Kranium31

Members
  • Content Count

    55
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Kranium31

  • Rank
    Advanced Member
  1. Everything seems to be back to normal now. Back to linux I go. Thanks for the help.
  2. I was able to remove the FF extensions and the updates are working again. Brb with log files.
  3. FRST failed to update after reboot. There is still am extension that I cannot remove in chrome(eversave 1.0.1.31). Here are the logs as requested.FRST.txtAddition.txt
  4. Here is the log file. When I rebooted firefox told me it was setup to run a proxy and wouildn't connect. I was able to change the setting though.There are new extensions in FF as well now. (bing search 1.0.0.8 and urban ladder 0.2). Java update will not update stating proxy settings are wrong.Fixlog.txt
  5. It was the malware that changed to the proxy server. I also can't shut off third party extensions anymore. Doing this now.
  6. I can't seem to get rid of 2 extensions in chrome. I deleted the folders they were in and they keep coming back.The FRST logs are below. Thanks in advance. FRST.txtAddition.txt
  7. [quote name='CeciliaB' post='124023' date='Dec 6 2010, 06:04 PM']Well, I cannot see that you have disabled any startup items, but if the computer is running well now that is not important. Still a Symantec file running. Try [url="http://http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20090910004050EN"]Norton Removal Tool[/url] Step 2. That is folder used by the System Restore function. Items there are not active but it is an indication that the computer has been infected.[/quote] i might have done that scan before i restarted. Is there anything else i need to do with that infected file or will quaranting to the trick? The norton thing ill have to take care of later in the week when im there. Def a big help though, it litterally hurt my head running the initial scans and just opening up programs, it was that slow
  8. Here in the info on the virus avast found: C:\SystemVolumeInformation\_restore{20255DA8-7A33-4BCA-9586-051D24DDBF}\RP1802\A0058620.dll Here is the Hijack this log after i removed all the un-needed startup items, and i added 512mb of ram that i found lying around. It seems to be running at normal speeds now Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 4:50:47 PM, on 12/6/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Alwil Software\Avast5\avastUI.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.dell4me.com/mywaybiz"]http://www.dell4me.com/mywaybiz[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://bfc.myway.com/search/de_srchlft.html?p=DS"]http://bfc.myway.com/search/de_srchlft.html?p=DS[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://rhodeisland.cox.net/cci/home"]http://rhodeisland.cox.net/cci/home[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url="http://www.dell4me.com/mywaybiz"]http://www.dell4me.com/mywaybiz[/url] O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [url="http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab"]http://upload.facebook.com/controls/2008.1...toUploader5.cab[/url] O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - [url="http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab"]http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab[/url] O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - [url="http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab"]http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab[/url] O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: ncpclcfg - NCP engineering GmbH - C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe O23 - Service: ncprwsnt - NCP Engineering GmbH - C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe O23 - Service: NcpSec - Unknown owner - C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: RwsRsu (rwsrsu) - Unknown owner - C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 7330 bytes
  9. I just scanned with avast and it found this. Win32:Adware-gen [adw] At first look i thought it might have something to do with adaware. I quaratined it for the time being.
  10. my mothers computer is really slow, just looking for some help cleaning it up before i go buying ram and upgrading from xp to win 7. I ran adaware and hijack this here are the log files: Logfile created: 12/5/2010 14:34:54 Ad-Aware version: 8.3.6 Extended engine: 3 Extended engine version: 3.1.2770 User performing scan: Patricia *********************** Definitions database information *********************** Lavasoft definition file: 150.189 Genotype definition file version: 2010/12/02 15:39:08 Extended engine definition file: 7522.0 ******************************** Scan results: ********************************* Scan profile name: Full Scan (ID: full) Objects scanned: 107569 Objects detected: 47 Type Detected ========================== Processes.......: 0 Registry entries: 0 Hostfile entries: 0 Files...........: 1 Folders.........: 0 LSPs............: 0 Cookies.........: 46 Browser hijacks.: 0 MRU objects.....: 0 Removed items: Description: *real* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408817 Family ID: 0 Description: *247realmedia* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408945 Family ID: 0 Description: *realmedia* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409139 Family ID: 0 Description: *2o7* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408943 Family ID: 0 Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0 Description: *adlegend* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409170 Family ID: 0 Description: *adopt.euroclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409169 Family ID: 0 Description: *addynamix* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409026 Family ID: 0 Description: *.bridgetrack* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409095 Family ID: 0 Description: *advertis* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408918 Family ID: 0 Description: *advertising* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409017 Family ID: 0 Description: *gator* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408861 Family ID: 0 Description: *apmebf* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409163 Family ID: 0 Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0 Description: *specificclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408807 Family ID: 0 Description: *centrport* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408895 Family ID: 0 Description: *clickbank* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408890 Family ID: 0 Description: *clickz* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408888 Family ID: 0 Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0 Description: *hitbox* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408858 Family ID: 0 Description: *.hitbox* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409072 Family ID: 0 Description: *ehg-dig.hitbox* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409258 Family ID: 0 Description: *adbureau* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409027 Family ID: 0 Description: *fastclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408869 Family ID: 0 Description: *insightexpressai* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409259 Family ID: 0 Description: *kontera* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409363 Family ID: 0 Description: *webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599640 Family ID: 0 Description: *adrevolver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408932 Family ID: 0 Description: *media.adrevolver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409144 Family ID: 0 Description: *mediaplex* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408991 Family ID: 0 Description: *overture* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408834 Family ID: 0 Description: *questionmarket* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408819 Family ID: 0 Description: *roiservice* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409196 Family ID: 0 Description: *rotator.adjuggler* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409135 Family ID: 0 Description: *server.iad.liveperson* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409131 Family ID: 0 Description: *statcounter* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409185 Family ID: 0 Description: *statse.webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408803 Family ID: 0 Description: *webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408954 Family ID: 0 Description: *.webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409033 Family ID: 0 Description: *statse.webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409269 Family ID: 0 Description: *tacoda* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409123 Family ID: 0 Description: *coremetrics* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409008 Family ID: 0 Description: *tribalfusion* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408785 Family ID: 0 Description: *unicast* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409281 Family ID: 0 Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0 Description: zedo* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408736 Family ID: 0 Quarantined items: Description: c:\program files\starware337\bin\starware337.dll Family Name: Starware.Toolbar Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 37462b8f6451840ec48e85f6cb14bafd Scan and cleaning complete: Finished correctly after 7490 seconds *********************************** Settings *********************************** Scan profile: ID: full, enabled:1, value: Full Scan ID: folderstoscan, enabled:1, value: C:\ ID: useantivirus, enabled:1, value: true ID: sections, enabled:1 ID: scancriticalareas, enabled:1, value: true ID: scanrunningapps, enabled:1, value: true ID: scanregistry, enabled:1, value: true ID: scanlsp, enabled:1, value: true ID: scanads, enabled:1, value: true ID: scanhostsfile, enabled:1, value: true ID: scanmru, enabled:1, value: true ID: scanbrowserhijacks, enabled:1, value: true ID: scantrackingcookies, enabled:1, value: true ID: closebrowsers, enabled:1, value: false ID: filescanningoptions, enabled:1 ID: archives, enabled:1, value: true ID: onlyexecutables, enabled:1, value: false ID: skiplargerthan, enabled:1, value: 20480 ID: scanrootkits, enabled:1, value: true ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict ID: usespywareheuristics, enabled:1, value: true Scan global: ID: global, enabled:1 ID: addtocontextmenu, enabled:1, value: true ID: playsoundoninfection, enabled:1, value: false ID: soundfile, enabled:0, value: N/A Scheduled scan settings: <Empty> Update settings: ID: updates, enabled:1 ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: schedules, enabled:1, value: true ID: updatedaily1, enabled:1, value: Daily 1 ID: time, enabled:1, value: Sun Dec 05 14:08:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily2, enabled:1, value: Daily 2 ID: time, enabled:1, value: Sun Dec 05 20:08:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily3, enabled:1, value: Daily 3 ID: time, enabled:1, value: Sun Dec 05 02:08:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily4, enabled:1, value: Daily 4 ID: time, enabled:1, value: Sun Dec 05 08:08:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updateweekly1, enabled:1, value: Weekly ID: time, enabled:1, value: Sun Dec 05 14:08:00 2010 ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: true ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: true ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false Appearance settings: ID: appearance, enabled:1 ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource ID: showtrayicon, enabled:1, value: true ID: autoentertainmentmode, enabled:1, value: true ID: guimode, enabled:1, value: mode_advanced, domain: mode_advanced,mode_simple ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language Realtime protection settings: ID: realtime, enabled:1 ID: layers, enabled:1 ID: useantivirus, enabled:1, value: true ID: usespywareheuristics, enabled:1, value: true ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant ID: modules, enabled:1 ID: processprotection, enabled:1, value: true ID: onaccessprotection, enabled:1, value: false ID: registryprotection, enabled:1, value: true ID: networkprotection, enabled:1, value: true ****************************** System information ****************************** Computer name: MYDELL Processor name: Intel® Celeron® CPU 2.40GHz Processor identifier: x86 Family 15 Model 4 Stepping 1 Processor speed: ~2394MHZ Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 1025, number of processors 1, processor features: [MMX,SSE,SSE2] Physical memory available: 32079872 bytes Physical memory total: 266321920 bytes Virtual memory available: 1869131776 bytes Virtual memory total: 2147352576 bytes Memory load: 87% Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Windows startup mode: Running processes: PID: 1836 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY PID: 1876 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY PID: 1900 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY PID: 1944 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY PID: 1956 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY PID: 224 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 312 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 560 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 628 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1088 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY PID: 1176 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY PID: 1704 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 248 name: C:\WINDOWS\Explorer.EXE owner: Patricia domain: MYDELL PID: 388 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY PID: 440 name: C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe owner: SYSTEM domain: NT AUTHORITY PID: 460 name: C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe owner: SYSTEM domain: NT AUTHORITY PID: 516 name: C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe owner: SYSTEM domain: NT AUTHORITY PID: 900 name: C:\WINDOWS\system32\PSIService.exe owner: SYSTEM domain: NT AUTHORITY PID: 924 name: C:\Program Files\Analog Devices\Core\smax4pnp.exe owner: Patricia domain: MYDELL PID: 172 name: C:\WINDOWS\system32\hkcmd.exe owner: Patricia domain: MYDELL PID: 884 name: C:\WINDOWS\system32\igfxpers.exe owner: Patricia domain: MYDELL PID: 1332 name: C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe owner: SYSTEM domain: NT AUTHORITY PID: 1516 name: C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe owner: Patricia domain: MYDELL PID: 1580 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1608 name: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe owner: SYSTEM domain: NT AUTHORITY PID: 1744 name: C:\Program Files\Common Files\Java\Java Update\jusched.exe owner: Patricia domain: MYDELL PID: 2024 name: C:\WINDOWS\system32\wdfmgr.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1040 name: C:\WINDOWS\system32\ctfmon.exe owner: Patricia domain: MYDELL PID: 1368 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Patricia domain: MYDELL PID: 3352 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY PID: 3452 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY PID: 3520 name: C:\WINDOWS\System32\SCardSvr.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 364 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Patricia domain: MYDELL Startup items: Name: SoundMAXPnP imagepath: C:\Program Files\Analog Devices\Core\smax4pnp.exe Name: igfxtray imagepath: C:\WINDOWS\system32\igfxtray.exe Name: igfxhkcmd imagepath: C:\WINDOWS\system32\hkcmd.exe Name: igfxpers imagepath: C:\WINDOWS\system32\igfxpers.exe Name: AVP imagepath: "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" Name: QuickTime Task imagepath: "C:\Program Files\QuickTime\qttask.exe" -atboottime Name: SSBkgdUpdate imagepath: "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot Name: PaperPort PTD imagepath: C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe Name: IndexSearch imagepath: C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe Name: BrMfcWnd imagepath: C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN Name: SetDefPrt imagepath: C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe Name: ControlCenter3 imagepath: C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun Name: ISUSPM Startup imagepath: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup Name: SunJavaUpdateSched imagepath: "C:\Program Files\Common Files\Java\Java Update\jusched.exe" Name: PostBootReminder imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9} Name: CDBurn imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9} Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Name: SysTray imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153} Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1} imagepath: Browseui preloader Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} imagepath: Component Categories cache daemon Name: imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI Name: imagepath: C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Start Menu\Programs\Startup\DESKTOP.INI Bootexecute items: Running services: Name: AudioSrv displayname: Windows Audio Name: Browser displayname: Computer Browser Name: CryptSvc displayname: Cryptographic Services Name: DcomLaunch displayname: DCOM Server Process Launcher Name: Dhcp displayname: DHCP Client Name: ERSvc displayname: Error Reporting Service Name: Eventlog displayname: Event Log Name: EventSystem displayname: COM+ Event System Name: FastUserSwitchingCompatibility displayname: Fast User Switching Compatibility Name: helpsvc displayname: Help and Support Name: JavaQuickStarterService displayname: Java Quick Starter Name: lanmanserver displayname: Server Name: lanmanworkstation displayname: Workstation Name: Lavasoft Ad-Aware Service displayname: Lavasoft Ad-Aware Service Name: LmHosts displayname: TCP/IP NetBIOS Helper Name: ncpclcfg displayname: ncpclcfg Name: ncprwsnt displayname: ncprwsnt Name: NcpSec displayname: NcpSec Name: Netman displayname: Network Connections Name: Nla displayname: Network Location Awareness (NLA) Name: PlugPlay displayname: Plug and Play Name: ProtectedStorage displayname: Protected Storage Name: ProtexisLicensing displayname: ProtexisLicensing Name: RasMan displayname: Remote Access Connection Manager Name: RpcSs displayname: Remote Procedure Call (RPC) Name: rwsrsu displayname: rwsrsu Name: SamSs displayname: Security Accounts Manager Name: SCardSvr displayname: Smart Card Name: Schedule displayname: Task Scheduler Name: seclogon displayname: Secondary Logon Name: SENS displayname: System Event Notification Name: SharedAccess displayname: Windows Firewall/Internet Connection Sharing (ICS) Name: ShellHWDetection displayname: Shell Hardware Detection Name: Spooler displayname: Print Spooler Name: srservice displayname: System Restore Service Name: SSDPSRV displayname: SSDP Discovery Service Name: stisvc displayname: Windows Image Acquisition (WIA) Name: Symantec Core LC displayname: Symantec Core LC Name: TapiSrv displayname: Telephony Name: TermService displayname: Terminal Services Name: Themes displayname: Themes Name: TrkWks displayname: Distributed Link Tracking Client Name: UMWdf displayname: Windows User Mode Driver Framework Name: w32time displayname: Windows Time Name: WebClient displayname: WebClient Name: winmgmt displayname: Windows Management Instrumentation Name: wscsvc displayname: Security Center Name: wuauserv displayname: Automatic Updates Name: WZCSVC displayname: Wireless Zero Configuration _____________________________________________________________________________________________ Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 4:49:41 PM, on 12/5/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.dell4me.com/mywaybiz"]http://www.dell4me.com/mywaybiz[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://bfc.myway.com/search/de_srchlft.html?p=DS"]http://bfc.myway.com/search/de_srchlft.html?p=DS[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://rhodeisland.cox.net/cci/home"]http://rhodeisland.cox.net/cci/home[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url="http://www.dell4me.com/mywaybiz"]http://www.dell4me.com/mywaybiz[/url] O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing) O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [url="http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab"]http://upload.facebook.com/controls/2008.1...toUploader5.cab[/url] O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - [url="http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab"]http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab[/url] O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - [url="http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab"]http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab[/url] O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: ncpclcfg - NCP engineering GmbH - C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe O23 - Service: ncprwsnt - NCP Engineering GmbH - C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe O23 - Service: NcpSec - Unknown owner - C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: RwsRsu (rwsrsu) - Unknown owner - C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 7227 bytes
  11. So far so good. It hasnt come back and all the updates have been installed. thanks again