Jaime Campos
asked on
How do I read hijack this report Can not get out on internet
Hello -
I have a Dell system with Media Center 2005 and I am using a good internet connection. All works well on another system, however with the Dell I can not ping a host name. I run nslookup and seems to be ok on Dell but I can not get out to Google or any other sites. I've done flushdns, ran malwarebytes and cleaned the sytem. I also ran winsock fix and I still have same issue. It has Mcafee on the system. however I can not update DAT files and comes back clean. I ran hijackthis and below are the results. Can anyone tell me if I have anything suspicious? Not sure what else to do and a clean install is not an option as I really would like to find out a fix.
Logfile of HijackThis v1.99.1
Scan saved at 3:44:39 PM, on 2/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\PROGRA~1\COMMON~1\AOL\A CS\AOLacsd .exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev iceService .exe
C:\Program Files\Bonjour\mDNSResponde r.exe
C:\WINDOWS\system32\cisvc. exe
C:\WINDOWS\system32\CTsvcC DA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\iWin Games\iWinGamesInstaller.e xe
C:\Program Files\Java\jre6\bin\jqs.ex e
c:\program files\mcafee.com\agent\mcd etect.exe
c:\PROGRA~1\mcafee.com\vso \mcshield. exe
c:\PROGRA~1\mcafee.com\age nt\mctsksh d.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMS VR.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\ Binn\sqlse rvr.exe
C:\WINDOWS\system32\nvsvc3 2.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchos t.exe
C:\Program Files\Viewpoint\Common\Vie wpointServ ice.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\ehome\ehtray.ex e
C:\Program Files\Java\jre6\bin\jusche d.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy2ZS \Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS \DVDAudio\ CTDVDDET.E XE
C:\WINDOWS\system32\CTHELP ER.EXE
C:\Program Files\CyberLink\PowerDVD\D VDLauncher .exe
C:\PROGRA~1\MUSICM~1\MUSIC M~3\mm_tra y.exe
C:\Program Files\Real\RealPlayer\Real Play.exe
C:\WINDOWS\system32\dla\tf swctrl.exe
C:\WINDOWS\TrayComm.exe
C:\Program Files\WildTangent\Apps\CDA \GameDrvr. exe
C:\Program Files\Common Files\AOL\1124317868\ee\AO LSoftware. exe
C:\Program Files\McAfee.com\VSO\mcvss hld.exe
C:\PROGRA~1\mcafee.com\age nt\mcagent .exe
c:\progra~1\mcafee.com\vso \mcvsescn. exe
C:\Program Files\McAfee.com\VSO\oascl nt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Musicmatch\Musicmatc h Jukebox\mmtask.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper. exe
C:\Program Files\DellSupport\DSAgnt.e xe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\Common Files\AOL\Loader\aolload.e xe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\SIMPLE~1\PHOTO S~1\data\X tras\mssys mgr.exe
C:\Program Files\Google\GoogleToolbar Notifier\G oogleToolb arNotifier .exe
C:\Program Files\Sony Handheld\Hotsync.exe
C:\Program Files\Common Files\AOL\1124317868\ee\ao lsoftware. exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService .exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntf y.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\AOL\1124317868\ee\AO LDesktop.e xe
C:\WINDOWS\system32\cidaem on.exe
F:\avg_free_stf_en_8_234a1 426.exe
C:\DOCUME~1\MELISS~1\LOCAL S~1\Temp\7 zS8C.tmp\a vgsetup.ex e
C:\Program Files\HijackThis\HijackThi s.exe
C:\PROGRA~1\AVG\AVG8\avgwd svc.exe
C:\PROGRA~1\AVG\AVG8\avgrs x.exe
C:\PROGRA~1\AVG\AVG8\avgns x.exe
C:\Program Files\AVG\AVG8\avgcsrvx.ex e
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Sear ch_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0 090271D4F8 8} - C:\Program Files\Yahoo!\Companion\Ins talls\cpn0 \yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7 695ECA0567 0} - C:\Program Files\Yahoo!\Companion\Ins talls\cpn0 \yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.d ll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4 E65E497C8C 0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-0 0123456789 0} - C:\WINDOWS\system32\dla\tf swshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D 4DAF1D92D4 3} - C:\Program Files\Java\jre6\bin\ssv.dl l
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8 EA1C75885F 9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-7 9A187E2698 E} - C:\PROGRA~1\AVG\AVG8\AVGTO O~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C F10577473F 7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-C E66B5AD205 D} - C:\Program Files\Google\GoogleToolbar Notifier\5 .0.926.345 0\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-7 6C02E2E7C4 E} - C:\Program Files\Google\Google Toolbar\Component\fastsear ch_219B3E1 547538286. dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9 C25C1C588A 9} - C:\Program Files\Java\jre6\bin\jp2ssv .dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-E ABFE594F69 C} - C:\Program Files\Java\jre6\lib\deploy \jqs\ie\jq s_plugin.d ll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-8 6F7AC24508 1} - C:\Program Files\Yahoo!\Companion\Ins talls\cpn0 \YTSingleI nstance.dl l
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0 090271D4F8 8} - C:\Program Files\Yahoo!\Companion\Ins talls\cpn0 \yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-9 05236F6F65 5} - c:\progra~1\mcafee.com\vso \mcvsshl.d ll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-A A305ED9D92 2} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-7 9A187E2698 E} - C:\PROGRA~1\AVG\AVG8\AVGTO O~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.ex e
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl. dll,NvStar tup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusche d.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS \Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS \DVDAudio\ CTDVDDET.E XE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\D VDLauncher .exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSIC M~3\mm_tra y.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\Real Play.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tf swctrl.exe
O4 - HKLM\..\Run: [TrayComm] TrayComm.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA \GameDrvr. exe" /startup "C:\Program Files\WildTangent\Apps\CDA \cdaEngine 0500.dll"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124317868\ee\AO LSoftware. exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VS O\mcmnhdlr .exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvss hld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\age nt\mcagent .exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\age nt\mcupdat e.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oascl nt.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatc h Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsc a.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotif ier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe " -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper. exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtr ay.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.e xe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon .exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe " /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTO S~1\data\X tras\mssys mgr.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbar Notifier\G oogleToolb arNotifier .exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch .exe
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\Deskto pAlerts.ex e
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QB Update\qbu pdate.exe
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resourc es\en-US\l ocal\searc h.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2 \OFFICE11\ EXCEL.EXE/ 3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-0 0C04FAE2D4 F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-0 0C04FAE2D4 F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-0 0C04FAE2D4 F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3 C9C571A826 3} - C:\PROGRA~1\MICROS~2\OFFIC E11\REFIEB AR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-0 0B0D0A1DE4 5} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0 0C0F0318AF E} - C:\WINDOWS\system32\Shdocv w.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader - http://www.raptisoft.com/webgames/raptisoftgameloader.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0 000C07D88C F} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {149E45D8-163E-4189-86FC-4 5022AB2B6C 9} (SpinTop DRM Control) - file:///C:/Program%20Files /Mystery%2 0P.I.%20-% 20The%20Lo ttery%20Ti cket/Image s/stg_drm. ocx
O16 - DPF: {17492023-C23A-453E-A040-C 7C580BBF70 0} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {30528230-99f7-4bb4-88d8-f a1d4f56a2a b} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsth elper.dll
O16 - DPF: {406B5949-7190-4245-91A9-3 0A17DE16AD 0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A 1A3B6FB3E0 6} (NeoterisSetup Control) - https://swtmsanneo01.san.medcity.net/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6 A1E6D7663F 6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-0 0805F499D9 3} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1228615317795&h=c82b532491da7decdd61b049d2e5808b/&filename=jinstall-6u11-windows-i586-jc.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-3 6F43A218F4 A} (Microsoft RDP Client Control (redist)) - http://mhmhclstr01.hca.corpad.net/msrdp.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-0 06008C3954 2} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D 8ABCA09EC0 9} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B49C4597-8721-4789-9250-3 15DFBD9F52 5} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C 9B96837910 5} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1 F2DBAC87A5 4} (ArmHelper Control) - file:///C:/Program%20Files /Mystery%2 0P.I.%20-% 20The%20Lo ttery%20Ti cket/Image s/armhelpe r.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4 4455354000 0} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-1 90EE4A9C7F 7} (SproutLauncherCtrl Class) - http://www.arcadetown.com/feedingfrenzy/SproutLauncher.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9 B663A28DFC B} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O17 - HKLM\System\CCS\Services\T cpip\..\{2 28BAC37-FA 27-4DBF-A7 2F-050FA4B 6AD91}: NameServer = 4.2.2.2
O17 - HKLM\System\CCS\Services\T cpip\..\{B 5BC2E05-3F C0-440E-98 9A-A953C1A E3869}: NameServer = 4.2.2.2
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-F BDDE494F8D 1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrss tx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dims ntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLog on.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\A CS\AOLacsd .exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev iceService .exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwd svc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponde r.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcC DA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc. exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterServi ce.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver \1150\Inte l 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService .exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.e xe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.ex e" -service -config "C:\Program Files\Java\jre6\lib\deploy \jqs\jqs.c onf (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcd etect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso \mcshield. exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\age nt\mctsksh d.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Age nt\mcupdmg r.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc3 2.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm 12.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperS ervice.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter ) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\Vie wpointServ ice.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
i appreciate your help.
I have a Dell system with Media Center 2005 and I am using a good internet connection. All works well on another system, however with the Dell I can not ping a host name. I run nslookup and seems to be ok on Dell but I can not get out to Google or any other sites. I've done flushdns, ran malwarebytes and cleaned the sytem. I also ran winsock fix and I still have same issue. It has Mcafee on the system. however I can not update DAT files and comes back clean. I ran hijackthis and below are the results. Can anyone tell me if I have anything suspicious? Not sure what else to do and a clean install is not an option as I really would like to find out a fix.
Logfile of HijackThis v1.99.1
Scan saved at 3:44:39 PM, on 2/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\PROGRA~1\COMMON~1\AOL\A
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev
C:\Program Files\Bonjour\mDNSResponde
C:\WINDOWS\system32\cisvc.
C:\WINDOWS\system32\CTsvcC
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\iWin Games\iWinGamesInstaller.e
C:\Program Files\Java\jre6\bin\jqs.ex
c:\program files\mcafee.com\agent\mcd
c:\PROGRA~1\mcafee.com\vso
c:\PROGRA~1\mcafee.com\age
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMS
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\
C:\WINDOWS\system32\nvsvc3
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchos
C:\Program Files\Viewpoint\Common\Vie
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\ehome\ehtray.ex
C:\Program Files\Java\jre6\bin\jusche
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy2ZS
C:\Program Files\Creative\SBAudigy2ZS
C:\WINDOWS\system32\CTHELP
C:\Program Files\CyberLink\PowerDVD\D
C:\PROGRA~1\MUSICM~1\MUSIC
C:\Program Files\Real\RealPlayer\Real
C:\WINDOWS\system32\dla\tf
C:\WINDOWS\TrayComm.exe
C:\Program Files\WildTangent\Apps\CDA
C:\Program Files\Common Files\AOL\1124317868\ee\AO
C:\Program Files\McAfee.com\VSO\mcvss
C:\PROGRA~1\mcafee.com\age
c:\progra~1\mcafee.com\vso
C:\Program Files\McAfee.com\VSO\oascl
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Musicmatch\Musicmatc
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.
C:\Program Files\DellSupport\DSAgnt.e
C:\WINDOWS\system32\ctfmon
C:\Program Files\Common Files\AOL\Loader\aolload.e
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\SIMPLE~1\PHOTO
C:\Program Files\Google\GoogleToolbar
C:\Program Files\Sony Handheld\Hotsync.exe
C:\Program Files\Common Files\AOL\1124317868\ee\ao
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntf
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\AOL\1124317868\ee\AO
C:\WINDOWS\system32\cidaem
F:\avg_free_stf_en_8_234a1
C:\DOCUME~1\MELISS~1\LOCAL
C:\Program Files\HijackThis\HijackThi
C:\PROGRA~1\AVG\AVG8\avgwd
C:\PROGRA~1\AVG\AVG8\avgrs
C:\PROGRA~1\AVG\AVG8\avgns
C:\Program Files\AVG\AVG8\avgcsrvx.ex
R1 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-0
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-7
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-C
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-7
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-E
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-8
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-9
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-A
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-0
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-7
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.ex
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusche
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\D
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSIC
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\Real
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tf
O4 - HKLM\..\Run: [TrayComm] TrayComm.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124317868\ee\AO
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VS
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvss
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\age
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\age
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oascl
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatc
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsc
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotif
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtr
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.e
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTO
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbar
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\Deskto
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QB
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resourc
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-0
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-0
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-0
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-0
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader - http://www.raptisoft.com/webgames/raptisoftgameloader.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0
O16 - DPF: {149E45D8-163E-4189-86FC-4
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {30528230-99f7-4bb4-88d8-f
O16 - DPF: {406B5949-7190-4245-91A9-3
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A
O16 - DPF: {77E32299-629F-43C6-AB77-6
O16 - DPF: {8AD9C840-044E-11D1-B3E9-0
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-3
O16 - DPF: {A7EA8AD2-287F-11D3-B120-0
O16 - DPF: {AB86CE53-AC9F-449F-9399-D
O16 - DPF: {B49C4597-8721-4789-9250-3
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C
O16 - DPF: {CC450D71-CC90-424C-8638-1
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {D54160C3-DB7B-4534-9B65-1
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CCS\Services\T
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-F
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrss
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dims
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLog
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\A
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwd
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponde
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcC
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.e
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.ex
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcd
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\age
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Age
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc3
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperS
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\Vie
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
i appreciate your help.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'm downloading combo fix. I can not access google in safe mode. I will be uninstalling antivirus. i'll check back soon. Thanks.
ASKER
I ran a full Malwarebyte scan and all came back cleaned.
You have McAfee and AVG installed there?
I uninstalled AVG.
Did you install of know these running processes?
F:\avg_free_stf_en_8_234a1 426.exe
C:\DOCUME~1\MELISS~1\LOCAL S~1\Temp\7 zS8C.tmp\a vgsetup.ex e
Not sure if they were installed when AVG was installed.
There are a lot of unnecessary entries in your startup and undesirable programs like Viewpoint, WildTangent, iWinGames etc. one of these programs could be causing it.
I'd fix these entries below for a start.
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\Deskto pAlerts.ex e
O16 - DPF: {A7EA8AD2-287F-11D3-B120-0 06008C3954 2} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.e xe
I did not see these in logs after I ran Combofix, I removed Viewpoint O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\Vie wpointServ ice.exe
See Hijackthis log below. I appreciate all your help.
This is when I try to ping www.google.com
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Melissa Isbell>ping 4.2.2.2
Pinging 4.2.2.2 with 32 bytes of data:
Reply from 4.2.2.2: bytes=32 time=98ms TTL=55
Reply from 4.2.2.2: bytes=32 time=19ms TTL=55
Reply from 4.2.2.2: bytes=32 time=36ms TTL=55
Reply from 4.2.2.2: bytes=32 time=97ms TTL=55
Ping statistics for 4.2.2.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 98ms, Average = 62ms
C:\Documents and Settings\Melissa Isbell>ping www.google.com
Ping request could not find host www.google.com. Please check the name and tr
gain.
C:\Documents and Settings\Melissa Isbell>nslookup www.google.com
Server: vnsc-bak.sys.gtei.net
Address: 4.2.2.2
Non-authoritative answer:
Name: www.l.google.com
Addresses: 74.125.19.147, 74.125.19.99, 74.125.19.103, 74.125.19.104
Aliases: www.google.com
This is the ComboFix Report.
ComboFix 09-02-11.03 - Melissa Isbell 2009-02-12 8:06:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18. 1022.532 [GMT -6:00]
Running from: c:\documents and settings\Melissa Isbell\Desktop\ComboFix.ex e
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
(((((((((((((((((((((((((( (((((((((( ((( Other Deletions )))))))))))))))))))))))))) )))))))))) )))))))))) )))
.
c:\windows\system32\_00380 1_.tmp.dll
c:\windows\system32\_00380 2_.tmp.dll
c:\windows\system32\_00380 3_.tmp.dll
c:\windows\system32\_00380 4_.tmp.dll
c:\windows\system32\_00381 1_.tmp.dll
c:\windows\system32\_00381 2_.tmp.dll
c:\windows\system32\_00381 3_.tmp.dll
c:\windows\system32\_00381 4_.tmp.dll
c:\windows\system32\_00381 6_.tmp.dll
c:\windows\system32\_00381 7_.tmp.dll
c:\windows\system32\_00382 0_.tmp.dll
c:\windows\system32\_00382 1_.tmp.dll
c:\windows\system32\_00382 3_.tmp.dll
c:\windows\system32\_00382 4_.tmp.dll
c:\windows\system32\_00382 5_.tmp.dll
c:\windows\system32\_00382 7_.tmp.dll
c:\windows\system32\_00382 8_.tmp.dll
c:\windows\system32\_00383 0_.tmp.dll
c:\windows\system32\_00383 1_.tmp.dll
c:\windows\system32\_00383 5_.tmp.dll
c:\windows\system32\_00383 6_.tmp.dll
c:\windows\system32\_00383 8_.tmp.dll
c:\windows\system32\_00384 1_.tmp.dll
c:\windows\system32\_00384 3_.tmp.dll
c:\windows\system32\_00384 4_.tmp.dll
c:\windows\system32\_00384 5_.tmp.dll
c:\windows\system32\_00384 6_.tmp.dll
c:\windows\system32\_00384 7_.tmp.dll
c:\windows\system32\_00385 0_.tmp.dll
c:\windows\system32\_00385 1_.tmp.dll
c:\windows\system32\_00385 2_.tmp.dll
c:\windows\system32\_00385 3_.tmp.dll
c:\windows\system32\_00385 4_.tmp.dll
c:\windows\system32\_00385 9_.tmp.dll
c:\windows\system32\_00386 1_.tmp.dll
c:\windows\system32\_00386 2_.tmp.dll
c:\windows\system32\bszip. dll
.
(((((((((((((((((((((((((( (((((((((( ((( Drivers/Services )))))))))))))))))))))))))) )))))))))) )))))))))) )))
.
-------\Legacy_ZESOFT
((((((((((((((((((((((((( Files Created from 2009-01-12 to 2009-02-12 )))))))))))))))))))))))))) )))))
.
2009-02-11 12:40 . 2009-02-11 12:40 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-11 09:44 . 2009-02-11 09:44 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-11 09:44 . 2009-02-11 09:44 <DIR> d-------- c:\documents and settings\Melissa Isbell\Application Data\Malwarebytes
2009-02-11 09:44 . 2009-02-11 09:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-11 09:44 . 2009-01-14 16:11 38,496 --a------ c:\windows\SYSTEM32\DRIVER S\mbamswis sarmy.sys
2009-02-11 09:44 . 2009-01-14 16:11 15,504 --a------ c:\windows\SYSTEM32\DRIVER S\mbam.sys
2009-02-04 20:16 . 2009-02-04 20:16 <DIR> d-------- c:\windows\SYSTEM32\script ing
2009-02-04 20:16 . 2009-02-04 20:16 <DIR> d-------- c:\windows\SYSTEM32\en
2009-02-04 20:16 . 2009-02-04 20:16 <DIR> d-------- c:\windows\SYSTEM32\bits
2009-02-04 20:16 . 2009-02-04 20:16 <DIR> d-------- c:\windows\l2schemas
2009-02-04 20:08 . 2009-02-04 20:17 <DIR> d-------- c:\windows\ServicePackFile s
.
(((((((((((((((((((((((((( (((((((((( (((( Find3M Report )))))))))))))))))))))))))) )))))))))) )))))))))) ))))))
.
2009-02-12 13:50 --------- d-----w c:\documents and settings\All Users\Application Data\iWin Games
2009-02-11 20:18 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-11 20:18 --------- d-----w c:\program files\Spyware Doctor
2009-02-05 04:06 --------- d-----w c:\program files\Sony Handheld
2009-01-15 12:42 --------- d-----w c:\program files\Common Files\AOL
2009-01-12 04:45 --------- d-----w c:\program files\Google
2009-01-09 06:13 --------- d-----w c:\program files\Prime Suspects
2008-12-25 19:02 --------- d-----w c:\program files\Bonjour
2008-12-25 19:00 --------- d-----w c:\program files\iTunes
2008-12-25 19:00 --------- d-----w c:\program files\iPod
2008-12-25 19:00 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A 64F_CA64CB 79BCF6}
2008-12-25 18:56 --------- d-----w c:\program files\QuickTime
2008-12-25 18:55 --------- d-----w c:\program files\Common Files\Apple
2008-12-25 18:48 --------- d-----w c:\program files\Safari
2008-12-24 21:15 --------- d-----w c:\program files\Oberon Media
2008-12-24 21:15 --------- d-----w c:\program files\iWin.com
2008-12-24 20:55 --------- d-----w c:\program files\Photo Viewer
2005-11-22 01:03 251 ------w c:\program files\wt3d.ini
.
(((((((((((((((((((((((((( (((((((((( ( Reg Loading Points )))))))))))))))))))))))))) )))))))))) )))))))))) ))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWAR E\Microsof t\Windows\ CurrentVer sion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.e xe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\s ystem32\ct fmon.exe" [2004-08-10 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe " [2008-04-13 1695232]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-02 401491]
"PhotoShow Deluxe Media Manager"="c:\progra~1\SIMP LE~1\PHOTO S~1\data\X tras\mssys mgr.exe" [2005-02-01 163840]
"swg"="c:\program files\Google\GoogleToolbar Notifier\G oogleToolb arNotifier .exe" [2007-07-18 68856]
"Aim6"="c:\program files\AIM6\aim6.exe" [2006-11-07 50736]
"DellSupportCenter"="c:\pr ogram files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
[HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Windows \CurrentVe rsion\Run]
"ehTray"="c:\windows\ehome \ehtray.ex e" [2004-08-10 59392]
"NvCplDaemon"="c:\windows\ system32\N vCpl.dll" [2004-11-11 4583424]
"SunJavaUpdateSched"="c:\p rogram files\Java\jre6\bin\jusche d.exe" [2008-12-06 136600]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS \Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS \DVDAudio\ CTDVDDET.E XE" [2003-06-18 45056]
"UpdReg"="c:\windows\UpdRe g.EXE" [2000-05-11 90112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\D VDLauncher .exe" [2004-10-12 57344]
"UpdateManager"="c:\progra m files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"MMTray"="c:\progra~1\MUSI CM~1\MUSIC M~3\mm_tra y.exe" [2006-01-17 135168]
"RealTray"="c:\program files\Real\RealPlayer\Real Play.exe" [2005-03-01 26112]
"dla"="c:\windows\system32 \dla\tfswc trl.exe" [2004-12-06 127035]
"WildTangent CDA"="c:\program files\WildTangent\Apps\CDA \GameDrvr. exe" [2005-03-28 28616]
"HostManager"="c:\program files\Common Files\AOL\1124317868\ee\AO LSoftware. exe" [2008-06-24 41824]
"VSOCheckTask"="c:\progra~ 1\McAfee.c om\VSO\mcm nhdlr.exe" [2005-07-08 151552]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvss hld.exe" [2005-08-10 163840]
"MCAgentExe"="c:\progra~1\ mcafee.com \agent\mca gent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1 \mcafee.co m\agent\Mc Update.exe " [2006-01-11 212992]
"OASClnt"="c:\program files\McAfee.com\VSO\oascl nt.exe" [2005-08-11 53248]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"mmtask"="c:\program files\Musicmatch\Musicmatc h Jukebox\mmtask.exe" [2006-01-17 53248]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsc a.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\pr ogram files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"AppleSyncNotifier"="c:\pr ogram files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotif ier.exe" [2008-09-03 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe " [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper. exe" [2008-11-20 290088]
"CTHelper"="CTHELPER.EXE" [2004-03-11 c:\windows\SYSTEM32\CTHELP ER.EXE]
"TrayComm"="TrayComm.exe" [2003-11-12 c:\windows\TrayComm.exe]
c:\documents and settings\Melissa Isbell\Start Menu\Programs\Startup\
AOL Desktop.lnk - c:\program files\Common Files\AOL\Launch\aollaunch .exe [2008-06-24 41824]
PowerReg Scheduler.exe [2006-09-13 256000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
HotSync Manager.lnk - c:\program files\Sony Handheld\Hotsync.exe [2004-06-09 471040]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QB Update\qbu pdate.exe [2004-11-11 806912]
Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe [2005-03-01 917611]
[HKEY_LOCAL_MACHINE\softwa re\microso ft\windows nt\currentversion\drivers3 2]
"MSACM.CEGSM"= mobilev.acm
[HKEY_LOCAL_MACHINE\softwa re\microso ft\securit y center\Monitoring\McAfeeAn tiVirus]
"DisableMonitoring"=dword: 00000001
[HKLM\~\services\sharedacc ess\parame ters\firew allpolicy\ standardpr ofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedacc ess\parame ters\firew allpolicy\ standardpr ofile\Auth orizedAppl ications\L ist]
"%windir%\\system32\\sessm gr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.e xe"=
"c:\\Program Files\\Pogo Games\\ShapeShifter\\Shape .exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolloa d.exe"=
"c:\\Program Files\\Common Files\\AOL\\1124317868\\ee \\aolservi cehost.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.e xe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.e xe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\Program Files\\Neoteris\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\WINDOWS\\SYSTEM32\\FX SCLNT.EXE" =
"%windir%\\Network Diagnostic\\xpnetdiag.exe" =
"c:\\Program Files\\Sony\\CONNECT Reader\\Data\\bin\\CONNECT Reader.exe"=
"c:\\Program Files\\AOL\\RC\\regclient. exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\ \aoltpsd3. exe"=
"c:\\Program Files\\Common Files\\AOL\\1124317868\\ee \\aolsoftw are.exe"=
"c:\\Program Files\\Common Files\\AOL\\1124317868\\ee \\aim6.exe "=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\1124317868\\ee \\AOLDeskt op.exe"=
"c:\\Program Files\\Sony Handheld\\Hotsync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe" =
"c:\\Program Files\\Bonjour\\mDNSRespon der.exe"=
R1 NEOFLTR_530_10641;Juniper Networks TDI Filter Driver (NEOFLTR_530_10641);c:\win dows\SYSTE M32\DRIVER S\NEOFLTR_ 530_10641. sys [2006-04-26 57063]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\Vie wpointServ ice.exe [2007-02-15 24652]
S3 SQTECH907B;EZCam(PID_907B_ 00);c:\win dows\SYSTE M32\DRIVER S\Capt907B .sys [2006-11-06 61643]
S4 PRISMSVC;PRISMSVC;c:\windo ws\SYSTEM3 2\PRISMSVC .exe [2005-03-01 57344]
[HKEY_CURRENT_USER\softwar e\microsof t\windows\ currentver sion\explo rer\mountp oints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-02-05 c:\windows\Tasks\AppleSoft wareUpdate .job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-02-12 c:\windows\Tasks\McAfee.co m Scan for Viruses - My Computer (STUDY-Melissa Isbell).job
- c:\program files\mcafee.com\vso\mcmnh dlr.exe [2005-07-08 18:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourc eid=ie7&rl s=com.micr osoft:en-U S&ie=utf8& oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resourc es\en-US\l ocal\searc h.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFIC E11\EXCEL. EXE/3000
TCP: {228BAC37-FA27-4DBF-A72F-0 50FA4B6AD9 1} = 4.2.2.2
TCP: {B5BC2E05-3FC0-440E-989A-A 953C1AE386 9} = 4.2.2.2
.
************************** ********** ********** ********** ********** ********
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-12 08:13:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************** ********** ********** ********** ********** ********
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\PRISMS VR.exe
c:\progra~1\COMMON~1\AOL\A CS\AOLacsd .exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev iceService .exe
c:\program files\Bonjour\mDNSResponde r.exe
c:\windows\SYSTEM32\CTSVCC DA.EXE
c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.ex e
c:\program files\McAfee.com\Agent\Mcd etect.exe
c:\progra~1\McAfee.com\VSO \McShield. exe
c:\progra~1\McAfee.com\Age nt\McTsksh d.exe
c:\progra~1\McAfee.com\VSO \oasclnt.e xe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\ Binn\sqlse rvr.exe
c:\program files\McAfee.com\Agent\mca gent.exe
c:\progra~1\McAfee.com\VSO \McVSEscn. exe
c:\windows\SYSTEM32\nvsvc3 2.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\SYSTEM32\wdfmgr .exe
c:\windows\wanmpsvc.exe
c:\program files\Common Files\AOL\Loader\aolload.e xe
c:\program files\AIM6\aolsoftware.exe
c:\program files\iPod\bin\iPodService .exe
c:\program files\Common Files\AOL\1124317868\ee\AO LDesktop.e xe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\SYSTEM32\wscntf y.exe
.
************************** ********** ********** ********** ********** ********
.
Completion time: 2009-02-12 8:25:33 - machine was rebooted
ComboFix-quarantined-files .txt 2009-02-12 14:25:23
Pre-Run: 81,591,631,872 bytes free
Post-Run: 82,376,384,512 bytes free
244 --- E O F --- 2009-02-05 03:12:31
-------------------------- ---------- ---------- ---------- ---------- ---
This is the most current hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 8:34:22 AM, on 2/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\system32\PRISMS VR.EXE
C:\PROGRA~1\COMMON~1\AOL\A CS\AOLacsd .exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev iceService .exe
C:\Program Files\Bonjour\mDNSResponde r.exe
C:\WINDOWS\system32\CTsvcC DA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.ex e
c:\program files\mcafee.com\agent\mcd etect.exe
c:\PROGRA~1\mcafee.com\vso \mcshield. exe
c:\PROGRA~1\mcafee.com\age nt\mctsksh d.exe
c:\PROGRA~1\mcafee.com\vso \OasClnt.e xe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\ Binn\sqlse rvr.exe
c:\program files\mcafee.com\vso\mcvss hld.exe
c:\program files\mcafee.com\agent\mca gent.exe
c:\progra~1\mcafee.com\vso \mcvsescn. exe
C:\WINDOWS\system32\nvsvc3 2.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchos t.exe
C:\Program Files\Viewpoint\Common\Vie wpointServ ice.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\ehome\ehtray.ex e
C:\Program Files\Java\jre6\bin\jusche d.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy2ZS \Surround Mixer\CTSysVol.exe
C:\Program Files\CyberLink\PowerDVD\D VDLauncher .exe
C:\PROGRA~1\MUSICM~1\MUSIC M~3\mm_tra y.exe
C:\Program Files\Real\RealPlayer\Real Play.exe
C:\WINDOWS\system32\dla\tf swctrl.exe
C:\WINDOWS\TrayComm.exe
C:\Program Files\WildTangent\Apps\CDA \GameDrvr. exe
C:\Program Files\Common Files\AOL\1124317868\ee\AO LSoftware. exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Musicmatch\Musicmatc h Jukebox\mmtask.exe
C:\Program Files\Common Files\AOL\Loader\aolload.e xe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper. exe
C:\Program Files\DellSupport\DSAgnt.e xe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\SIMPLE~1\PHOTO S~1\data\X tras\mssys mgr.exe
C:\Program Files\Google\GoogleToolbar Notifier\G oogleToolb arNotifier .exe
C:\Program Files\Sony Handheld\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\AOL\1124317868\ee\ao lsoftware. exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\Program Files\iPod\bin\iPodService .exe
C:\Program Files\Common Files\AOL\1124317868\ee\AO LDesktop.e xe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntf y.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThi s.exe
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Sear ch_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0 090271D4F8 8} - C:\Program Files\Yahoo!\Companion\Ins talls\cpn0 \yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7 695ECA0567 0} - C:\Program Files\Yahoo!\Companion\Ins talls\cpn0 \yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.d ll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4 E65E497C8C 0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-0 0123456789 0} - C:\WINDOWS\system32\dla\tf swshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D 4DAF1D92D4 3} - C:\Program Files\Java\jre6\bin\ssv.dl l
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8 EA1C75885F 9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C F10577473F 7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-C E66B5AD205 D} - C:\Program Files\Google\GoogleToolbar Notifier\5 .0.926.345 0\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-7 6C02E2E7C4 E} - C:\Program Files\Google\Google Toolbar\Component\fastsear ch_219B3E1 547538286. dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9 C25C1C588A 9} - C:\Program Files\Java\jre6\bin\jp2ssv .dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-E ABFE594F69 C} - C:\Program Files\Java\jre6\lib\deploy \jqs\ie\jq s_plugin.d ll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-8 6F7AC24508 1} - C:\Program Files\Yahoo!\Companion\Ins talls\cpn0 \YTSingleI nstance.dl l
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0 090271D4F8 8} - C:\Program Files\Yahoo!\Companion\Ins talls\cpn0 \yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-9 05236F6F65 5} - c:\progra~1\mcafee.com\vso \mcvsshl.d ll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-A A305ED9D92 2} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.ex e
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl. dll,NvStar tup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusche d.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS \Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS \DVDAudio\ CTDVDDET.E XE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\D VDLauncher .exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSIC M~3\mm_tra y.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\Real Play.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tf swctrl.exe
O4 - HKLM\..\Run: [TrayComm] TrayComm.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA \GameDrvr. exe" /startup "C:\Program Files\WildTangent\Apps\CDA \cdaEngine 0500.dll"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124317868\ee\AO LSoftware. exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VS O\mcmnhdlr .exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvss hld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\age nt\mcagent .exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\age nt\McUpdat e.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oascl nt.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatc h Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsc a.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotif ier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe " -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper. exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.e xe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon .exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe " /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTO S~1\data\X tras\mssys mgr.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbar Notifier\G oogleToolb arNotifier .exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch .exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QB Update\qbu pdate.exe
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resourc es\en-US\l ocal\searc h.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2 \OFFICE11\ EXCEL.EXE/ 3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-0 0C04FAE2D4 F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-0 0C04FAE2D4 F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-0 0C04FAE2D4 F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3 C9C571A826 3} - C:\PROGRA~1\MICROS~2\OFFIC E11\REFIEB AR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-0 0B0D0A1DE4 5} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0 0C0F0318AF E} - C:\WINDOWS\system32\Shdocv w.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11260943-421B-11D0-8EAC-0 000C07D88C F} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {149E45D8-163E-4189-86FC-4 5022AB2B6C 9} (SpinTop DRM Control) - file:///C:/Program%20Files /Mystery%2 0P.I.%20-% 20The%20Lo ttery%20Ti cket/Image s/stg_drm. ocx
O16 - DPF: {17492023-C23A-453E-A040-C 7C580BBF70 0} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {30528230-99f7-4bb4-88d8-f a1d4f56a2a b} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsth elper.dll
O16 - DPF: {406B5949-7190-4245-91A9-3 0A17DE16AD 0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A 1A3B6FB3E0 6} (NeoterisSetup Control) - https://swtmsanneo01.san.medcity.net/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6 A1E6D7663F 6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-0 0805F499D9 3} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1228615317795&h=c82b532491da7decdd61b049d2e5808b/&filename=jinstall-6u11-windows-i586-jc.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-3 6F43A218F4 A} (Microsoft RDP Client Control (redist)) - http://mhmhclstr01.hca.corpad.net/msrdp.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D 8ABCA09EC0 9} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B49C4597-8721-4789-9250-3 15DFBD9F52 5} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C 9B96837910 5} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1 F2DBAC87A5 4} (ArmHelper Control) - file:///C:/Program%20Files /Mystery%2 0P.I.%20-% 20The%20Lo ttery%20Ti cket/Image s/armhelpe r.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4 4455354000 0} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-1 90EE4A9C7F 7} (SproutLauncherCtrl Class) - http://www.arcadetown.com/feedingfrenzy/SproutLauncher.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9 B663A28DFC B} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O17 - HKLM\System\CCS\Services\T cpip\..\{2 28BAC37-FA 27-4DBF-A7 2F-050FA4B 6AD91}: NameServer = 4.2.2.2
O17 - HKLM\System\CCS\Services\T cpip\..\{B 5BC2E05-3F C0-440E-98 9A-A953C1A E3869}: NameServer = 4.2.2.2
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dims ntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLog on.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\A CS\AOLacsd .exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev iceService .exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponde r.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcC DA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc. exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterServi ce.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver \1150\Inte l 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService .exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.ex e" -service -config "C:\Program Files\Java\jre6\lib\deploy \jqs\jqs.c onf (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcd etect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso \mcshield. exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\age nt\mctsksh d.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Age nt\mcupdmg r.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc3 2.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm 12.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperS ervice.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter ) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
You have McAfee and AVG installed there?
I uninstalled AVG.
Did you install of know these running processes?
F:\avg_free_stf_en_8_234a1
C:\DOCUME~1\MELISS~1\LOCAL
Not sure if they were installed when AVG was installed.
There are a lot of unnecessary entries in your startup and undesirable programs like Viewpoint, WildTangent, iWinGames etc. one of these programs could be causing it.
I'd fix these entries below for a start.
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\Deskto
O16 - DPF: {A7EA8AD2-287F-11D3-B120-0
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.e
I did not see these in logs after I ran Combofix, I removed Viewpoint O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\Vie
See Hijackthis log below. I appreciate all your help.
This is when I try to ping www.google.com
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Melissa Isbell>ping 4.2.2.2
Pinging 4.2.2.2 with 32 bytes of data:
Reply from 4.2.2.2: bytes=32 time=98ms TTL=55
Reply from 4.2.2.2: bytes=32 time=19ms TTL=55
Reply from 4.2.2.2: bytes=32 time=36ms TTL=55
Reply from 4.2.2.2: bytes=32 time=97ms TTL=55
Ping statistics for 4.2.2.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 98ms, Average = 62ms
C:\Documents and Settings\Melissa Isbell>ping www.google.com
Ping request could not find host www.google.com. Please check the name and tr
gain.
C:\Documents and Settings\Melissa Isbell>nslookup www.google.com
Server: vnsc-bak.sys.gtei.net
Address: 4.2.2.2
Non-authoritative answer:
Name: www.l.google.com
Addresses: 74.125.19.147, 74.125.19.99, 74.125.19.103, 74.125.19.104
Aliases: www.google.com
This is the ComboFix Report.
ComboFix 09-02-11.03 - Melissa Isbell 2009-02-12 8:06:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.
Running from: c:\documents and settings\Melissa Isbell\Desktop\ComboFix.ex
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((
.
c:\windows\system32\_00380
c:\windows\system32\_00380
c:\windows\system32\_00380
c:\windows\system32\_00380
c:\windows\system32\_00381
c:\windows\system32\_00381
c:\windows\system32\_00381
c:\windows\system32\_00381
c:\windows\system32\_00381
c:\windows\system32\_00381
c:\windows\system32\_00382
c:\windows\system32\_00382
c:\windows\system32\_00382
c:\windows\system32\_00382
c:\windows\system32\_00382
c:\windows\system32\_00382
c:\windows\system32\_00382
c:\windows\system32\_00383
c:\windows\system32\_00383
c:\windows\system32\_00383
c:\windows\system32\_00383
c:\windows\system32\_00383
c:\windows\system32\_00384
c:\windows\system32\_00384
c:\windows\system32\_00384
c:\windows\system32\_00384
c:\windows\system32\_00384
c:\windows\system32\_00384
c:\windows\system32\_00385
c:\windows\system32\_00385
c:\windows\system32\_00385
c:\windows\system32\_00385
c:\windows\system32\_00385
c:\windows\system32\_00385
c:\windows\system32\_00386
c:\windows\system32\_00386
c:\windows\system32\bszip.
.
((((((((((((((((((((((((((
.
-------\Legacy_ZESOFT
((((((((((((((((((((((((( Files Created from 2009-01-12 to 2009-02-12 ))))))))))))))))))))))))))
.
2009-02-11 12:40 . 2009-02-11 12:40 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-11 09:44 . 2009-02-11 09:44 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-11 09:44 . 2009-02-11 09:44 <DIR> d-------- c:\documents and settings\Melissa Isbell\Application Data\Malwarebytes
2009-02-11 09:44 . 2009-02-11 09:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-11 09:44 . 2009-01-14 16:11 38,496 --a------ c:\windows\SYSTEM32\DRIVER
2009-02-11 09:44 . 2009-01-14 16:11 15,504 --a------ c:\windows\SYSTEM32\DRIVER
2009-02-04 20:16 . 2009-02-04 20:16 <DIR> d-------- c:\windows\SYSTEM32\script
2009-02-04 20:16 . 2009-02-04 20:16 <DIR> d-------- c:\windows\SYSTEM32\en
2009-02-04 20:16 . 2009-02-04 20:16 <DIR> d-------- c:\windows\SYSTEM32\bits
2009-02-04 20:16 . 2009-02-04 20:16 <DIR> d-------- c:\windows\l2schemas
2009-02-04 20:08 . 2009-02-04 20:17 <DIR> d-------- c:\windows\ServicePackFile
.
((((((((((((((((((((((((((
.
2009-02-12 13:50 --------- d-----w c:\documents and settings\All Users\Application Data\iWin Games
2009-02-11 20:18 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-11 20:18 --------- d-----w c:\program files\Spyware Doctor
2009-02-05 04:06 --------- d-----w c:\program files\Sony Handheld
2009-01-15 12:42 --------- d-----w c:\program files\Common Files\AOL
2009-01-12 04:45 --------- d-----w c:\program files\Google
2009-01-09 06:13 --------- d-----w c:\program files\Prime Suspects
2008-12-25 19:02 --------- d-----w c:\program files\Bonjour
2008-12-25 19:00 --------- d-----w c:\program files\iTunes
2008-12-25 19:00 --------- d-----w c:\program files\iPod
2008-12-25 19:00 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A
2008-12-25 18:56 --------- d-----w c:\program files\QuickTime
2008-12-25 18:55 --------- d-----w c:\program files\Common Files\Apple
2008-12-25 18:48 --------- d-----w c:\program files\Safari
2008-12-24 21:15 --------- d-----w c:\program files\Oberon Media
2008-12-24 21:15 --------- d-----w c:\program files\iWin.com
2008-12-24 20:55 --------- d-----w c:\program files\Photo Viewer
2005-11-22 01:03 251 ------w c:\program files\wt3d.ini
.
((((((((((((((((((((((((((
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWAR
"DellSupport"="c:\program files\DellSupport\DSAgnt.e
"ctfmon.exe"="c:\windows\s
"MSMSGS"="c:\program files\Messenger\msmsgs.exe
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-02 401491]
"PhotoShow Deluxe Media Manager"="c:\progra~1\SIMP
"swg"="c:\program files\Google\GoogleToolbar
"Aim6"="c:\program files\AIM6\aim6.exe" [2006-11-07 50736]
"DellSupportCenter"="c:\pr
[HKEY_LOCAL_MACHINE\SOFTWA
"ehTray"="c:\windows\ehome
"NvCplDaemon"="c:\windows\
"SunJavaUpdateSched"="c:\p
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS
"UpdReg"="c:\windows\UpdRe
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\D
"UpdateManager"="c:\progra
"MMTray"="c:\progra~1\MUSI
"RealTray"="c:\program files\Real\RealPlayer\Real
"dla"="c:\windows\system32
"WildTangent CDA"="c:\program files\WildTangent\Apps\CDA
"HostManager"="c:\program files\Common Files\AOL\1124317868\ee\AO
"VSOCheckTask"="c:\progra~
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvss
"MCAgentExe"="c:\progra~1\
"MCUpdateExe"="c:\progra~1
"OASClnt"="c:\program files\McAfee.com\VSO\oascl
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe"
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"mmtask"="c:\program files\Musicmatch\Musicmatc
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsc
"DellSupportCenter"="c:\pr
"AppleSyncNotifier"="c:\pr
"QuickTime Task"="c:\program files\QuickTime\qttask.exe
"iTunesHelper"="c:\program
"CTHelper"="CTHELPER.EXE" [2004-03-11 c:\windows\SYSTEM32\CTHELP
"TrayComm"="TrayComm.exe" [2003-11-12 c:\windows\TrayComm.exe]
c:\documents and settings\Melissa Isbell\Start Menu\Programs\Startup\
AOL Desktop.lnk - c:\program files\Common Files\AOL\Launch\aollaunch
PowerReg Scheduler.exe [2006-09-13 256000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
HotSync Manager.lnk - c:\program files\Sony Handheld\Hotsync.exe [2004-06-09 471040]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QB
Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe [2005-03-01 917611]
[HKEY_LOCAL_MACHINE\softwa
"MSACM.CEGSM"= mobilev.acm
[HKEY_LOCAL_MACHINE\softwa
"DisableMonitoring"=dword:
[HKLM\~\services\sharedacc
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedacc
"%windir%\\system32\\sessm
"c:\\Program Files\\Messenger\\msmsgs.e
"c:\\Program Files\\Pogo Games\\ShapeShifter\\Shape
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolloa
"c:\\Program Files\\Common Files\\AOL\\1124317868\\ee
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.e
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.e
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\Program Files\\Neoteris\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\WINDOWS\\SYSTEM32\\FX
"%windir%\\Network Diagnostic\\xpnetdiag.exe"
"c:\\Program Files\\Sony\\CONNECT Reader\\Data\\bin\\CONNECT
"c:\\Program Files\\AOL\\RC\\regclient.
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\
"c:\\Program Files\\Common Files\\AOL\\1124317868\\ee
"c:\\Program Files\\Common Files\\AOL\\1124317868\\ee
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\1124317868\\ee
"c:\\Program Files\\Sony Handheld\\Hotsync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"
"c:\\Program Files\\Bonjour\\mDNSRespon
R1 NEOFLTR_530_10641;Juniper Networks TDI Filter Driver (NEOFLTR_530_10641);c:\win
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\Vie
S3 SQTECH907B;EZCam(PID_907B_
S4 PRISMSVC;PRISMSVC;c:\windo
[HKEY_CURRENT_USER\softwar
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-02-05 c:\windows\Tasks\AppleSoft
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-02-12 c:\windows\Tasks\McAfee.co
- c:\program files\mcafee.com\vso\mcmnh
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourc
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resourc
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFIC
TCP: {228BAC37-FA27-4DBF-A72F-0
TCP: {B5BC2E05-3FC0-440E-989A-A
.
**************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-12 08:13:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\PRISMS
c:\progra~1\COMMON~1\AOL\A
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev
c:\program files\Bonjour\mDNSResponde
c:\windows\SYSTEM32\CTSVCC
c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.ex
c:\program files\McAfee.com\Agent\Mcd
c:\progra~1\McAfee.com\VSO
c:\progra~1\McAfee.com\Age
c:\progra~1\McAfee.com\VSO
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\
c:\program files\McAfee.com\Agent\mca
c:\progra~1\McAfee.com\VSO
c:\windows\SYSTEM32\nvsvc3
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\SYSTEM32\wdfmgr
c:\windows\wanmpsvc.exe
c:\program files\Common Files\AOL\Loader\aolload.e
c:\program files\AIM6\aolsoftware.exe
c:\program files\iPod\bin\iPodService
c:\program files\Common Files\AOL\1124317868\ee\AO
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\SYSTEM32\wscntf
.
**************************
.
Completion time: 2009-02-12 8:25:33 - machine was rebooted
ComboFix-quarantined-files
Pre-Run: 81,591,631,872 bytes free
Post-Run: 82,376,384,512 bytes free
244 --- E O F --- 2009-02-05 03:12:31
--------------------------
This is the most current hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 8:34:22 AM, on 2/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\system32\PRISMS
C:\PROGRA~1\COMMON~1\AOL\A
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev
C:\Program Files\Bonjour\mDNSResponde
C:\WINDOWS\system32\CTsvcC
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.ex
c:\program files\mcafee.com\agent\mcd
c:\PROGRA~1\mcafee.com\vso
c:\PROGRA~1\mcafee.com\age
c:\PROGRA~1\mcafee.com\vso
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\
c:\program files\mcafee.com\vso\mcvss
c:\program files\mcafee.com\agent\mca
c:\progra~1\mcafee.com\vso
C:\WINDOWS\system32\nvsvc3
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchos
C:\Program Files\Viewpoint\Common\Vie
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\ehome\ehtray.ex
C:\Program Files\Java\jre6\bin\jusche
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy2ZS
C:\Program Files\CyberLink\PowerDVD\D
C:\PROGRA~1\MUSICM~1\MUSIC
C:\Program Files\Real\RealPlayer\Real
C:\WINDOWS\system32\dla\tf
C:\WINDOWS\TrayComm.exe
C:\Program Files\WildTangent\Apps\CDA
C:\Program Files\Common Files\AOL\1124317868\ee\AO
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Musicmatch\Musicmatc
C:\Program Files\Common Files\AOL\Loader\aolload.e
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.
C:\Program Files\DellSupport\DSAgnt.e
C:\WINDOWS\system32\ctfmon
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\SIMPLE~1\PHOTO
C:\Program Files\Google\GoogleToolbar
C:\Program Files\Sony Handheld\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\AOL\1124317868\ee\ao
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\Program Files\iPod\bin\iPodService
C:\Program Files\Common Files\AOL\1124317868\ee\AO
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntf
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThi
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-0
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-C
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-7
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-E
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-8
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-9
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-A
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.ex
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusche
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\D
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSIC
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\Real
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tf
O4 - HKLM\..\Run: [TrayComm] TrayComm.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124317868\ee\AO
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VS
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvss
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\age
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\age
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oascl
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatc
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsc
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotif
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.e
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTO
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbar
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QB
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resourc
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-0
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-0
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-0
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-0
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11260943-421B-11D0-8EAC-0
O16 - DPF: {149E45D8-163E-4189-86FC-4
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {30528230-99f7-4bb4-88d8-f
O16 - DPF: {406B5949-7190-4245-91A9-3
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A
O16 - DPF: {77E32299-629F-43C6-AB77-6
O16 - DPF: {8AD9C840-044E-11D1-B3E9-0
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-3
O16 - DPF: {AB86CE53-AC9F-449F-9399-D
O16 - DPF: {B49C4597-8721-4789-9250-3
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C
O16 - DPF: {CC450D71-CC90-424C-8638-1
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {D54160C3-DB7B-4534-9B65-1
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CCS\Services\T
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dims
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLog
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\A
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponde
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcC
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.ex
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcd
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\age
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Age
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc3
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperS
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
ASKER
Below is a winsock log report, not sure if this helps.
Last diagnostic run time: 02/12/09 09:04:00 WinSock Diagnostic
WinSock status
info Error attmpting to validate the Winsock base providers: 2
error Not all base service provider entries could be found in the winsock catalog. A reset is needed.
info Redirecting user to support call
Network Adapter Diagnostic
Network location detection
info Using home Internet connection
Network adapter identification
info Network connection: Name=Local Area Connection, Device=Broadcom NetXtreme 57xx Gigabit Controller, MediaType=LAN, SubMediaType=LAN
info Network connection: Name=1394 Connection, Device=1394 Net Adapter, MediaType=LAN, SubMediaType=1394
info Network connection: Name=America Online, Device=Intel(R) 537EP V9x DF PCI Modem, MediaType=PHONE, SubMediaType=NONE
info Ethernet connection selected
Network adapter status
info Network connection status: Connected
HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity
warn HTTP: Error 12007 connecting to www.microsoft.com: The server name or address could not be resolved
warn HTTPS: Error 12007 connecting to www.microsoft.com: The server name or address could not be resolved
warn FTP (Passive): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
warn HTTP: Error 12007 connecting to www.hotmail.com: The server name or address could not be resolved
warn FTP (Active): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
warn HTTPS: Error 12007 connecting to www.passport.net: The server name or address could not be resolved
error Could not make an HTTP connection.
error Could not make an HTTPS connection.
error Could not make an FTP connection.
Last diagnostic run time: 02/12/09 09:04:00 WinSock Diagnostic
WinSock status
info Error attmpting to validate the Winsock base providers: 2
error Not all base service provider entries could be found in the winsock catalog. A reset is needed.
info Redirecting user to support call
Network Adapter Diagnostic
Network location detection
info Using home Internet connection
Network adapter identification
info Network connection: Name=Local Area Connection, Device=Broadcom NetXtreme 57xx Gigabit Controller, MediaType=LAN, SubMediaType=LAN
info Network connection: Name=1394 Connection, Device=1394 Net Adapter, MediaType=LAN, SubMediaType=1394
info Network connection: Name=America Online, Device=Intel(R) 537EP V9x DF PCI Modem, MediaType=PHONE, SubMediaType=NONE
info Ethernet connection selected
Network adapter status
info Network connection status: Connected
HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity
warn HTTP: Error 12007 connecting to www.microsoft.com: The server name or address could not be resolved
warn HTTPS: Error 12007 connecting to www.microsoft.com: The server name or address could not be resolved
warn FTP (Passive): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
warn HTTP: Error 12007 connecting to www.hotmail.com: The server name or address could not be resolved
warn FTP (Active): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
warn HTTPS: Error 12007 connecting to www.passport.net: The server name or address could not be resolved
error Could not make an HTTP connection.
error Could not make an HTTPS connection.
error Could not make an FTP connection.
First of all, I would remove WildTangent from your Add/Remove Programs as that can cause a lot of problems.
Based on your Hijackthis log, you can safely remove the following (The 04 WildTangent entry should disappear if you remove that program):
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4 E65E497C8C 0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O4 - HKLM\..\Run: [TrayComm] TrayComm.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA \GameDrvr. exe" /startup "C:\Program Files\WildTangent\Apps\CDA \cdaEngine 0500.dll"
O4 - Startup: PowerReg Scheduler.exe
O17 - HKLM\System\CCS\Services\T cpip\..\{2 28BAC37-FA 27-4DBF-A7 2F-050FA4B 6AD91}: NameServer = 4.2.2.2
O17 - HKLM\System\CCS\Services\T cpip\..\{B 5BC2E05-3F C0-440E-98 9A-A953C1A E3869}: NameServer = 4.2.2.2
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dims ntfy.dll (file missing)
These entries are questionable ActiveX objects. If you don't recognize these items, then it is safe to delete them.
O16 - DPF: {149E45D8-163E-4189-86FC-4 5022AB2B6C 9} (SpinTop DRM Control) - file:///C:/Program%20Files /Mystery%2 0P.I.%20-% 20The%20Lo ttery%20Ti cket/Image s/st g_drm.ocx
Unknown
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A 1A3B6FB3E0 6} (NeoterisSetup Control) - https://swtmsanneo01.san.medcity.net/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C 9B96837910 5} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1 F2DBAC87A5 4} (ArmHelper Control) - file:///C:/Program%20Files /Mystery%2 0P.I.%20-% 20The%20Lo ttery%20Ti cket/Image s/ar mhelper.ocx
O16 - DPF: {D54160C3-DB7B-4534-9B65-1 90EE4A9C7F 7} (SproutLauncherCtrl Class) - http://www.arcadetown.com/feedingfrenzy/SproutLauncher.cab
rpggamergirl may find some other nasties, so wait for her next post to see what else might need fixing.
TK
Based on your Hijackthis log, you can safely remove the following (The 04 WildTangent entry should disappear if you remove that program):
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4
O4 - HKLM\..\Run: [TrayComm] TrayComm.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA
O4 - Startup: PowerReg Scheduler.exe
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CCS\Services\T
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dims
These entries are questionable ActiveX objects. If you don't recognize these items, then it is safe to delete them.
O16 - DPF: {149E45D8-163E-4189-86FC-4
Unknown
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C
O16 - DPF: {CC450D71-CC90-424C-8638-1
O16 - DPF: {D54160C3-DB7B-4534-9B65-1
rpggamergirl may find some other nasties, so wait for her next post to see what else might need fixing.
TK
Please follow what TK had advise.
You have so many of those 016 entries(legit or not they are safe to fix) you can can fix them all if you wish, they all load when IE is open.
Which programs have you uninstalled besides AVG?
Are you uninstalling Wildtangent, Iwin Games, Viewpoint?
Let us know so we can also remove their relevant entries, they are still very much running there.
Have you also tried setting in IE > Internet Options > connections > LAN Settings
and checkmark the box "Automatically Detect Settings"
You have so many of those 016 entries(legit or not they are safe to fix) you can can fix them all if you wish, they all load when IE is open.
Which programs have you uninstalled besides AVG?
Are you uninstalling Wildtangent, Iwin Games, Viewpoint?
Let us know so we can also remove their relevant entries, they are still very much running there.
Have you also tried setting in IE > Internet Options > connections > LAN Settings
and checkmark the box "Automatically Detect Settings"
ASKER
Yes I have checked IE Lan settings, I've also tried installing firefox and no luck. i've swaped nic cards and no luck. I've uninstalled all that has been recommended except 016. I'll be sure to try fixing those entries. Any other entrys I should fix? I appreciate your help.
ASKER
I have done all that was recommended and I still get same issue with DNS. Any other suggestions.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
One last thing:
If this is a fixed IP, make sure your default gateway is the IP to your router or gateway, not some bogus IP.
If this is a fixed IP, make sure your default gateway is the IP to your router or gateway, not some bogus IP.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I would uninstall one of the antivirus for sure.