Computer Security & Viruses/Combofix & Hijack files

Advertisement

Expert: - 8/23/2009


Question
Here is the combofix and new Hijack log.

ComboFix 09-08-22.06 - Pamela Miller 08/22/2009 20:14.2.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.510.203 [GMT -4:00]
Running from: c:\documents and settings\Pamela Miller\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090822-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
.

(((((((((((((((((((((((((   Files Created from 2009-07-23 to 2009-08-23  )))))))))))))))))))))))))))))))
.

2009-08-22 21:23 . 2006-10-26 23:56   32592   ----a-w-   c:\windows\system32\msonpmon.dll
2009-08-22 21:22 . 2009-08-22 21:22   --------   d-----w-   c:\program files\Microsoft Works
2009-08-22 20:24 . 2009-08-22 21:27   --------   d-----w-   c:\documents and settings\Pamela Miller\Application Data\GetRightToGo
2009-08-22 18:29 . 2009-08-22 18:29   --------   d-----w-   c:\documents and settings\Pamela Miller\Application Data\Malwarebytes
2009-08-22 18:29 . 2009-08-03 17:36   38160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-22 18:29 . 2009-08-22 18:29   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-08-22 18:29 . 2009-08-22 18:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-22 18:29 . 2009-08-03 17:36   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-08-22 01:08 . 2009-08-22 01:11   1363946   ----a-w-   c:\documents and settings\All Users\Application Data\gav\GAVBi.exe
2009-08-22 01:05 . 2009-08-22 01:10   --------   d-----w-   c:\documents and settings\All Users\Application Data\gav
2009-08-17 01:00 . 2009-08-17 01:00   --------   d-----w-   c:\windows\system32\XPSViewer
2009-08-17 01:00 . 2009-08-17 01:00   --------   d-----w-   c:\program files\MSBuild
2009-08-17 01:00 . 2009-08-17 01:00   --------   d-----w-   c:\program files\Reference Assemblies
2009-08-17 00:59 . 2008-07-06 12:06   89088   ------w-   c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-17 00:59 . 2008-07-06 12:06   575488   ------w-   c:\windows\system32\xpsshhdr.dll
2009-08-17 00:59 . 2008-07-06 12:06   575488   ------w-   c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-17 00:59 . 2008-07-06 12:06   1676288   ------w-   c:\windows\system32\xpssvcs.dll
2009-08-17 00:59 . 2008-07-06 12:06   1676288   ------w-   c:\windows\system32\dllcache\xpssvcs.dll
2009-08-17 00:59 . 2008-07-06 12:06   117760   ------w-   c:\windows\system32\prntvpt.dll
2009-08-17 00:59 . 2008-07-06 10:50   597504   ------w-   c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-17 00:59 . 2009-08-17 01:00   --------   d-----w-   C:\fa3e23742598175117a896
2009-08-14 20:55 . 2009-08-14 20:55   95232   ----a-w-   c:\documents and settings\Pamela Miller\Application Data\Mozilla\Firefox\Profiles\zzjjtjfd.default\gsl.dll
2009-08-13 01:05 . 2009-07-10 13:27   1315328   ------w-   c:\windows\system32\dllcache\msoe.dll
2009-08-07 07:34 . 2009-08-07 07:34   331791   ----a-w-   c:\documents and settings\All Users\Application Data\gav\wsdt05.exe
2009-08-05 09:01 . 2009-08-05 09:01   204800   ------w-   c:\windows\system32\dllcache\mswebdvd.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-22 21:24 . 2007-09-24 01:44   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-22 19:48 . 2005-12-01 05:42   --------   d-----w-   c:\program files\Trend Micro
2009-08-19 18:55 . 2008-12-31 17:26   --------   d-----w-   c:\documents and settings\Shaquoia Miller\Application Data\FrostWire
2009-08-19 17:03 . 2006-12-11 20:47   68768   ----a-w-   c:\documents and settings\Shaquoia Miller\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-17 00:31 . 2006-10-07 01:40   --------   d-----w-   c:\documents and settings\Pamela Miller\Application Data\Creative
2009-08-05 09:01 . 2004-08-10 18:51   204800   ----a-w-   c:\windows\system32\mswebdvd.dll
2009-08-02 23:30 . 2006-03-02 01:53   --------   d-----w-   c:\documents and settings\Pamela Miller\Application Data\AdobeUM
2009-07-26 21:55 . 2007-09-24 02:02   --------   d-----w-   c:\documents and settings\Pamela Miller\Application Data\U3
2009-07-18 14:24 . 2006-07-06 02:44   68768   ----a-w-   c:\documents and settings\Pamela Miller\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-17 19:01 . 2004-08-10 18:50   58880   ----a-w-   c:\windows\system32\atl.dll
2009-07-13 14:08 . 2004-08-10 18:51   286720   ----a-w-   c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2004-08-10 18:51   827392   ------w-   c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-10 18:51   78336   ----a-w-   c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-10 18:50   17408   ----a-w-   c:\windows\system32\corpol.dll
2009-06-16 14:36 . 2004-08-10 18:51   119808   ----a-w-   c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-10 18:51   81920   ----a-w-   c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2004-08-10 18:51   76288   ----a-w-   c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-10 18:50   84992   ----a-w-   c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2004-08-10 19:01   2066432   ----a-w-   c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-10 18:51   132096   ----a-w-   c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-10 18:51   1291264   ----a-w-   c:\windows\system32\quartz.dll
2009-06-01 20:40 . 2006-12-11 20:47   4184   --sha-w-   c:\windows\system32\KGyGaAvL.sys
2009-06-01 20:40 . 2006-12-11 20:47   104   --sh--r-   c:\windows\system32\B5D1CADAB3.sys
2007-07-26 19:32 . 2007-09-04 01:30   66408   ----a-w-   c:\program files\mozilla firefox\components\jar50.dll
2007-07-26 19:32 . 2007-09-04 01:30   54112   ----a-w-   c:\program files\mozilla firefox\components\jsd3250.dll
2007-07-26 19:32 . 2007-09-04 01:30   34688   ----a-w-   c:\program files\mozilla firefox\components\myspell.dll
2007-07-26 19:32 . 2007-09-04 01:30   46456   ----a-w-   c:\program files\mozilla firefox\components\spellchk.dll
2007-07-26 19:32 . 2007-09-04 01:30   171880   ----a-w-   c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((   SnapShot@2009-08-22_23.55.33   )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-01-29 19:12 . 2009-08-23 00:09   23040              c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-01-29 19:12 . 2009-07-12 22:45   23040              c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-01-29 19:12 . 2009-07-12 22:45   61440              c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2006-01-29 19:12 . 2009-08-23 00:09   61440              c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2006-01-29 19:12 . 2009-07-12 22:45   27136              c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2006-01-29 19:12 . 2009-08-23 00:09   27136              c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2006-01-29 19:12 . 2009-08-23 00:09   11264              c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2006-01-29 19:12 . 2009-07-12 22:45   11264              c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-01-29 19:12 . 2009-08-23 00:09   86016              c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2006-01-29 19:12 . 2009-07-12 22:45   86016              c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2006-01-29 19:12 . 2009-07-12 22:45   12288              c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2006-01-29 19:12 . 2009-08-23 00:09   12288              c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2006-01-29 19:12 . 2009-08-23 00:09   4096              c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-01-29 19:12 . 2009-07-12 22:45   4096              c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-01-29 19:12 . 2009-07-12 22:45   409600              c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-01-29 19:12 . 2009-08-23 00:08   409600              c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-01-29 19:12 . 2009-07-12 22:45   286720              c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2006-01-29 19:12 . 2009-08-23 00:09   286720              c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2006-01-29 19:12 . 2009-08-23 00:09   249856              c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-01-29 19:12 . 2009-07-12 22:45   249856              c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-01-29 19:12 . 2009-07-12 22:45   794624              c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-01-29 19:12 . 2009-08-23 00:09   794624              c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-01-29 19:12 . 2009-08-23 00:09   135168              c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-01-29 19:12 . 2009-07-12 22:45   135168              c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-01-29 19:12 . 2009-07-12 22:45   593920              c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2006-01-29 19:12 . 2009-08-23 00:09   593920              c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-09 03:08   279944   ----a-w-   c:\program files\AskBarDis\bar\bin\askBar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pronto"="c:\program files\Wimba\Pronto\pronto.exe" [2009-01-22 10732168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-12-24 180269]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"dldnmon.exe"="c:\program files\Dell V105\dldnmon.exe" [2008-03-17 668912]
"dldnamon"="c:\program files\Dell V105\dldnamon.exe" [2008-03-17 16624]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-09-18 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

c:\documents and settings\Shaquoia Miller\Start Menu\Programs\Startup\
FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2008-9-3 114688]
Morpheus Ultra.lnk - c:\program files\Morpheus Ultra\Morpheus.exe [2006-7-13 1597440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      \0

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk
backup=c:\windows\pss\dlbcserv.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PcCtlCom"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dlcgcoms.exe"=
"c:\\Program Files\\Dell V105\\dldnamon.exe"=
"c:\\Program Files\\Dell V105\\frun.exe"=
"c:\\Program Files\\Dell V105\\dldnmon.exe"=
"c:\\WINDOWS\\system32\\dldncoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldnpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldntime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldnjswx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Dell V105\\dldnlscn.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/27/2008 12:12 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/27/2008 12:12 PM 20560]
R2 dldn_device;dldn_device;c:\windows\system32\dldncoms.exe -service --> c:\windows\system32\dldncoms.exe -service [?]
S2 dldnCATSCustConnectService;dldnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldnserv.exe [8/23/2008 9:09 PM 99568]
.
Contents of the 'Scheduled Tasks' folder

2009-01-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Pamela Miller\Application Data\Mozilla\Firefox\Profiles\zzjjtjfd.default\
FF - component: c:\documents and settings\Pamela Miller\Application Data\Mozilla\Firefox\Profiles\zzjjtjfd.default\gsl.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.01.06.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-22 20:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2392)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2009-08-23 20:26
ComboFix-quarantined-files.txt  2009-08-23 00:26
ComboFix2.txt  2009-08-23 00:04

Pre-Run: 51,037,995,008 bytes free
Post-Run: 51,013,345,280 bytes free

204   --- E O F ---   2009-08-19 18:58

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:46 PM, on 8/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\WINDOWS\system32\dldncoms.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell V105\dldnmon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Wimba\Pronto\pronto.exe
C:\Program Files\Dell V105\dldnMsdMon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dldnmon.exe] "C:\Program Files\Dell V105\dldnmon.exe"
O4 - HKLM\..\Run: [dldnamon] "C:\Program Files\Dell V105\dldnamon.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [pronto] "C:\Program Files\Wimba\Pronto\pronto.exe"
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcg_device -   - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: dldnCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldnserv.exe
O23 - Service: dldn_device -   - C:\WINDOWS\system32\dldncoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O24 - Desktop Component 0: (no name) - https://fact.econsumer.equifax.com/fact/uib/images/scoreRange.png

--
End of file - 8349 bytes


Answer
Hi Pam

The log file looks much better now.  The only entry of suspicion is for the AskToolBar.  If you can do without it, I usually recommend uninstalling it through the Add/Remove Programs in your Control Panel.  The program is technically not malware, but usually gets installed bundled with other software whether you want it or not.  But the choice is yours.  Otherwise, you're good to go.  Cheers!

Brian

Computer Security & Viruses

All Answers

Answers by Expert:

Ask Experts

Volunteer

Brian Benosky

Expertise

I will help you in eradicating malware and all forms of virus/trojans/adware. I can answer all PC-related hardware issues. I can also troubleshoot Windows OS errors (all versions) and other software problems. HijackThis logs are a MUST for virus related help. If you do not know how to do this, I have posted easy-to-follow instructions on the Ask a Question page. Every computer infection is different, so I will give you personal instructions on how to remove the malware, not a 'pat' answer. You can be assured of a prompt, polite, and knowledgeable response in all regards.

Experience

I have over 25 years experience in using, building, and repairing computers. I have helped over two thousand people here on AllExperts, with consistent Top Feedback Scores. Please look at my answers here: http://en.allexperts.com/q/Computer-Security-Viruses-1737/indexExp_84308.htm I am also a Top Contributor of General Computing answers in Yahoo! Questions.

Education/Credentials
College Educated Self-taught Computer Skills

©2012 About.com, a part of The New York Times Company. All rights reserved.