Solved

Various advertisments pop up while trying to access the internet

Posted on 2008-10-01
14
443 Views
Last Modified: 2013-12-06
I help the senior citizens in our area that do not really keep their computers up to date with virus and spyware protection.
This lady brought over her Dell Laptop Inspiron 1501 because she told me that strange things were coming up on her computer.
I have it hooked up to my cable modem and she is absolutely correct.  It is a mess and I just don't know where to start.  Here are some of her problems:
I can't seem to update Microsoft Windows as it says "Updates are not turned on".  They will not let me update the computer.  
There is also an error window that comes up when the computer is started saying:
C: Windows system 32 / ivsavrot.dll is missing.
I searched the internet and cannot find anything on that file.

When I do open internet explorer, I can't seem to download any spyware programs, such as SpyBot, AdAware.  I keep getting advertisiments popping up and not letting me do anything I want to do.

She has PC-illin (Trend Micro) on her cmputer.  I did run the program but do not think it removed the files it found.

I really don't know where to start to clean off this computer and get it working correctly.  

Any help you can give me would be appreciated.

Jeanne

P.S.  I just restarted the computer and I get this error message:
"Server Busy:  This action cannot be completed because the other program is busy.  Choose "Switch to" to activate the busy program and correct the problem."

I also have a message down by the clock saying, "Your computer might be at risk, Automatic Updates are turned off.  Click balloon to fix problem."   I tried this several times and I can't fix the problem.

Also, right  now on the screen I have various Internet sites, such as, "www.redorbit.com"  "a1interlick.com"  "www.surfaccuracy.com"  "Micro Antivirus" wants me to load their software and run their virus scan."  
More and More ads keep popping up.

I'm shutting down the computer until I get some help.

Thank you.
0
Comment
Question by:Jeanne061397
  • 6
  • 5
  • 3
14 Comments
 
LVL 47

Assisted Solution

by:rpggamergirl
rpggamergirl earned 50 total points
ID: 22621495

If you can download the free MalwareBytes scanner or using another pc and transfer it on a USB if her pc can't connect to sites.

Download Malwarebytes' Anti-Malware to your desktop. check for Updates before scanning.
http://www.malwarebytes.org/mbam.php

Then also scan with Hijackthis and show us logfile please.
Download Hijackthis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.
Paste the log in the "Code Snippet" or "Attach File" window.

0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 22621505
<<<C: Windows system 32 / ivsavrot.dll is missing.
I searched the internet and cannot find anything on that file
.<<<

That's just one of the malware dll file that has been deleted but the reg entry is still present. You can uncheck the relevant startup entry in msconfig or you can fix the entry in Hijackthis, it should show up in hijackthis and fixing the entry should stop the error.
There will be other nasties there that still need to be removed, the Hijackthis log should tell us what infections are present in the system. just attach the logfile.
0
 

Author Comment

by:Jeanne061397
ID: 22624929
Thank you so much for your help.  I did manage to install and run the Malwarebytes' Anti-Malware after having to save it on my own computer.  I ran it once and it said there were 143 object infected and they were removed.

I know ran HiJack This and here is the log file as requested:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:21 AM, on 10/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Documents and Settings\Angela\Application Data\?asks\??anregw.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061213
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061213
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKCU\..\Run: [Ssloc] "C:\Documents and Settings\Angela\Application Data\?asks\??anregw.exe"
O4 - HKCU\..\Run: [Bagvwack] "C:\Documents and Settings\Angela\Application Data\??stem\w?auboot.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222911414312
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.gamehouse.com/games/mjolauncher.cab
O20 - AppInit_DLLs: qavudc.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 5840 bytes

I'm not sure what to do next so I will wait until I hear from you.  Thank you again.

Jeanne
0
 
LVL 20

Accepted Solution

by:
IndiGenus earned 200 total points
ID: 22626500
Since it's still the middle of the night where rpg is I'll post in here. You have signs of purityscan and other infections present also. I would advise running combofix and I believe rpg would go along with me here.

Please download ComboFix from either of these links to your Desktop.
http://subs.geekstogo.com/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

* Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. *
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

* The link below is a list of programs that should be disabled. If yours is not listed and you don't know how to disable it, please ask.
http://www.bleepingcomputer.com/forums/topic114351.html

* Close any open browsers.
* WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
* Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
* If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please attach the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall** PLEASE ALSO NOTE: Combofix will typically fix most and sometimes all Malware entries but many times a script is also needed to finish cleaning up. So please keep CF until advised whether you need the script or not.
0
 

Author Comment

by:Jeanne061397
ID: 22627468
Here is the Combo Fix Log.
I will send the HiJack This log shortly.
Thanks so much for the help.

Jeanne

ComboFix 08-10-01.06 - Angela 2008-10-02 14:55:09.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.479 [GMT -4:00]
Running from: C:\Documents and Settings\Angela\Desktop\ComboFix.exe
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Andrew\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\Angela\Application Data\ASKS~1
C:\Documents and Settings\Angela\Application Data\STEM~1
C:\Program Files\Common Files\asembl~1
C:\Program Files\Common Files\scurit~1
C:\Program Files\Common Files\scurit~1\s?curity\
C:\WINDOWS\system32\emvbhkch.ini
C:\WINDOWS\system32\icroso~1
C:\WINDOWS\system32\torvasvi.ini
C:\xcrashdump.dat

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PACKET
-------\Service_Packet


(((((((((((((((((((((((((   Files Created from 2008-09-02 to 2008-10-02  )))))))))))))))))))))))))))))))
.

2008-10-02 12:58 . 2008-10-02 12:58      <DIR>      d--------      C:\Program Files\Alwil Software
2008-10-02 11:59 . 2008-10-02 11:59      <DIR>      d--------      C:\Documents and Settings\Angela\Application Data\Windows Search
2008-10-02 11:58 . 2008-10-02 11:58      <DIR>      d--------      C:\Documents and Settings\Angela\Application Data\Windows Desktop Search
2008-10-02 11:55 . 2008-10-02 11:55      <DIR>      d--------      C:\WINDOWS\system32\GroupPolicy
2008-10-02 11:55 . 2008-10-02 11:55      <DIR>      d--------      C:\Program Files\Windows Desktop Search
2008-10-02 11:55 . 2006-06-29 13:07      14,048      ---------      C:\WINDOWS\system32\spmsg2.dll
2008-10-02 11:54 . 2008-03-07 13:02      192,000      ---------      C:\WINDOWS\system32\dllcache\offfilt.dll
2008-10-02 11:54 . 2008-03-07 13:02      98,304      ---------      C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-10-02 11:54 . 2008-03-07 13:02      29,696      ---------      C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-10-02 11:53 . 2008-06-23 12:57      6,066,176      ---------      C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-02 11:53 . 2008-06-23 12:57      459,264      ---------      C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-10-02 11:53 . 2008-06-23 12:57      383,488      ---------      C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-10-02 11:53 . 2008-06-23 12:57      267,776      ---------      C:\WINDOWS\system32\dllcache\iertutil.dll
2008-10-02 11:53 . 2008-06-23 12:57      63,488      ---------      C:\WINDOWS\system32\dllcache\icardie.dll
2008-10-02 11:53 . 2008-06-23 12:57      52,224      ---------      C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-10-02 11:53 . 2008-06-23 05:20      13,824      ---------      C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-02 11:16 . 2008-10-02 11:16      <DIR>      d--------      C:\Documents and Settings\Angela\Application Data\Microsoft Web Folders
2008-10-02 09:02 . 2008-10-02 09:02      <DIR>      d--------      C:\Program Files\Malwarebytes' Anti-Malware
2008-10-02 09:02 . 2008-10-02 09:02      <DIR>      d--------      C:\Documents and Settings\Angela\Application Data\Malwarebytes
2008-10-02 09:02 . 2008-10-02 09:02      <DIR>      d--------      C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-02 09:02 . 2008-09-10 00:04      38,528      --a------      C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-02 09:02 . 2008-09-10 00:03      17,200      --a------      C:\WINDOWS\system32\drivers\mbam.sys
2008-10-02 00:41 . 2008-10-02 00:41      <DIR>      d--------      C:\Documents and Settings\Administrator\Application Data\MSNInstaller
2008-10-02 00:01 . 2008-10-02 00:01      105,984      --a------      C:\WINDOWS\system32\rrmrjqcv.dll
2008-10-01 22:08 . 2008-10-01 22:08      <DIR>      d--------      C:\WINDOWS\system32\scripting
2008-10-01 22:07 . 2008-10-01 22:07      <DIR>      d--------      C:\WINDOWS\system32\en
2008-10-01 22:07 . 2008-10-01 22:07      <DIR>      d--------      C:\WINDOWS\system32\bits
2008-10-01 22:07 . 2008-10-01 22:08      <DIR>      d--------      C:\WINDOWS\l2schemas
2008-10-01 22:03 . 2008-10-01 22:08      <DIR>      d--------      C:\WINDOWS\ServicePackFiles
2008-10-01 17:06 . 2008-10-01 22:40      <DIR>      d--------      C:\Documents and Settings\Angela\.housecall6.6
2008-10-01 14:53 . 2008-10-01 14:53      2      --a------      C:\WINDOWS\msoffice.ini
2008-10-01 14:45 . 2008-10-01 14:45      105,984      --a------      C:\WINDOWS\system32\ykxhhsbk.dll
2008-10-01 13:25 . 2001-08-17 13:48      12,160      --a------      C:\WINDOWS\system32\drivers\mouhid.sys
2008-10-01 13:25 . 2001-08-17 13:48      12,160      --a------      C:\WINDOWS\system32\dllcache\mouhid.sys
2008-10-01 13:25 . 2008-04-13 14:45      10,368      --a------      C:\WINDOWS\system32\drivers\hidusb.sys
2008-09-30 08:55 . 2008-10-02 10:27      4,286      --a------      C:\WINDOWS\system32\Jamster.ico
2008-09-29 09:01 . 2008-09-29 09:01      105,984      --a------      C:\WINDOWS\system32\qkatuqla.dll
2008-09-29 08:11 . 2008-10-01 14:30      9,662      --a------      C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-09-28 21:04 . 2008-09-28 21:04      105,984      --a------      C:\WINDOWS\system32\iislojhs.dll
2008-09-02 20:52 . 2008-10-01 13:39      268      --ah-----      C:\sqmdata19.sqm
2008-09-02 20:52 . 2008-10-01 13:39      244      --ah-----      C:\sqmnoopt19.sqm

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-02 15:16      ---------      d-----w      C:\Program Files\microsoft frontpage
2008-10-02 15:10      ---------      d--h--w      C:\Program Files\InstallShield Installation Information
2008-10-02 14:37      ---------      d-----w      C:\Program Files\Trend Micro
2008-10-02 14:20      ---------      d-----w      C:\Program Files\Microsoft Works
2008-10-02 14:17      ---------      d---a-w      C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-02 04:40      ---------      d-----w      C:\Program Files\GemMaster
2008-10-02 04:39      ---------      d-----w      C:\Documents and Settings\All Users\Application Data\WildTangent
2008-10-01 18:55      ---------      d-----w      C:\Program Files\Common Files\AOL
2008-10-01 18:55      ---------      d-----w      C:\Documents and Settings\All Users\Application Data\AOL
2008-10-01 18:09      ---------      d-----w      C:\Program Files\Google
2008-10-01 18:05      ---------      d-----w      C:\Program Files\Yahoo!
2008-10-01 18:05      ---------      d-----w      C:\Documents and Settings\All Users\Application Data\YAHOO
2008-10-01 18:00      ---------      d-----w      C:\Program Files\Windows Live
2008-10-01 17:59      ---------      d-----w      C:\Program Files\Windows Live Toolbar
2008-09-26 22:00      ---------      d-----w      C:\Program Files\Common Files\Symantec Shared
2008-09-17 20:52      848      ----a-w      C:\Documents and Settings\Angela\Application Data\wklnhst.dat
2008-08-22 23:49      ---------      d-----w      C:\Program Files\Norton PC Checkup(2)
2007-08-28 01:10      60,968      ----a-w      C:\Documents and Settings\Angela\GoToAssistDownloadHelper.exe
2007-02-15 03:32      88      --sh--r      C:\WINDOWS\system32\7FA3E4AE5B.sys
2007-02-15 03:35      2,828      --sha-w      C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ssloc"="C:\Documents and Settings\Angela\Application Data\?asks\??anregw.exe" [?]
"Bagvwack"="C:\Documents and Settings\Angela\Application Data\??stem\w?auboot.exe" [?]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 1392640]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-12-13 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-12-15 73728]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=qavudc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=C:\WINDOWS\pss\Dell Network Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2006-08-28 23:57 395776 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 16:01 67584 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-12-13 23:38 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-09-22 13:06 282624 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uaol - C:\PROGRA~1\COMMON~1\SCURIT~1\wucrtupd.exe
MSConfigStartUp-Google Desktop Search - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-ModemOnHold - C:\Program Files\NetWaiting\netWaiting.exe
MSConfigStartUp-MsnMsgr - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061213
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 15:05:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-10-02 15:09:45 - machine was rebooted
ComboFix-quarantined-files.txt  2008-10-02 19:09:40

Pre-Run: 39,799,709,696 bytes free
Post-Run: 40,044,453,888 bytes free

226      --- E O F ---      2008-10-02 15:11:39
0
 

Author Comment

by:Jeanne061397
ID: 22627495
Here is the HiJack this log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:14:19 PM, on 10/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061213
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKCU\..\Run: [Ssloc] "C:\Documents and Settings\Angela\Application Data\?asks\??anregw.exe"
O4 - HKCU\..\Run: [Bagvwack] "C:\Documents and Settings\Angela\Application Data\??stem\w?auboot.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222911414312
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.gamehouse.com/games/mjolauncher.cab
O20 - AppInit_DLLs: qavudc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6535 bytes
0
 
LVL 20

Expert Comment

by:IndiGenus
ID: 22627864
1. Open Notepad.

2. Now copy/paste the text between the lines below into the Notepad window:

------------------------------------------------------------------------

File::
C:\WINDOWS\system32\rrmrjqcv.dll
C:\WINDOWS\system32\ykxhhsbk.dll
C:\WINDOWS\system32\qkatuqla.dll
C:\WINDOWS\system32\iislojhs.dll

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ssloc"=-
"Bagvwack"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

------------------------------------------------------------------------

3. Save the above as CFScript.txt on your desktop.

4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please upload the following reports/logs.

-Combofix.txt
-A new HijackThis log


0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:Jeanne061397
ID: 22630911
Guru,
I hope I did exactly what you instructed.  I did copy the text and saved it to my desktop.  Then (before I opened ComboFix.exe, I drag the icon (CFScript.txt) on top of the ComboFix.exe icon.  Here is the log file that Combofix.txt created:

ComboFix 08-10-02.04 - Angela 2008-10-02 23:18:10.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.525 [GMT -4:00]
Running from: C:\Documents and Settings\Angela\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Angela\Desktop\CFScript.txt
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\WINDOWS\system32\iislojhs.dll
C:\WINDOWS\system32\qkatuqla.dll
C:\WINDOWS\system32\rrmrjqcv.dll
C:\WINDOWS\system32\ykxhhsbk.dll
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\iislojhs.dll
C:\WINDOWS\system32\qkatuqla.dll
C:\WINDOWS\system32\rrmrjqcv.dll
C:\WINDOWS\system32\ykxhhsbk.dll

.
(((((((((((((((((((((((((   Files Created from 2008-09-03 to 2008-10-03  )))))))))))))))))))))))))))))))
.

2008-10-02 12:58 . 2008-10-02 12:58      <DIR>      d--------      C:\Program Files\Alwil Software
2008-10-02 11:59 . 2008-10-02 11:59      <DIR>      d--------      C:\Documents and Settings\Angela\Application Data\Windows Search
2008-10-02 11:58 . 2008-10-02 11:58      <DIR>      d--------      C:\Documents and Settings\Angela\Application Data\Windows Desktop Search
2008-10-02 11:55 . 2008-10-02 11:55      <DIR>      d--------      C:\WINDOWS\system32\GroupPolicy
2008-10-02 11:55 . 2008-10-02 11:55      <DIR>      d--------      C:\Program Files\Windows Desktop Search
2008-10-02 11:55 . 2006-06-29 13:07      14,048      ---------      C:\WINDOWS\system32\spmsg2.dll
2008-10-02 11:54 . 2008-03-07 13:02      192,000      ---------      C:\WINDOWS\system32\dllcache\offfilt.dll
2008-10-02 11:54 . 2008-03-07 13:02      98,304      ---------      C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-10-02 11:54 . 2008-03-07 13:02      29,696      ---------      C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-10-02 11:53 . 2008-06-23 12:57      6,066,176      ---------      C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-02 11:53 . 2008-06-23 12:57      459,264      ---------      C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-10-02 11:53 . 2008-06-23 12:57      383,488      ---------      C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-10-02 11:53 . 2008-06-23 12:57      267,776      ---------      C:\WINDOWS\system32\dllcache\iertutil.dll
2008-10-02 11:53 . 2008-06-23 12:57      63,488      ---------      C:\WINDOWS\system32\dllcache\icardie.dll
2008-10-02 11:53 . 2008-06-23 12:57      52,224      ---------      C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-10-02 11:53 . 2008-06-23 05:20      13,824      ---------      C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-02 11:16 . 2008-10-02 11:16      <DIR>      d--------      C:\Documents and Settings\Angela\Application Data\Microsoft Web Folders
2008-10-02 09:02 . 2008-10-02 09:02      <DIR>      d--------      C:\Program Files\Malwarebytes' Anti-Malware
2008-10-02 09:02 . 2008-10-02 09:02      <DIR>      d--------      C:\Documents and Settings\Angela\Application Data\Malwarebytes
2008-10-02 09:02 . 2008-10-02 09:02      <DIR>      d--------      C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-02 09:02 . 2008-09-10 00:04      38,528      --a------      C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-02 09:02 . 2008-09-10 00:03      17,200      --a------      C:\WINDOWS\system32\drivers\mbam.sys
2008-10-02 00:41 . 2008-10-02 00:41      <DIR>      d--------      C:\Documents and Settings\Administrator\Application Data\MSNInstaller
2008-10-01 22:08 . 2008-10-01 22:08      <DIR>      d--------      C:\WINDOWS\system32\scripting
2008-10-01 22:07 . 2008-10-01 22:07      <DIR>      d--------      C:\WINDOWS\system32\en
2008-10-01 22:07 . 2008-10-01 22:07      <DIR>      d--------      C:\WINDOWS\system32\bits
2008-10-01 22:07 . 2008-10-01 22:08      <DIR>      d--------      C:\WINDOWS\l2schemas
2008-10-01 22:03 . 2008-10-01 22:08      <DIR>      d--------      C:\WINDOWS\ServicePackFiles
2008-10-01 17:06 . 2008-10-01 22:40      <DIR>      d--------      C:\Documents and Settings\Angela\.housecall6.6
2008-10-01 14:53 . 2008-10-01 14:53      2      --a------      C:\WINDOWS\msoffice.ini
2008-10-01 13:25 . 2001-08-17 13:48      12,160      --a------      C:\WINDOWS\system32\drivers\mouhid.sys
2008-10-01 13:25 . 2001-08-17 13:48      12,160      --a------      C:\WINDOWS\system32\dllcache\mouhid.sys
2008-10-01 13:25 . 2008-04-13 14:45      10,368      --a------      C:\WINDOWS\system32\drivers\hidusb.sys
2008-09-30 08:55 . 2008-10-02 10:27      4,286      --a------      C:\WINDOWS\system32\Jamster.ico
2008-09-29 08:11 . 2008-10-01 14:30      9,662      --a------      C:\WINDOWS\system32\ZoneAlarmIconUS.ico

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-02 15:16      ---------      d-----w      C:\Program Files\microsoft frontpage
2008-10-02 15:10      ---------      d--h--w      C:\Program Files\InstallShield Installation Information
2008-10-02 14:37      ---------      d-----w      C:\Program Files\Trend Micro
2008-10-02 14:20      ---------      d-----w      C:\Program Files\Microsoft Works
2008-10-02 14:17      ---------      d---a-w      C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-02 04:40      ---------      d-----w      C:\Program Files\GemMaster
2008-10-02 04:39      ---------      d-----w      C:\Documents and Settings\All Users\Application Data\WildTangent
2008-10-01 18:55      ---------      d-----w      C:\Program Files\Common Files\AOL
2008-10-01 18:55      ---------      d-----w      C:\Documents and Settings\All Users\Application Data\AOL
2008-10-01 18:09      ---------      d-----w      C:\Program Files\Google
2008-10-01 18:05      ---------      d-----w      C:\Program Files\Yahoo!
2008-10-01 18:05      ---------      d-----w      C:\Documents and Settings\All Users\Application Data\YAHOO
2008-10-01 18:00      ---------      d-----w      C:\Program Files\Windows Live
2008-10-01 17:59      ---------      d-----w      C:\Program Files\Windows Live Toolbar
2008-09-26 22:00      ---------      d-----w      C:\Program Files\Common Files\Symantec Shared
2008-09-17 20:52      848      ----a-w      C:\Documents and Settings\Angela\Application Data\wklnhst.dat
2008-08-22 23:49      ---------      d-----w      C:\Program Files\Norton PC Checkup(2)
2008-07-19 02:10      94,920      ----a-w      C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10      53,448      ----a-w      C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10      45,768      ----a-w      C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10      36,552      ----a-w      C:\WINDOWS\system32\wups.dll
2008-07-19 02:10      36,552      ----a-w      C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 02:09      563,912      ----a-w      C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09      325,832      ----a-w      C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09      205,000      ----a-w      C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09      1,811,656      ----a-w      C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07      270,880      ----a-w      C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07      210,976      ----a-w      C:\WINDOWS\system32\muweb.dll
2008-07-07 20:26      253,952      ----a-w      C:\WINDOWS\system32\es.dll
2008-07-07 20:26      253,952      ------w      C:\WINDOWS\system32\dllcache\es.dll
2007-08-28 01:10      60,968      ----a-w      C:\Documents and Settings\Angela\GoToAssistDownloadHelper.exe
2007-02-15 03:32      88      --sh--r      C:\WINDOWS\system32\7FA3E4AE5B.sys
2007-02-15 03:35      2,828      --sha-w      C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((   snapshot@2008-10-02_15.09.22.50   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-03 03:09:02      16,384      ----atw      C:\WINDOWS\Temp\Perflib_Perfdata_6a4.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 1392640]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-12-13 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-12-15 73728]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=C:\WINDOWS\pss\Dell Network Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2006-08-28 23:57 395776 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 16:01 67584 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-12-13 23:38 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-09-22 13:06 282624 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 23:19:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-02 23:21:23
ComboFix-quarantined-files.txt  2008-10-03 03:21:04
ComboFix2.txt  2008-10-02 19:09:46

Pre-Run: 39,998,513,152 bytes free
Post-Run: 39,982,358,528 bytes free

192      --- E O F ---      2008-10-02 15:11:39


Here is the new HiJack This Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:51 PM, on 10/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061213
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222911414312
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.gamehouse.com/games/mjolauncher.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6245 bytes

Thanks, I hope you can figure out my problem.

Jeanne
0
 
LVL 20

Expert Comment

by:IndiGenus
ID: 22633362
You did it correctly. How's it running? Still having issues?
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 22633963
Sorry Jeanne, wasn't able to reply back, was away.

Good job there IndiGenus.
0
 

Author Comment

by:Jeanne061397
ID: 22634277
I think it is running much better.  I have not had all those ads popping up when I am on the internet.

Is there anything else I should do after running the two programs, HiJack This and Combo fix?  Do the log files created from these two programs need me to delete anything from the system?

Please let me know if you think it is safe now to return the laptop to its owner?

Thanks again for everything.

Jeanne
0
 
LVL 20

Expert Comment

by:IndiGenus
ID: 22634555
No problem rpg, you've picked me up plenty of times....I owed you.

Jeanne,
Yes, I think you're in pretty good shape. You should uninstall combofix as follows...
Click START then Run...
Now type Combofix /u in the runbox  and click OK.  Note the space between the X and the U, it needs to be there.

The above procedure will:

Delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present

Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.


I would also suggest running  MalwareBytes AM again as you did earlier, to see if there are any leftovers. Also run a full system virus scan with TM updated.

0
 

Author Closing Comment

by:Jeanne061397
ID: 31502265
Thank you so much for all your help.  I could not have erased these problems without your help.  You are the best.
Jeanne

I did run the mal aware and found another problem but did delete it.
0
 
LVL 20

Expert Comment

by:IndiGenus
ID: 22635512
Great, glad it worked out and thank you for the grade and points on this.

Regards,
Dave
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

The intent of this Article is to provide the basic First Aid steps for working through most malware infections. The target audience includes experienced IT professionals and the casual user who just wants to make the infection go away. **********…
You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now