Hi, I am desprite for some help, I have some type of malware on my computer. At this point I have no idea what to do. I have tried all kinds of removers and detectors including ComboFix. Nothing is removing whatever I have. I get no pictures on my internet sites if I can even open them. I have tried all this ideas from this site also: http://www.myantispyware.com/2009/01/24/how-to-remove-windowsclickcom-redirect-uacdsys-trojan/ I thought I got rid of the malware, but I can’t even get on this site without refreshing about 20 types. I also can’t post this because I can’t get a word verification to post! If you are reading this I finally got it. I tried HijackThis and this is the log I got, I have no clue what I am doing or what to do with it. any help would be greatly appreciated. Dana Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:25:11 PM, on 7/22/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe C:\WINDOWS\system32\dlcqcoms.exe C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Creative\VoiceCenter\AndreaVC.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\DOCUME~1\dana\LOCALS~1\Temp\clclean.0001 C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe C:\Program Files\Gigaware\Gigaware Driver\4.06\MOUSE32A.EXE C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Dell Photo AIO Printer 966\memcard.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\NetWaiting\netWaiting.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\dwwin.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/campaign.asp?cid=8953&affid=105-74 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Etomi\Plugins\RazaWebHook.dll (file missing) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.135\IPSBHO.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (file missing) O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM..\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay O4 - HKLM..\Run: [PCMService] “C:\Program Files\Dell\Media Experience\PCMService.exe” O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM..\Run: [VoiceCenter] “C:\Program Files\Creative\VoiceCenter\AndreaVC.exe” /tray O4 - HKLM..\Run: [DVDLauncher] “C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe” O4 - HKLM..\Run: [ISUSPM Startup] “C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup O4 - HKLM..\Run: [ISUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM..\Run: [IntelZeroConfig] “C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe” O4 - HKLM..\Run: [IntelWireless] “C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” /tf Intel PROSet/Wireless O4 - HKLM..\Run: [FaxCenterServer] “C:\Program Files\Dell PC Fax\fm3032.exe” /s O4 - HKLM..\Run: [dlcqmon.exe] “C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe” O4 - HKLM..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16 O4 - HKLM..\Run: [LWBMOUSE] C:\Program Files\Gigaware\Gigaware Driver\4.06\MOUSE32A.EXE O4 - HKLM..\Run: [dscactivate] “C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe” O4 - HKLM..\Run: [DellSupportCenter] “C:\Program Files\Dell Support Center\bin\sprtcmd.exe” /P DellSupportCenter O4 - HKLM..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKLM..\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup O4 - HKLM..\Run: [MemoryCardManager] “C:\Program Files\Dell Photo AIO Printer 966\memcard.exe” O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe” O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe” O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU..\Run: [DellSupportCenter] “C:\Program Files\Dell Support Center\bin\sprtcmd.exe” /P DellSupportCenter O4 - HKCU..\Run: [Aim6] “C:\Program Files\AIM6\aim6.exe” /d locale=en-US ee://aol/imApp O4 - HKCU..\Run: [Messenger (Yahoo!)] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.antimalwareguard.com O15 - Trusted Zone: *.antimalwareguard.com (HKLM) O15 - Trusted Zone: *.gomyhit.com (HKLM) O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll O16 - DPF: {08D390AE-5101-4701-A89F-6C6DADCCC402} (MSN Photo Select Tool) - http://photos.msn.com/resources/neutral/controls/MsnPPick.cab?10,0,910,0 O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (Adobe Form Control) - http://www.jud2.ct.gov/webforms/Codebase/FormCtl.cab O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Farm%20Frenzy/Images/stg_drm.ocx O16 - DPF: {224F7DEA-B7C1-11D3-AB40-00902712A5C9} (PLSAddin Class) - http://www.jud2.ct.gov/webforms/codebase/plsspeller.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {2D3502EE-9D6D-11D1-86CC-080009B6ACE6} (Adobe Barcode Control) - http://www.jud2.ct.gov/webforms/codebase/jfbarcode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} (FixItClient Class) - https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} (Stm Class) - https://mpsnare.iesnare.com/StmOCX.cab O16 - DPF: {7E1A59BE-7FA5-41B3-B156-F17E964A05A3} - http://www.ibingo.com/bin/v6/setup.cab O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://www.gamehouse.com/realarcade-webgames/mysterypilt/SpinTopGamesLauncher.cab O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} (WNICheck2 Class) - http://www.convergysworkathome.com/AppHardT.CAB O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Posh%20Shop/Images/armhelper.ocx O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://ms.digitalcameradeveloping.com/mupload/WebUploadClient.cab O16 - DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} (Adobe Soft Font Installer) - http://www.jud2.ct.gov/webforms/codebase/fontinstaller.cab O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1c9afeff38717b2) (gupdate1c9afeff38717b2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing) O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe – End of file - 18204 bytes
Hi! Im sorry about pasting the log/report in the prior post. :(.
Thank you for getting back to me soooo quickly!
I ran the scan and have attached it to this message.
I hope I did it correctly.
Thanks again! Sooo very much,
Dana
Hi, I am desprite for some help, I have some type of malware on my computer. At this point I have no idea what to do. I have tried all kinds of removers and detectors including ComboFix. Nothing is removing whatever I have. I get no pictures on my internet sites if I can even open them. I have tried all this ideas from this site also: http://www.myantispyware.com/2009/01/24/how-to-remove-windowsclickcom-redirect-uacdsys-trojan/ I thought I got rid of the malware, but I can’t even get on this site without refreshing about 20 types. I also can’t post this because I can’t get a word verification to post! If you are reading this I finally got it. I tried HijackThis and this is the log I got, I have no clue what I am doing or what to do with it. any help would be greatly appreciated. Dana Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:25:11 PM, on 7/22/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe C:\WINDOWS\system32\dlcqcoms.exe C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Creative\VoiceCenter\AndreaVC.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\DOCUME~1\dana\LOCALS~1\Temp\clclean.0001 C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe C:\Program Files\Gigaware\Gigaware Driver\4.06\MOUSE32A.EXE C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Dell Photo AIO Printer 966\memcard.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\NetWaiting\netWaiting.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\dwwin.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/campaign.asp?cid=8953&affid=105-74 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Etomi\Plugins\RazaWebHook.dll (file missing) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.135\IPSBHO.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (file missing) O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM..\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay O4 - HKLM..\Run: [PCMService] “C:\Program Files\Dell\Media Experience\PCMService.exe” O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM..\Run: [VoiceCenter] “C:\Program Files\Creative\VoiceCenter\AndreaVC.exe” /tray O4 - HKLM..\Run: [DVDLauncher] “C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe” O4 - HKLM..\Run: [ISUSPM Startup] “C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup O4 - HKLM..\Run: [ISUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM..\Run: [IntelZeroConfig] “C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe” O4 - HKLM..\Run: [IntelWireless] “C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” /tf Intel PROSet/Wireless O4 - HKLM..\Run: [FaxCenterServer] “C:\Program Files\Dell PC Fax\fm3032.exe” /s O4 - HKLM..\Run: [dlcqmon.exe] “C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe” O4 - HKLM..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16 O4 - HKLM..\Run: [LWBMOUSE] C:\Program Files\Gigaware\Gigaware Driver\4.06\MOUSE32A.EXE O4 - HKLM..\Run: [dscactivate] “C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe” O4 - HKLM..\Run: [DellSupportCenter] “C:\Program Files\Dell Support Center\bin\sprtcmd.exe” /P DellSupportCenter O4 - HKLM..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKLM..\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup O4 - HKLM..\Run: [MemoryCardManager] “C:\Program Files\Dell Photo AIO Printer 966\memcard.exe” O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe” O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe” O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU..\Run: [DellSupportCenter] “C:\Program Files\Dell Support Center\bin\sprtcmd.exe” /P DellSupportCenter O4 - HKCU..\Run: [Aim6] “C:\Program Files\AIM6\aim6.exe” /d locale=en-US ee://aol/imApp O4 - HKCU..\Run: [Messenger (Yahoo!)] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.antimalwareguard.com O15 - Trusted Zone: *.antimalwareguard.com (HKLM) O15 - Trusted Zone: *.gomyhit.com (HKLM) O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll O16 - DPF: {08D390AE-5101-4701-A89F-6C6DADCCC402} (MSN Photo Select Tool) - http://photos.msn.com/resources/neutral/controls/MsnPPick.cab?10,0,910,0 O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (Adobe Form Control) - http://www.jud2.ct.gov/webforms/Codebase/FormCtl.cab O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Farm%20Frenzy/Images/stg_drm.ocx O16 - DPF: {224F7DEA-B7C1-11D3-AB40-00902712A5C9} (PLSAddin Class) - http://www.jud2.ct.gov/webforms/codebase/plsspeller.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {2D3502EE-9D6D-11D1-86CC-080009B6ACE6} (Adobe Barcode Control) - http://www.jud2.ct.gov/webforms/codebase/jfbarcode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} (FixItClient Class) - https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} (Stm Class) - https://mpsnare.iesnare.com/StmOCX.cab O16 - DPF: {7E1A59BE-7FA5-41B3-B156-F17E964A05A3} - http://www.ibingo.com/bin/v6/setup.cab O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://www.gamehouse.com/realarcade-webgames/mysterypilt/SpinTopGamesLauncher.cab O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} (WNICheck2 Class) - http://www.convergysworkathome.com/AppHardT.CAB O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Posh%20Shop/Images/armhelper.ocx O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://ms.digitalcameradeveloping.com/mupload/WebUploadClient.cab O16 - DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} (Adobe Soft Font Installer) - http://www.jud2.ct.gov/webforms/codebase/fontinstaller.cab O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1c9afeff38717b2) (gupdate1c9afeff38717b2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing) O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe – End of file - 18204 bytes
Hi Danbella:
Please see if you can run Malwarebytes
Download, install, update, and run a full scan. I don't know if you have any malware, or have done something brutal to your machine by using programs that require assistance and supervision.
Post it as before.
If anyone wants to see it, the HiJackThis log is here in proper format.
Please go back into HiJackThis and run a scan. Then check the following items:
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Etomi\Plugins\RazaWebHook.dll (file missing)
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
Click on the Fix Checked box at the bottom of the page in HiJackThis.
After that please make sure to read and follow up on the MalwareBytes removal of AntiMalwareGaurd which is on your system. Information on this rouge malware program is located here . You have already downloaded MalwareBytes AntiMalware so it should have removed the problem for you but you can follow the directions in the linked page to make sure everything is cleaned out.
Let us know how this helps you out.
Hi again, Okay I ran the scan and included it in an attachment.
I hope I didn't screw-up my computer! I always think I will be able to "fix", everything myself! I am my own worst enemy sometimes.
Thanks,
Dana
Did you have Malwarebytes Antimalware repair / fix what it found? Your log shows nothing done, so I just wanted to ask.
Hi
Don't know why you need us to tell you whether to have the Safer Malwarebytes remove things when you on your own have had "Combofix" remove the UAC variant of the Rootkit, which isn't as safe.
I was wondering why I couldn't figure how you had Malwarebytes working as I had figureed you had / did have the UAC or gxvxc variant(s)
That is why you have removed the Rootkit already.
Quads
I tried combofix a couple of days ago and it didn't find anything, or so I thought.
I also ran McafeeRootkit detective, which did find the UACd but it didn't remove it completely. It still shows that it is there.
I did say that at this point I am confused and have know idea where to go from there, especially since the computer is displaying behaviors that seem to be malware.
Thanks again
Dana
Combofix will have created a log, C:\combofix.txt, as long as you only ran it once
Quads
okay here is the log showing the corrections made.
There is no change after reboot though.
Thanks
Dana
OK
These, UAC rootkit removed by Combofix (Combofix's quarantine)
c:\Qoobox\quarantine\C\WINDOWS\system32\net.net.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\UACdiuxtundrsakfmkgp.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\UACqouyvdvqhhnplntsu.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\UACqymvnlnhdnneryeml.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\UACtdknuxgqsvqlpilwl.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\UACvtbsuqpafkxumyghi.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
BUT
c:\WINDOWS\system32\drivers\geyekrekpndrsl.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
No, that is another Rootkit, a tougher one,
when you start Sysprot and click on the "Kernel Modules" tab do you see that one in RED??
Quads
This is the report/log from Mcafee root detective. It shows:
Object-Type: Registry-key
Object-Name: modules.REN.RENem32\drivers\SYMEVENT.SYS
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UACd.sys\modules.REN.REN
Status: Hidden
Object-Type: Registry-key
Object-Name: modules.REN.REN.REN1\Services\UACd.sys\modules.REN.REN
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UACd.sys\modules.REN.REN.REN
Status: Hidden
I have removed these atleast 8 times with reboot and it won't go away.
thanks
Dana
I did not ask that!!!
With SysProt not McAfee
Quads
I do see red hidden files in the kernel Modules however, none of them match what you are showing me.
one is gezfryu.sys; another is SYMEFA.SYS; then systemroot\system32\drivers\dump_atapi.sys and lastly \systemroot\system32\drivers\dump_WMILIB.SYS
Hi
Give me all the info in the "gezfryu.sys" entry service name etc.
The other 3 are OK one being for Norton.
Quads
Okay
gezfryu.sys
service Name -----
Module Base BA0A8000
Module End BA0B7000
Hidden yes
Hi
1. Already has combofix
Don't use yet.
2. I have Personal Messaged you the script between the lines, look for the yellow envelope at the upper right hand side. Copy the Script.
3. Open Notepad and paste it in to notepad with the first line being killall::
4. Save the script as "CFScript.txt" CFScript.txt is what you see on your desktop after saving.
5. Disable Nortons Auto-Protect and Firewall.
6. Drag and drop CFScript.txt on top of Combofix.exe, like when you drop files into the recycle bin.
7. Combofix will start, When it is scanning don't move the mouse cursor inside the box, can cause freezing.
Hello, I did the combofix scan and attached with this post.
Thanks
Dana