Settings\\Daniel F. Cellucci\\Local Settings\\Temporary Internet Files\\Content.IE5\\8S53MBCV\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer" "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Disabled:Windows Media Player" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Enabled:backWeb-8876480" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Daniel F. Cellucci\Application Data CLASSPATH=C:\Program Files\QuickTime\QTSystem\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=DEBRECENI ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Daniel F. Cellucci LOGONSERVER=\\DEBRECENI NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\PROGRA~1\INCRED~1\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0102 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\DANIEL~1.CEL\LOCALS~1\Temp TMP=C:\DOCUME~1\DANIEL~1.CEL\LOCALS~1\Temp USERDOMAIN=DEBRECENI USERNAME=Daniel F. Cellucci USERPROFILE=C:\Documents and Settings\Daniel F. Cellucci windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Daniel F. Cellucci (admin) -- Add/Remove Programs --------------------------------------------------------- --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07} Ad-Aware 2007 --> MsiExec.exe /X{E31C348B-63A9-4CBF-8D7F-D932ABB63244} Adobe ActiveShare 1.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3C7CA81-27EB-11D4-A59C-00E02C071F5C}\setup.exe" UNINSTALL Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe Adobe Download Manager 1.2 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe" Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} Adobe SVG Viewer --> C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu" Advanced WindowsCare 2.51 Personal --> "C:\Program Files\IObit\Advanced WindowsCare V2\unins000.exe" American Greetings CreataCard Select 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9770A25C-45A7-478E-AF50-4FDE53EED270}\setup.exe" -l0x9 anything Belkin Wireless G Desktop Card Driver and Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CBD63CE3-F31F-4FF8-93BB-CFE3988B4624}\setup.exe" -l0x9 REMOVE CA Anti-Virus --> "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u /product=av CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" Conexant HSF V92 56K Data Fax PCI Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2013&SUBSYS_021213E0\HxFSETUP.EXE -U -IVEN_14F1&DEV_2013&SUBSYS_021213E0 Data Access Objects (DAO) 3.5 --> C:\Program Files\Common Files\Microsoft Shared\DAO\Remove.EXE C:\WINDOWS\UNINST.EXE -fC:\PROGRA~1\COMMON~1\MICROS~1\DAO\DeIsL7.isu Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe" Dell Support 5.0.0 (630) --> rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0} HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" IncrediMail Xe --> C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562 Lexmark 3400 Series --> C:\Program Files\Lexmark 3400 Series\Install\x86\Uninst.exe Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst Linksys NIC ControlSet --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Linksys\NIC ControlSet\Uninst_VNIC.isu" -c"C:\Program Files\Linksys\NIC ControlSet\VNICu.dll" Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL Logitech ImageStudio --> MsiExec.exe /I{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA} Macromedia Flash Player --> MsiExec.exe /X{4ecaf021-478c-40c1-b777-3368a15f9966} Managed DirectX (0901) --> Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf Microsoft Encarta Encyclopedia Standard 2002 --> MsiExec.exe /I{01001202-823E-46CD-A70E-BEE818F97169} Microsoft Location Finder --> MsiExec.exe /I{8D6AE289-7A5E-41B4-A7F0-687C2DAB1B87} Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9} Microsoft PowerPoint Viewer 97 --> C:\Program Files\PowerPoint Viewer\setup\setup.exe Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9} Microsoft Works 6.0 --> MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704} Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{C3A439E4-7303-491F-A678-CEA36A87D517} MSN Messenger 7.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600777} MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} New England Patriots Screen Saver --> sstunst2.exe New England Patriots Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan Peterson North American Birds --> C:\WINDOWS\uninst16.exe -fC:\pmgbirds\DeIsL1.isu -c"C:\pmgbirds\UNINST32.DLL" PIXELA ImageMixer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13413C6C-C640-40B8-917E-CA3062826B18}\setup.exe" QuickTime --> QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033 RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Shockwave 7.0.3 Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\INSTALL.LOG Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe" Super Blackjack --> C:\PROGRA~1\GAMEHO~1\BLACKJ~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\BLACKJ~1\INSTALL.LOG VB Runtime --> C:\WINDOWS\system32\UNINSTAL.EXE /A /R C:\WINDOWS\system32\VBRunTme.LOG WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4" WebFldrs XP --> Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333} Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C} Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD} Works Suite OS Pack --> Works Synchronization --> XML Paper Specification Shared Components Pack 1.0 --> XPFiremon --> MsiExec.exe /I{B7F5E0EC-30BE-43A9-8FEF-8B3593BFAF5A} Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG -- Application Event Log ------------------------------------------------------- Event Record #/Type22982 / Warning Event Submitted/Written: 08/13/2007 01:12:49 PM Event ID/Source: 1020 / ASP.NET 2.0.50727.0 Event Description: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i. Event Record #/Type22967 / Warning Event Submitted/Written: 08/13/2007 01:09:27 PM Event ID/Source: 1020 / ASP.NET 2.0.50727.0 Event Description: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i. Event Record #/Type22952 / Warning Event Submitted/Written: 08/13/2007 01:04:35 PM Event ID/Source: 1020 / ASP.NET 2.0.50727.0 Event Description: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i. Event Record #/Type22911 / Success Event Submitted/Written: 08/12/2007 07:25:38 AM Event ID/Source: 1102 / .NET Runtime Optimization Service Event Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: WindowsFormsIntegration, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 Event Record #/Type22909 / Success Event Submitted/Written: 08/12/2007 07:25:34 AM Event ID/Source: 1102 / .NET Runtime Optimization Service Event Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: UIAutomationClient, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type32180 / Warning Event Submitted/Written: 08/28/2007 01:37:14 AM Event ID/Source: 36 / W32Time Event Description: The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. Event Record #/Type32124 / Error Event Submitted/Written: 08/27/2007 04:40:22 AM Event ID/Source: 1001 / Dhcp Event Description: Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00173F2D28C8. The following error occurred: %%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Event Record #/Type32122 / Error Event Submitted/Written: 08/27/2007 04:39:32 AM Event ID/Source: 1001 / Dhcp Event Description: Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00173F2D28C8. The following error occurred: %%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Event Record #/Type32115 / Error Event Submitted/Written: 08/27/2007 04:17:44 AM Event ID/Source: 1001 / Dhcp Event Description: Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00173F2D28C8. The following error occurred: %%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Event Record #/Type32109 / Error Event Submitted/Written: 08/27/2007 03:28:58 AM Event ID/Source: 1001 / Dhcp Event Description: Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00173F2D28C8. The following error occurred: %%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. -- End of Deckard's System Scanner: finished at 2007-08-28 12:29:21 ------------ |
|
|
|
|
08-24-2007, 05:49 AM
|
#5 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 19,747
OS: WinXP and Vista
|
Re: Dell issues
No, you did fine. All your replies should be in this thread to keep all the information together.
 Download HostsXpert.
------------------------------------------------------------------ Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400 Answer Yes, when prompted to install an ActiveX component.
------------------------------------------------------------------ Run a new scan with HijackThis and save the log. ------------------------------------------------------------------ Please include the following in your next reply: Kaspersky results New HijackThis log Update on system behavior |
|
|
|
|
08-26-2007, 10:15 PM
|
#6 (permalink) |
|
Registered User
Join Date: Jul 2007
Posts: 57
OS: XP
|
Re: Dell issues
I can't seem to get the Hostexpert or the Kaspersky Online scans to work. My security settings aren't allowing it. I tried changing them, but it still doesn't allow it. There seems to be some kind of problem with Active X.
|
|
|
|
|
08-26-2007, 10:37 PM
|
#7 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 19,747
OS: WinXP and Vista
|
Re: Dell issues
The infection is causing those issues.
Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. *************************************************** Download Combofix and save it to your desktop. **Note: It is important that it is saved directly to your desktop** -------------------------------------------------------------------- 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. -------------------------------------------------------------------- Double click on combofix.exe & follow the prompts.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall |
|
|
|
located at the bottom of the page.
then click 
