1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

what to do about trojan virus divxinstaller.exe generic L13 ?

Discussion in 'Virus & Other Malware Removal' started by principessa, Mar 28, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. principessa

    principessa Thread Starter

    Joined:
    Feb 18, 2003
    Messages:
    262
    my computer has seemed as though it's being controlled by something and i noticed the connectivity icon down by my system clock shows two internet connections (where there used to be only one. ...one is "network 2, access: local and internet and it is a "private" network, the 2nd is "the internet (1) and a variable number ...at first i noticed it was 40, then 41, etc. now it is 43; access on this one is: local and internet and it is a public network) ...i scanned with AVG and it revealed i have a trojan virus (comprising of 3 files - divxinstaller.exe ; and two others with characters in the strings that, i'm not sure are lowercase L's or capital i's, they are: divxinstaller.exe:\$[i or L]\y_toolbar.exe ; divxinstaller.exe:\$[i or L]\y_toolbar.exe:\$[i or L]K).

    when attempting to clean the infection, AVG says something about the size of something being larger than the log file (?) and it does nothing... i don't know if that is a trick of the virus or, AVG wants to backup before making changes and can't do so for some reason.
    i have run AVAST, AVIRA, TREND HOUSE CALL - avast and avira do not pick up anything, trend turns up *4* (instead of 3) "vulnerabilities" that i am not sure if they are related or something else entirely. the only details available about the threats are: MS07-023, MS07-025, MS07-036, MS07-042 ...on repeat, AVG still says i have the virus .:eek:

    do you think this is real bad? if you think there's any program that can help me, i'm willing to spend whatever on it... thank you all for your benevolence in always helping me...
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    110,622
    Please post your HijackThis log.
     
  3. principessa

    principessa Thread Starter

    Joined:
    Feb 18, 2003
    Messages:
    262
    above all else, i need to say ...thank you more than i can express, for paying attention to me, and graciously offering to look at my hjt log~

    i want to mention i have edited my original post/description of problem & details so hopefully it might be easier to understand and, a bit more helpful...

    here's the hjt log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:35:30 PM, on 3/28/2009
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16809)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Real\RealPlayer\realplay.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Common Files\AOL\1212288179\ee\aolsoftware.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\AOL 9.0\waol.exe
    C:\Program Files\AOL 9.0\shellmon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=61008
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clearspring.com/widgets/...v=videoPid=eTJD8WwKdrEaBGcpA6qHqAZO9%5FXcbbmu
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SearchPerks! Perk Counter - {2787EA8E-8D87-48af-88AD-B30246C917AB} - C:\Program Files\SearchPerks! Perk Counter\Bmbho.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: SearchPerks! Perk Counter - {2787EA8E-8D87-48af-88AD-B30246C917AB} - C:\Program Files\SearchPerks! Perk Counter\Bmbho.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1212288179\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll
    O13 - Gopher Prefix:
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 10740 bytes
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    110,622
    First of all, you should not have more than one anti-virus program installed as they will conflict and cause problems. You have three so you need to uninstall two of them. Of the three, I would recommend keeping Avast or Avira.

    Please download Malwarebytes Anti-Malware form Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply along with a new HijackThis log please.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
    Also, if you receive an (Error Loading) error on reboot please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it returns on future reboots.
     
  5. principessa

    principessa Thread Starter

    Joined:
    Feb 18, 2003
    Messages:
    262
    check! but i want to follow your instructions the right way so i wanted to ask, would it be okay if i do a full scan, too - just take longer? if you don't think so i'll just do the quick scan, no problem! ...THANK YOU COOKIE GAL! NOBODY ELSE on other forums has helped me!
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    110,622
    Sure, you can go ahead and do a full scan. :)
     
  7. principessa

    principessa Thread Starter

    Joined:
    Feb 18, 2003
    Messages:
    262
    miss cookie gal, the malwarebytes (w/ the most recent update and all) didn't detect the trojan :( ...here are the logs for it and, post uninstalling avast and avg, hjt... and now, post uninstalling those, hjt did do the scan anyway but popped up an error message saying it couldn't access something - and i'm hoping that wasn't because, without the avast & avg, the virus has taken deeper hold...?

    here goes... *deep breath*

    malwarebytes:

    Malwarebytes' Anti-Malware 1.35
    Database version: 1916
    Windows 6.0.6000

    3/29/2009 3:50:57 PM
    mbam-log-2009-03-29 (15-50-57).txt

    Scan type: Quick Scan
    Objects scanned: 64946
    Time elapsed: 6 minute(s), 0 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    hjt:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:35:30 PM, on 3/28/2009
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16809)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Real\RealPlayer\realplay.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Common Files\AOL\1212288179\ee\aolsoftware.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\AOL 9.0\waol.exe
    C:\Program Files\AOL 9.0\shellmon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=61008
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clearspring.com/widgets/...v=videoPid=eTJD8WwKdrEaBGcpA6qHqAZO9%5FXcbbmu
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SearchPerks! Perk Counter - {2787EA8E-8D87-48af-88AD-B30246C917AB} - C:\Program Files\SearchPerks! Perk Counter\Bmbho.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: SearchPerks! Perk Counter - {2787EA8E-8D87-48af-88AD-B30246C917AB} - C:\Program Files\SearchPerks! Perk Counter\Bmbho.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1212288179\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll
    O13 - Gopher Prefix:
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 10740 bytes
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    110,622
    Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

    The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.

    Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
     
  9. principessa

    principessa Thread Starter

    Joined:
    Feb 18, 2003
    Messages:
    262
    here're the logs!

    combofix:

    ComboFix 09-03-29.02 - kathy 2009-03-29 18:46:55.1 - NTFSx86
    Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.2037.1062 [GMT -4:00]
    Running from: c:\users\kathy\Desktop\Combo-Fix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated)
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-29 )))))))))))))))))))))))))))))))
    .

    2009-03-29 12:41 . 2009-03-29 12:41 <DIR> d-------- c:\users\kathy\AppData\Roaming\Malwarebytes
    2009-03-29 12:41 . 2009-03-29 12:41 <DIR> d-------- c:\users\All Users\Malwarebytes
    2009-03-29 12:41 . 2009-03-29 12:41 <DIR> d-------- c:\programdata\Malwarebytes
    2009-03-29 12:41 . 2009-03-29 12:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-03-29 12:41 . 2009-03-26 16:49 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
    2009-03-29 12:41 . 2009-03-26 16:49 15,504 --a------ c:\windows\System32\drivers\mbam.sys
    2009-03-28 23:34 . 2009-03-28 23:34 <DIR> d-------- c:\program files\Trend Micro
    2009-03-28 13:19 . 2009-02-08 21:59 2,028,032 --a------ c:\windows\System32\win32k.sys
    2009-03-28 13:15 . 2008-12-15 23:49 8,147,968 --a------ c:\windows\System32\wmploc.DLL
    2009-03-28 13:15 . 2008-11-27 00:42 269,824 --a------ c:\windows\System32\schannel.dll
    2009-03-28 13:15 . 2008-12-16 01:36 7,680 --a------ c:\windows\System32\spwmp.dll
    2009-03-28 13:15 . 2008-12-16 01:37 4,096 --a------ c:\windows\System32\msdxm.ocx
    2009-03-28 13:15 . 2008-12-16 01:37 4,096 --a------ c:\windows\System32\dxmasf.dll
    2009-03-28 09:24 . 2007-12-24 17:37 138,384 --a------ c:\windows\System32\drivers\tmcomm.sys
    2009-03-28 09:23 . 2009-03-28 12:50 <DIR> d-------- c:\users\kathy\AppData\Roaming\HouseCall 6.6
    2009-03-28 09:22 . 2009-03-28 09:22 <DIR> d-------- c:\windows\Sun
    2009-03-28 00:37 . 2009-03-28 00:37 <DIR> d-------- c:\program files\Alwil Software
    2009-03-27 20:14 . 2009-03-27 20:14 <DIR> d-------- c:\users\All Users\Avira
    2009-03-27 20:14 . 2009-03-27 20:14 <DIR> d-------- c:\programdata\Avira
    2009-03-27 20:14 . 2009-03-27 20:14 <DIR> d-------- c:\program files\Avira
    2009-03-27 20:14 . 2009-02-13 11:31 55,640 --a------ c:\windows\System32\drivers\avgntflt.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-29 19:43 --------- d-----w c:\programdata\avg8
    2009-03-28 19:03 --------- d-----w c:\program files\Windows Mail
    2009-03-28 18:56 --------- d-----w c:\programdata\Microsoft Help
    2009-03-14 09:48 --------- d-----w c:\program files\America Online 8.0
    2009-02-26 05:11 --------- d-----w c:\program files\Java
    2009-02-25 18:28 410,984 ----a-w c:\windows\System32\deploytk.dll
    2009-01-15 04:16 826,368 ----a-w c:\windows\System32\wininet.dll
    2009-01-15 04:16 56,320 ----a-w c:\windows\System32\iesetup.dll
    2009-01-15 04:16 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
    2009-01-15 04:15 26,624 ----a-w c:\windows\System32\ieUnatt.exe
    2009-01-01 19:31 174 --sha-w c:\program files\desktop.ini
    2008-08-14 16:27 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-08-14 16:27 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-08-14 16:27 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2787EA8E-8D87-48af-88AD-B30246C917AB}]
    2008-11-05 10:49 514424 --a------ c:\program files\SearchPerks! Perk Counter\Bmbho.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{2787EA8E-8D87-48af-88AD-B30246C917AB}"= "c:\program files\SearchPerks! Perk Counter\Bmbho.dll" [2008-11-05 514424]

    [HKEY_CLASSES_ROOT\clsid\{2787ea8e-8d87-48af-88ad-b30246c917ab}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{2787EA8E-8D87-48AF-88AD-B30246C917AB}"= "c:\program files\SearchPerks! Perk Counter\Bmbho.dll" [2008-11-05 514424]

    [HKEY_CLASSES_ROOT\clsid\{2787ea8e-8d87-48af-88ad-b30246c917ab}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
    "AOL Fast Start"="c:\program files\AOL 9.0\AOL.EXE" [2006-11-10 50736]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-14 137752]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-14 154136]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-14 133656]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
    "HostManager"="c:\program files\Common Files\AOL\1212288179\ee\AOLSoftware.exe" [2006-09-25 50736]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2008-09-18 26112]
    "IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    c:\users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    America Online 8.0 Tray Icon.lnk - c:\program files\America Online 8.0\aoltray.exe [2008-09-18 36940]
    AOL Companion.lnk - c:\program files\AOL Companion\companion.exe [2008-09-18 221258]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-01-21 50688]
    QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-09-07 1180952]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-01-05 14:12 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.divxa32"= divxa32.acm

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{20B11F2A-7E75-4182-BDDD-7C69ED73A168}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{C5A30F85-91CF-4B13-964F-80E7554CB257}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{6A3C0FDB-FBF5-44D3-9F20-35516335518E}"= UDP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
    "{BD434CFE-BAEE-4B49-BCEB-CDC43C2D9F77}"= TCP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
    "{472B90FF-BF27-4542-98FF-CC7ED850E6CC}"= UDP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
    "{11E78CEE-ED5B-4396-8E90-CBA0D33F22B1}"= TCP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
    "{8A15ACBC-DB17-491E-AB05-7ECB789C067A}"= UDP:c:\program files\AOL 9.0\waol.exe:AOL
    "{CBAD864A-B944-447D-9581-C2ACA6BC2BA1}"= TCP:c:\program files\AOL 9.0\waol.exe:AOL
    "{ADE67F7A-71FF-4B2A-AA28-DF818B72824E}"= UDP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
    "{62E02733-F304-4EC1-B985-10670514E982}"= TCP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
    "{BC822664-756F-46DC-B64E-BFFAC1842173}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{8E6C7E99-F422-43EC-A413-E364A08B28C1}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{8D217D2D-181C-448F-A9E7-E88FDC822800}"= UDP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL System Information
    "{B887D65F-40A6-4B54-AE19-669E36633CF0}"= TCP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL System Information
    "TCP Query User{C54D7B01-8C10-442A-9480-75317D1387C1}c:\\program files\\aol 9.0\\waol.exe"= UDP:c:\program files\aol 9.0\waol.exe:AOL Software
    "UDP Query User{3C8ACC4F-B6EF-4C20-AD72-2081BCE9DFAE}c:\\program files\\aol 9.0\\waol.exe"= TCP:c:\program files\aol 9.0\waol.exe:AOL Software
    "TCP Query User{B87EAB50-3013-4BFE-A5A4-B0427FE12EAD}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{76F76D1F-8649-4FC2-A79A-240244BCFA14}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "{84CE83B6-B36C-4AE0-8A80-1FAA7D638FE1}"= UDP:57689:pandoRest Listening Port
    "{6A924CAA-22F7-4EDC-A15F-E49F7775A5E8}"= UDP:c:\program files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe:pandoRest Application Name
    "{B3D70FC8-A0B6-413A-8D17-027D7571F86E}"= TCP:c:\program files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe:pandoRest Application Name
    "{5AC1B2C7-1D28-434C-987E-7309B8C5AE97}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{95223AD0-A5D7-41A1-9C71-F15879A5499E}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{43D495FE-74DE-4E40-8797-41F068020CCD}"= UDP:c:\program files\Common Files\AOL\1212288179\ee\aolsoftware.exe:AOL Services
    "{0C4F05BA-71D2-4D5B-81A3-F54DCE3BF158}"= TCP:c:\program files\Common Files\AOL\1212288179\ee\aolsoftware.exe:AOL Services
    "{28B3E706-B5F4-4188-AE28-976FA139BD8F}"= UDP:c:\program files\Common Files\AOL\1212288179\ee\aim6.exe:AIM
    "{587DA612-0D80-41E4-9A88-5EFAB37B20CB}"= TCP:c:\program files\Common Files\AOL\1212288179\ee\aim6.exe:AIM
    "{DBB48CD7-43EC-48E3-9CB8-C4EE55A4D1BC}"= UDP:c:\program files\AIM6\aim6.exe:AIM
    "{98B034F3-3827-4E24-8380-A1D8DE533BBB}"= TCP:c:\program files\AIM6\aim6.exe:AIM
    "TCP Query User{4A7D85DA-A8B1-4576-9248-3103A34A819E}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
    "UDP Query User{AF4E791F-34ED-4F7F-AAFC-9265E418C428}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
    "TCP Query User{0197E7AD-7141-4659-8C11-63978CB6E2AE}c:\\program files\\aim\\aim.exe"= UDP:c:\program files\aim\aim.exe:AOL Instant Messenger
    "UDP Query User{FE75D663-55B8-4A23-9702-6E5EA5BE8505}c:\\program files\\aim\\aim.exe"= TCP:c:\program files\aim\aim.exe:AOL Instant Messenger
    "TCP Query User{C97D39C8-EC30-4C8D-AC21-068F8B38FB65}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
    "UDP Query User{28EC1883-FE80-4929-8BB5-5899A46E431F}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
    "TCP Query User{8FCCD136-74F4-4E81-8B5A-C8967C632EDC}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{BF2E5019-D0BF-486D-88B3-44535B6B15E3}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-08-20 8944]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-08-20 55024]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [2008-01-21 73728]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-27 108289]
    R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCase\OpenCASE Media Agent\MediaAgent.exe [2008-08-29 835208]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-10-31 24652]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [2008-01-21 111104]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-08-20 7408]
    S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [2008-01-21 209408]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - ATWPKT2
    *NewlyCreated* - MBAMSWISSARMY
    *Deregistered* - ATWPKT2
    *Deregistered* - AvgLdx86
    *Deregistered* - AvgTdiX
    *Deregistered* - MBAMSwissArmy

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ BthServ
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    .
    Contents of the 'Scheduled Tasks' folder

    2009-03-29 c:\windows\Tasks\User_Feed_Synchronization-{18BA795C-ECC6-4D07-BF36-B43B335D9FD2}.job
    - c:\windows\system32\msfeedssync.exe [2006-11-02 05:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.clearspring.com/widgets/4899e8a49d2ce107?p=4899e8a49d2ce107&flv=videoPid%3DeTJD8WwKdrEaBGcpA6qHqAZO9%255FXcbbmu
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    .

    **************************************************************************

    catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-29 18:51:06
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(852)
    c:\progra~1\COMMON~1\aolshare\shell\us\shellext.dll
    .
    Completion time: 2009-03-29 18:53:28
    ComboFix-quarantined-files.txt 2009-03-29 22:53:17

    Pre-Run: 20,354,654,208 bytes free
    Post-Run: 22,114,512,896 bytes free

    187 --- E O F --- 2009-03-28 19:49:40


    hjt:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:35:30 PM, on 3/28/2009
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16809)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Real\RealPlayer\realplay.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Common Files\AOL\1212288179\ee\aolsoftware.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\AOL 9.0\waol.exe
    C:\Program Files\AOL 9.0\shellmon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=61008
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clearspring.com/widgets/...v=videoPid=eTJD8WwKdrEaBGcpA6qHqAZO9%5FXcbbmu
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SearchPerks! Perk Counter - {2787EA8E-8D87-48af-88AD-B30246C917AB} - C:\Program Files\SearchPerks! Perk Counter\Bmbho.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: SearchPerks! Perk Counter - {2787EA8E-8D87-48af-88AD-B30246C917AB} - C:\Program Files\SearchPerks! Perk Counter\Bmbho.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1212288179\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll
    O13 - Gopher Prefix:
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 10740 bytes
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    110,622
    It's beginning to look like these detections were false positives. I see several people are getting the same results with the last detection updates and some have submitted the files for confirmation.

    You said you uninstall Avast and AVG but they are still showing in your last HijackThis log. How did you uninstall them?
     
  11. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    110,622
    Open HijackThis and click on "Config" and then on the "Misc Tools" button. If you're viewing HijackThis from the Main Menu then click on "Open the Misc Tools Section". Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here please.
     
  12. principessa

    principessa Thread Starter

    Joined:
    Feb 18, 2003
    Messages:
    262
    dear cookie, if u think this could have been a false positive that's a great relief to me and, i'll listen to anything you say because you're an ~expert~ ...but it's acting so bizarre ...besides the unusual multiple-open connections, and that the number next to "internet (1)" connections keeps going up (40, 41, 42... i think, every time i sign on/off aol the number changes), any file i am downloading over my dsl, outside of aol, will cut off if i sign off aol, which never used to happen, and the computer has also slowed to a crawl and pages have been loading blank/have to be refreshed...

    i don't know how this'll turn out but, no matter what, i am so grateful for you holding my hand through all this...

    here's the list you asked for:

    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    Ad-Aware
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Flash Player 10 ActiveX
    Adobe Reader 8.1.2
    AOL Coach Version 1.0(Build:20020929.1)
    AOL Install
    AOL Uninstaller (Choose which Products to Remove)
    a-squared HiJackFree 3.1
    Avira AntiVir Personal - Free Antivirus
    Browser Address Error Redirector
    Conexant HDA D330 MDC V.92 Modem
    Dell DataSafe Online
    Dell Getting Started Guide
    Dell Support Center
    Dell Touchpad
    Dell Wireless WLAN Card
    Digital Line Detect
    DivX Web Player
    EarthLink Setup Files
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HouseCall 6.6
    Intel(R) Matrix Storage Manager
    Internet Service Offers Launcher
    Java(TM) 6 Update 7
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Modem Diagnostic Tool
    MSXML 4.0 SP2 (KB954430)
    Music, Photos & Videos Launcher
    NetWaiting
    NetZeroInstallers
    OpenCASE Media Agent
    Product Documentation Launcher
    QuickSet
    RealPlayer Basic
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler
    Roxio MyDVD DE
    Roxio Update Manager
    RTC Client API v1.2
    SearchPerks! Perk Counter
    Security Update for 2007 Microsoft Office System (KB951550)
    Security Update for 2007 Microsoft Office System (KB951944)
    Security Update for 2007 Microsoft Office System (KB958439)
    Security Update for Microsoft Office Excel 2007 (KB958437)
    Security Update for Microsoft Office OneNote 2007 (KB950130)
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)
    Security Update for Microsoft Office system 2007 (KB954326)
    Security Update for Microsoft Office system 2007 (KB956828)
    Security Update for Microsoft Office Word 2007 (KB956358)
    Sonic Activation Module
    Spyware Terminator
    SUPERAntiSpyware Free Edition
    Update for Microsoft Office 2007 Help for Common Features (KB957244)
    Update for Microsoft Office Excel 2007 Help (KB957242)
    Update for Microsoft Office OneNote 2007 Help (KB957245)
    Update for Microsoft Office PowerPoint 2007 Help (KB957247)
    Update for Microsoft Office Word 2007 Help (KB957252)
    Update for Microsoft Script Editor Help (KB957253)
    Update for Office 2007 (KB946691)
    User's Guides
    Viewpoint Media Player
    Vista Codec Package
    VLC media player 0.9.2
    Windows Mobile Device Center
    Windows Mobile Device Center Driver Update
    Your Uninstaller! 2008 Version 6.2
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    110,622
    Why have you never upgraded to SP1? It doesn't look like your computer has all your Microsoft Vista and Office updates either. Are you not downloading the updates regularly? :confused:
     
  14. principessa

    principessa Thread Starter

    Joined:
    Feb 18, 2003
    Messages:
    262
    howdy cookie gal! ...i had no idea you'd replied to me because i didn't receive a notification this time letting me know :( ...i hope i haven't lost that much time on working this out with you ...i came here just now only to let u know that my computer just popped up a message that windows had to shut down task scheduler to prevent data execution... :confused: ...i am worried...

    *feeling stupid* i had windows updates turned off because i was afraid some new update would crash my computer before i'd had a chance to back up (which i can't do now, either, so i'm terrified my computer is going to go down before i can afford to buy an external hd...)

    have u heard anything about what i'm experiencing, being a valid threat? ...i am worried...
     
  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    110,622
    According to ComboFix there was nothing in Task Scheduler out of the ordinary. By not getting the updates, you've left your computer vulnerable to exploits.

    You should at least visit Microsoft and get the critical updates, even if you don't get SP1.

    Please run another scan with ComboFix and post that log.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/813536

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice