I am redirected when I use Google to search for webpages in IE and Firefox. Also, when I type web addresses directly into the address bar in these browsers, I get error messages. Tried to follow the instructions in the "*** IMPORTANT *** - Must read before posting!" sticky post, but couldn't get very far. I did Step One: Clean with ATF Cleaner, but in Step Two, Kaspersky Web Scanner tells me that my computer does not meet the requirements to run their program. I have Windows XP - Home Edition, Version 2002, Service Pack 3. I didn't do anything else, figuring it would be better to first get help here than to proceed and screw things up further. FYI: Here are the anti-malware programs that I'm currently running: NOD32, Spy Sweeper, Spybot S&D, Spyware Blaster. All are running right now. As you can probably guess, I'm not the most computer literate person. However, I follow instructions well, learn quickly, and easily ask "stupid" questions as opposed to forging ahead blindly. Thanks in advance to whomever takes on the task of helping me out.
Hi ELG3366 Before we begin the cleanup process, it is important to do a little analysis first. We will analyze your computer with a tool called HijackThis. Please download the HijackThis zip file. Save it onto a convenient place in your computer, and then unzip the file. Rename HijackThis(.exe) to scanner(.exe). Next, run scanner(.exe). A window will pop up. • Click on the button which says Main Menu, then Do a system scan and save a logfile. • Please wait for the scan to be completed. • After the scan has completed, a text window will pop up. Please post the contents of this window here. This will also be located at hijackthis(.txt) in the same folder that HijackThis was originally saved. NOTE:: Do not fix anything using HijackThis, as this may also damage legitimate components of your computer. Best Regards
This is what I came up with. I hope it's what you're looking for. Thanks again for your help! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:08:01 AM, on 9/19/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\Program Files\Citrix\ICA Client\ssonsvr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\system32\SDClient.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe C:\WINDOWS\OEM05Mon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Safari\Safari.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Documents and Settings\Michael Gerald\Desktop\HiJackThis\Scanner.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?rs=1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [SCREW DRIVER CLIENT] "C:\WINDOWS\system32\SDClient.exe" O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe" O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe" O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s O4 - HKLM\..\Run: [OEM05Mon.exe] "C:\WINDOWS\OEM05Mon.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe" O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe -- End of file - 10456 bytes
Hey ELG3366 Now, please download ComboFix. With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it. Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection. • Run Combo-Fix.exe and follow the prompts. **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later. • Wait for the scan to be completed. • If it requires a reboot, please do it. • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt) Do not click on the ComoboFix window, as it may cause it to stall. Best Regards
Thanks, cdavfrew, for getting back to me so quickly. Below is the ComboFix text report. I should tell you that while it was running, Spy Sweeper came on and started to scan. I'd forgotten that I'd previously set it for a regular automatic scan that happened to be during the time I was running ComboFix. I stopped it immediately, and ComboFix kept running. Even so, I don't know whether this will make a difference to the effectiveness of the CFix report or not. ComboFix 08-09-16.05 - Michael Gerald 2008-09-19 8:51:03.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.158 [GMT -7:00] Running from: C:\Documents and Settings\Michael Gerald\Desktop\Combo-Fix.exe * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\windows_update.exe . ---- Previous Run ------- . C:\WINDOWS\system32\tdssinit.dll C:\WINDOWS\system32\tdsslog.dll C:\WINDOWS\system32\tdssmain.dll C:\WINDOWS\system32\tdssserf.dll C:\WINDOWS\system32\tdssservers.dat . ((((((((((((((((((((((((( Files Created from 2008-08-19 to 2008-09-19 ))))))))))))))))))))))))))))))) . 2008-09-17 18:29 . 2008-09-18 07:48 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-17 18:28 . 2008-09-17 18:30 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-09-17 17:22 . 2008-09-17 17:22 <DIR> d-------- C:\Program Files\Tall Emu 2008-09-17 17:22 . 2008-09-17 17:22 <DIR> d-------- C:\OnlineArmor 2008-09-17 17:22 . 2008-09-19 08:46 <DIR> d-------- C:\Documents and Settings\Michael Gerald\Application Data\OnlineArmor 2008-09-17 17:22 . 2008-09-17 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OnlineArmor 2008-09-17 17:22 . 2008-04-17 05:25 80,584 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\OADriver.sys 2008-09-17 17:22 . 2008-04-17 05:25 32,456 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\OAmon.sys 2008-09-17 17:22 . 2008-04-17 05:25 28,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\oanet.sys 2008-09-17 16:08 . 2008-09-17 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-09-17 15:46 . 2008-09-17 15:46 <DIR> d-------- C:\Program Files\Yahoo! 2008-09-17 15:46 . 2008-09-17 15:51 <DIR> d-------- C:\Program Files\CCleaner 2008-09-17 15:35 . 2008-09-17 15:35 <DIR> d--hs---- C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\PrivacIE 2008-09-17 15:14 . 2008-09-17 15:14 <DIR> d-------- C:\f7e6581c3663fa4d05c9df385111684a 2008-09-17 13:55 . 2008-09-17 13:56 <DIR> d--h-c--- C:\WINDOWS\ie8 2008-09-16 17:49 . 2008-09-16 17:49 <DIR> d-------- C:\Program Files\Common Files\Webroot Shared 2008-09-16 17:49 . 2007-11-26 14:47 194,888 --a------ C:\WINDOWS\Unwash6.exe 2008-09-16 16:11 . 2008-09-16 16:11 164 --a------ C:\install.dat 2008-09-16 14:32 . 2008-09-16 14:32 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2008-09-16 14:30 . 2008-09-16 17:49 <DIR> d-------- C:\Program Files\Webroot 2008-09-16 14:30 . 2008-09-16 17:49 <DIR> d-------- C:\Documents and Settings\Michael Gerald\Application Data\Webroot 2008-09-16 14:30 . 2008-09-16 17:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot 2008-09-16 14:30 . 2008-08-09 16:04 1,538,928 --a------ C:\WINDOWS\WRSetup.dll 2008-09-16 02:13 . 2008-09-16 10:48 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy) 2008-09-15 09:38 . 2008-09-16 15:28 160 --a------ C:\Documents and Settings\Michael Gerald\xrt_log.dat 2008-09-13 23:33 . 2008-09-13 23:33 39,424 --a------ C:\Documents and Settings\Michael Gerald\xrt_vctc.exe 2008-08-29 06:44 . 2008-08-29 06:44 <DIR> d-------- C:\WINDOWS\SYSTEM32\scripting 2008-08-29 06:44 . 2008-08-29 06:44 <DIR> d-------- C:\WINDOWS\SYSTEM32\en 2008-08-29 06:44 . 2008-08-29 06:44 <DIR> d-------- C:\WINDOWS\SYSTEM32\bits 2008-08-29 06:44 . 2008-08-29 06:44 <DIR> d-------- C:\WINDOWS\l2schemas 2008-08-29 06:41 . 2008-08-29 06:45 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-08-29 06:33 . 2008-08-29 06:33 <DIR> d-------- C:\WINDOWS\EHome 2008-08-28 09:59 . 2008-04-13 17:12 712,704 --------- C:\WINDOWS\SYSTEM32\windowscodecs.dll 2008-08-28 09:59 . 2008-04-13 17:12 346,112 --------- C:\WINDOWS\SYSTEM32\windowscodecsext.dll 2008-08-28 09:59 . 2008-04-13 17:12 276,992 --------- C:\WINDOWS\SYSTEM32\wmphoto.dll 2008-08-28 09:59 . 2008-04-13 17:12 69,120 --------- C:\WINDOWS\SYSTEM32\wlanapi.dll 2008-08-28 09:59 . 2004-08-03 22:29 25,471 --------- C:\WINDOWS\SYSTEM32\DRIVERS\watv10nt.sys 2008-08-28 09:59 . 2004-08-03 22:29 22,271 --------- C:\WINDOWS\SYSTEM32\DRIVERS\watv06nt.sys 2008-08-28 09:57 . 2008-04-13 17:11 1,888,992 --------- C:\WINDOWS\SYSTEM32\ati3duag.dll 2008-08-22 03:05 . 2008-08-22 03:05 48,640 --------- C:\WINDOWS\SYSTEM32\PrivacIE.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-17 23:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-17 23:01 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-09-17 22:27 --------- d-----w C:\Documents and Settings\Michael Gerald\Application Data\Lavasoft 2008-09-17 20:34 --------- d-----w C:\Documents and Settings\Michael Gerald\Application Data\InstallShield 2008-09-17 19:50 --------- d-----w C:\Program Files\ESET 2008-09-17 04:59 --------- d-----w C:\Documents and Settings\Michael Gerald\Application Data\Canon 2008-09-16 22:22 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-09-16 22:22 --------- d-----w C:\Documents and Settings\Michael Gerald\Application Data\SUPERAntiSpyware.com 2008-09-15 18:18 --------- d-----w C:\Program Files\Common Files\Adobe 2008-09-15 18:17 --------- d-----w C:\Documents and Settings\Michael Gerald\Application Data\AdobeUM 2008-09-14 06:34 507,904 ----a-w C:\WINDOWS\SYSTEM32\winlogon.exe 2008-09-14 06:34 295,424 ----a-w C:\WINDOWS\SYSTEM32\termsrv.dll 2008-08-22 10:16 637,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe 2008-08-22 10:10 11,985,408 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll 2008-08-22 10:09 5,699,584 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll 2008-08-22 10:08 878,592 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll 2008-08-22 10:08 878,592 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll 2008-08-22 10:08 43,008 ----a-w C:\WINDOWS\SYSTEM32\licmgr10.dll 2008-08-22 10:08 43,008 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\licmgr10.dll 2008-08-22 10:08 236,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll 2008-08-22 10:08 1,206,784 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll 2008-08-22 10:07 755,200 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\VGX.dll 2008-08-22 10:07 193,536 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll 2008-08-22 10:07 18,944 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\corpol.dll 2008-08-22 10:07 18,944 ----a-w C:\WINDOWS\SYSTEM32\corpol.dll 2008-08-22 10:07 116,224 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll 2008-08-22 10:07 105,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll 2008-08-22 10:05 70,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll 2008-08-22 10:05 630,272 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll 2008-08-22 10:05 61,952 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll 2008-08-22 10:05 580,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll 2008-08-22 10:05 53,760 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll 2008-08-22 10:05 48,128 ----a-w C:\WINDOWS\SYSTEM32\mshtmler.dll 2008-08-22 10:05 48,128 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmler.dll 2008-08-22 10:05 45,056 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll 2008-08-22 10:05 35,840 ----a-w C:\WINDOWS\SYSTEM32\imgutil.dll 2008-08-22 10:05 35,840 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\imgutil.dll 2008-08-22 10:05 346,624 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll 2008-08-22 10:05 217,088 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll 2008-08-22 10:05 186,880 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll 2008-08-22 10:04 45,568 ----a-w C:\WINDOWS\SYSTEM32\mshta.exe 2008-08-22 10:04 45,568 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshta.exe 2008-08-22 10:00 68,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\hmmapi.dll 2008-08-22 09:57 156,160 ----a-w C:\WINDOWS\SYSTEM32\msls31.dll 2008-08-22 09:57 156,160 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msls31.dll 2008-08-22 09:42 443,392 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll 2008-08-14 03:29 --------- d-----w C:\Program Files\Common Files\Sonic Shared 2008-08-14 03:29 --------- d-----w C:\Program Files\Common Files\Roxio Shared 2008-08-14 03:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio 2008-08-12 00:14 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-08-09 21:42 29,808 ----a-w C:\WINDOWS\system32\drivers\ssfs0bbc.sys 2008-08-09 21:42 23,152 ----a-w C:\WINDOWS\system32\drivers\sshrmd.sys 2008-08-09 21:42 166,512 ----a-w C:\WINDOWS\system32\drivers\ssidrv.sys 2008-08-06 19:37 --------- d-----w C:\Program Files\Apple Software Update 2008-08-06 19:36 --------- d-----w C:\Program Files\iTunes 2008-08-06 19:36 --------- d-----w C:\Program Files\iPod 2008-08-06 00:55 265,720 ----a-w C:\WINDOWS\SYSTEM32\msdbg2.dll 2008-08-04 06:11 --------- d-----w C:\Program Files\MSXML 6.0 2008-07-20 00:01 --------- d-----w C:\Program Files\Java 2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll 2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll 2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe 2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe 2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll 2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\WUPS.DLL 2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll 2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll 2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll 2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll 2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll 2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll 2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll 2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll 2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll 2008-07-19 05:07 270,880 ----a-w C:\WINDOWS\SYSTEM32\mucltui.dll 2008-07-19 05:07 210,976 ----a-w C:\WINDOWS\SYSTEM32\muweb.dll 2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll 2008-07-07 20:26 253,952 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll 2008-06-25 01:12 295,936 ------w C:\WINDOWS\SYSTEM32\wmpeffects.dll 2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll 2008-06-24 16:43 74,240 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll 2008-06-23 16:57 133,120 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll 2008-06-23 09:20 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe 2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll 2008-06-20 17:46 245,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll 2008-06-20 17:46 147,968 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll 2008-06-20 11:51 361,600 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys 2008-06-20 11:40 138,496 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys 2008-06-20 11:08 225,856 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys 2006-01-19 21:59 630,784 -c--a-w C:\Documents and Settings\Michael Gerald\chatlnk.exe 2006-06-16 03:33 233,472 ----a-w C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll 2006-05-26 01:43 204,895 ----a-w C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll 2005-09-29 21:41 77,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctframeplayerobject.dll 2006-06-19 20:10 426,081 ----a-w C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll 2005-02-02 19:19 458,752 ----a-w C:\Program Files\mozilla firefox\plugins\imagickrt.dll 2006-04-11 01:35 139,264 ----a-w C:\Program Files\mozilla firefox\plugins\rlcontentclass.dll 2005-11-09 18:10 204,800 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll 2005-11-09 18:42 106,496 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll 2006-01-04 18:22 212,992 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoicePacker.dll 2006-01-04 18:21 167,936 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoiceUnpacker.dll 2008-05-31 19:20 75 --sh--r C:\WINDOWS\CT4CET.bin . ------- Sigcheck ------- 2004-08-04 03:00 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe 2008-04-13 17:12 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\ServicePackFiles\i386\winlogon.exe 2008-09-13 23:34 507904 3969440ba384d35317dbbdeeaae641ce C:\WINDOWS\SYSTEM32\winlogon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-26 86016] "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800] "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "SCREW DRIVER CLIENT"="C:\WINDOWS\system32\SDClient.exe" [2002-04-12 610816] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-18 949376] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 118784] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-28 185896] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544] "DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784] "OEM05Mon.exe"="C:\WINDOWS\OEM05Mon.exe" [2007-05-08 36864] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064] "OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2008-04-17 5545536] "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-08-09 5418864] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] Device Detector 2.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2006-02-13 94208] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-05-05 24576] NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-01-08 118784] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\SYSTEM32\\FXSCLNT.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\SYSTEM32\\SDClient.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R0 ssfs0bbc;ssfs0bbc;C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys [2008-08-09 29808] R1 BUFADPT;BUFADPT;C:\WINDOWS\system32\BUFADPT.SYS [2005-07-05 9600] R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [2008-04-17 80584] R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [2008-04-17 32456] R1 OAnet;OAnet;C:\WINDOWS\system32\drivers\OAnet.sys [2008-04-17 28872] R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856] R3 hpusbfd;Hewlett-Packard USB Filter Class;C:\WINDOWS\system32\DRIVERS\hpusbfd.sys [2002-05-22 7552] R3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;C:\WINDOWS\system32\Drivers\OEM05Afx.sys [2007-06-07 141376] R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM05Vfx.sys [2007-03-05 7424] R3 OEM05Vid;Creative Camera OEM005 Driver;C:\WINDOWS\system32\DRIVERS\OEM05Vid.sys [2007-07-19 235616] R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;C:\WINDOWS\system32\DRIVERS\livecamv.sys [2007-01-15 31616] R3 WLIU2KG125S;BUFFALO WLI-U2-KG125S Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800] S0 epstwnt;epstwnt;C:\WINDOWS\system32\Drivers\epstwnt.mpd [ ] S2 SHARSHTL;Shuttle Sharer;C:\WINDOWS\system32\Drivers\sharshtl.sys [ ] S2 SvcOnlineArmor;Online Armor;C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2008-04-17 5435968] S3 DS2490;DS2490 (USB Host for 1-Wire Microlan);C:\WINDOWS\system32\Drivers\DS2490.sys [2000-12-18 49108] S3 FileObjInfo;STFileDriver;C:\Documents and Settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [ ] . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Michael Gerald\Application Data\Mozilla\Firefox\Profiles\iixaux6z.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://home.iwon.com/?v=1 FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npRLCT4Player.dll FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-19 09:27:29 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\epstwnt] "ImagePath"="System32\Drivers\epstwnt.mpd" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\mchInjDrv] "ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\Program Files\Citrix\ICA Client\pnsson.dll . Completion time: 2008-09-19 9:41:09 ComboFix-quarantined-files.txt 2008-09-19 16:40:37 Pre-Run: 55,930,179,584 bytes free Post-Run: 55,920,816,128 bytes free 268 --- E O F --- 2008-09-10 06:30:47
Update: Both Firefox and IE are working properly now. Also, the computer is no longer running slowly or freezing. However, if you think there's more work to be done, I'm more than happy to keep moving forward. Also, quick question: Should I leave ComboFix and HijackThis on my computer, or should I uninstall those? Thanks so much for all your help. I hope to stay on top of these things and to not have more problems in the future.
You look clean! There's no more work to be done, and it is recommended to uninstall Combofix. To uninstall Combofix, go to Start, Run, and type in Combofix /u. That should do it. Enjoy your clean computer! Best Regards
