Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Browser Changes, Cannot Print, Empty Folders, Unknown Software

Started by NancyAnn43 , Feb 25 2009 10:29 PM

  • Please log in to reply

#1
NancyAnn43
Posted 25 February 2009 - 10:29 PM

NancyAnn43

    New Member

  • Member
  • Pip
  • 1 posts
Hello and thank you in advance for your help. My computer browser started behaving weird about a month ago and it seemed like I never had any pop-ups blocked, my system always ran normal according to McAfee and Windows Defender. However, my computer kept getting slower so I checked out Autoruns and that is when I noticed a bunch of stuff running I never heard of. Looking into the folders and peaking at the registery let me know that things were not good. Some files were written in Asian?? I used DSL Broadband and that said that my IP address was expired, no DNS, and when I looked up all the pings sent to my IP, many were not legit and from China. I was surprised how many updates I missed because I have my updates set to just update and apparantly had not for some time.

Also, my printer would act weird. It would start running and stop and run and stop. Now it doesn't even print from the Internet. Oh, and there a couple of weird printer files. And what is up with the new Network files? I had AT&T come out once already because I noticed that not all of the modem lights were on. They just gave me a new modem and did something on the computer and that lasted maybe a day.

I am concerned about the duplicate User files too. Also, my virtual memory is maxed even after I reset it.

I can go on and on but I am tired. Thanks again for your help.

Here ya go!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:03 PM, on 2/25/2009
Platform: Windows XP SP3 (WinNT

5.01.2600)
MSIE: Unable to get Internet Explorer

version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows

Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program

Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1

\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1

\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1

\mcafee\mcproxy\mcproxy.exe
C:\Program

Files\McAfee\MPF\MPFSrv.exe
C:\MSSQL7\binn\sqlservr.exe
C:\Program

Files\Intel\PROSetWired\NCS\Sync\NetSv

c.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\System32\vssvc.exe
c:\PROGRA~1

\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32

\wbem\wmiapsrv.exe
C:\WINDOWS\system32

\SearchIndexer.exe
C:\WINDOWS\System32\dmadmin.exe
C:\MSSQL7\binn\sqlagent.exe
C:\Program Files\Analog

Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1

\mcsysmon.exe
C:\Program Files\Dell Photo AIO Printer

924\dlccmon.exe
C:\Program Files\Dell\Media

Experience\DMXLauncher.exe
C:\Program Files\Common

Files\InstallShield\UpdateService\issch.ex

e
C:\Program Files\Yahoo!\Search

Protection\SearchProtection.exe
C:\PROGRA~1\McAfee\MHN\McENUI.exe
C:\Program Files\Google\Google Desktop

Search\GoogleDesktop.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Dell Support

Center\bin\sprtcmd.exe
C:\PROGRA~1\McAfee\VIRUSS~1

\mcshield.exe
C:\Program Files\Internet

Explorer\iexplore.exe
C:\Program Files\Trend

Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Page =

https://sbcglobal.net
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://us.f573.mail.yahoo.com
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?

LinkId=69157
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =

www.att.com
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,CustomizeSearch =

www.msn.com
R1 - HKCU\Software\Microsoft\Internet

Explorer\SearchURL,(Default) =

http://att.yahoo.com
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Window Title = IE7-HOME
R3 - URLSearchHook: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-

0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - AutorunsDisabled -

(no file)
O2 - BHO: (no name) - {02478D38-C3F9

-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub -

{18DF081C-E8AD-4283-A596-

FA578C2EBDC3} - C:\Program

Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelpe

rShim.dll
O2 - BHO: (no name) - {4E7BD74F-

2B8D-469E-94BE-FD60BB9AAE29} -

(no file)
O2 - BHO: Spybot Search & Destroy -

{53707962-6F74-2D53-2644-

206D7942484F} - C:\DOCUME~1

\ALLUSE~1\STARTM~1

\Programs\SPYBOT~1

\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess -

{5CA3D70E-1895-11CF-8E15-

001234567890} -

C:\WINDOWS\System32

\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-

7241-4E79-B68D-6309F01C5231} -

C:\Program

Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-

CF10577473F7} - C:\Program

Files\Google\Google

Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier -

{AF69DE43-7D58-4638-B6FA-

CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\5.0.9

26.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO -

{B164E929-A1B6-4A06-B104-

2CD0E90A88FF} - c:\PROGRA~1

\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-

0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar

- {0EBBBE48-BAD4-4B4C-8E5A-

516ABECAE064} - c:\PROGRA~1

\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-

fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-

2B8D-469E-94BE-FD60BB9AAE29} -

(no file)
O4 - HKLM\..\Run: [SoundMAXPnP]

C:\Program Files\Analog

Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [mcagent_exe]

C:\Program

Files\McAfee.com\Agent\mcagent.exe

/runkey
O4 - HKLM\..\Run: [DLCCCATS] rundll32

C:\WINDOWS\System32

\spool\DRIVERS\W32X86\3

\DLCCtime.dll,[email protected]
O4 - HKLM\..\Run: [MSKDetectorExe]

C:\Program

Files\McAfee\SpamKiller\MSKDetct.exe
O4 - HKLM\..\Run: [igfxhkcmd]

C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers]

C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed

Launcher] C:\Documents and Settings\All

Users\Adobe\Reader 9.0\Setup

Files\READER9\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [igfxtray]

C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SMSystemAnalyzer]

"C:\Program Files\Dell\PC

TuneUp\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [Windows Defender]

C:\Program Files\Windows

Defender\MSASCui.exe
O4 - HKLM\..\Run: [dlccmon.exe]

"C:\Program Files\Dell Photo AIO Printer

924\dlccmon.exe"
O4 - HKLM\..\Run: [DMXLauncher]

C:\Program Files\Dell\Media

Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup]

"C:\Program Files\Common

Files\InstallShield\UpdateService\isuspm.

exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler]

"C:\Program Files\Common

Files\InstallShield\UpdateService\issch.ex

e" -start
O4 - HKLM\..\Run: [YSearchProtection]

"C:\Program Files\Yahoo!\Search

Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [McENUI]

C:\PROGRA~1\McAfee\MHN\McENUI.exe

/hide
O4 - HKLM\..\Run: [Google Desktop

Search] "C:\Program Files\Google\Google

Desktop Search\GoogleDesktop.exe"

/startup
O4 - HKCU\..\Run: [DellSupport]

"C:\Program

Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter]

"C:\Program Files\Dell Support

Center\bin\sprtcmd.exe" /P

DellSupportCenter
O4 - Global Startup: Windows

Search.lnk.disabled
O6 -

HKCU\Software\Policies\Microsoft\Internet

Explorer\Restrictions present
O6 -

HKCU\Software\Policies\Microsoft\Internet

Explorer\Control Panel present
O9 - Extra button: (no name) -

AutorunsDisabled - (no file)
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-

00401C608501} -

C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java

Console - {08B0E5C0-4FCB-11CF-

AAA5-00401C608501} -

C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Real.com - {CD67F990

-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) -

{DFB852A3-47F8-48C4-A200-

58CAB36FD2A2} - C:\DOCUME~1

\ALLUSE~1\STARTM~1

\Programs\SPYBOT~1

\Spybot\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot -

Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-

58CAB36FD2A2} - C:\DOCUME~1

\ALLUSE~1\STARTM~1

\Programs\SPYBOT~1

\Spybot\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38

-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem:

@xpsp3res.dll,-20001 - {e2e2dd38-d088

-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP:

c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://helpme.att.net
O15 - Trusted Zone:

http://www.dslreports.com
O15 - Trusted IP range: 76.240.71.39
O16 - DPF: {01A88BB1-1174-41EC-

ACCB-963509EAE56B} (SysProWmi

Class) -

http://support.dell....emprofiler/SysP

ro.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-

8075-444553540000} (Shockwave

ActiveX Control) -
O16 - DPF: {233C1507-6A77-46A4-

9443-F871F945D258} (Shockwave

ActiveX Control) -
O16 - DPF: {30528230-99F7-4BB4-

88D8-FA1D4F56A2AB} (Installation

Support) - C:\Program Files\Yahoo!

\Common\Yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-

8153-FFDE2BAC2967} (DLM Control) -

http://dlm.tools.aka...m/dlmanager/ver

sions/activex/dlm-activex-2.2.4.3.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-

9335-5A1EDB1D8A21} -

http://download.mcaf...om/molbin/share

d/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-

B064-02492C66E3F4}

(MUCatalogWebControl Class) -

http://catalog.updat...oft.com/v7/site

/ClientControl/en/x86/MuCatalogWebCont

rol.cab?1229407008500
O16 - DPF: {6A060448-60F9-11D5-

A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-

879C-DC1FA91D2FC3} (MUWebControl

Class) -

http://www.update.mi...t.com/microsoft

update/v6/V5Controls/en/x86/client/muweb

_site.cab?1187719268000
O16 - DPF: {D27CDB6E-AE6D-11CF-

96B8-444553540000} (Shockwave Flash

Object) -

http://fpdownload2.m...media.com/get/s

hockwave/cabs/flash/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-

BE53-DFE1E2340CB1}

(DownloadManager Control) -

http://dlm.tools.aka...m/dlmanager/ver

sions/activex/dlm-activex-2.2.1.6.cab
O18 - Protocol: sacore - {5513F07E-

936B-4E52-9B00-067394E91CC5} -

c:\PROGRA~1\mcafee\SITEAD~1

\mcieplg.dll
O20 - Winlogon Notify: AutorunsDisabled -

C:\WINDOWS\
O23 - Service: dlcc_device - -

C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService -

Unknown owner - C:\Program

Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service

- Macrovision Europe Ltd. - C:\Program

Files\Common Files\Macrovision

Shared\FLEXnet

Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR

Software - C:\WINDOWS\System32

\GEARSec.exe
O23 - Service: getPlus® Helper - NOS

Microsystems Ltd. - C:\Program

Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager

5.8.809.23506 (GoogleDesktopManager

-092308-165331) - Google - C:\Program

Files\Google\Google Desktop

Search\GoogleDesktop.exe
O23 - Service: Google Updater Service

(gusvc) - Google - C:\Program

Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service

(ioloFileInfoList) - Unknown owner -

C:\Program

Files\iolo\common\lib\ioloServiceManager

.exe
O23 - Service: iolo System Service

(ioloSystemService) - Unknown owner -

C:\Program

Files\iolo\common\lib\ioloServiceManager

.exe
O23 - Service: iWinGamesInstaller - iWin

Inc. - C:\Program Files\iWin

Games\iWinGamesInstaller.exe
O23 - Service: iWinTrusted - iWin Inc. -

C:\Program Files\iWin

Games\iWinTrusted.exe
O23 - Service: McAfee SiteAdvisor

Service - Unknown owner - C:\Program

Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services

(mcmscsvc) - McAfee, Inc. -

C:\PROGRA~1

\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent

(McNASvc) - McAfee, Inc. -

c:\PROGRA~1\COMMON~1

\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS)

- McAfee, Inc. - C:\PROGRA~1

\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service

(McProxy) - McAfee, Inc. - c:\PROGRA~1

\COMMON~1

\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner

(McShield) - McAfee, Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1

\mcshield.exe
O23 - Service: McAfee SystemGuards

(McSysmon) - McAfee, Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1

\mcsysmon.exe
O23 - Service: McAfee Personal Firewall

Service (MpfService) - McAfee, Inc. -

C:\Program

Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService

(NetSvc) - Intel® Corporation -

C:\Program

Files\Intel\PROSetWired\NCS\Sync\NetSv

c.exe
O23 - Service: SupportSoft Sprocket

Service (dellsupportcenter)

(sprtsvc_dellsupportcenter) - SupportSoft,

Inc. - C:\Program Files\Dell Support

Center\bin\sprtsvc.exe
O24 - Desktop Component 0: (no name) -

(no file)

--
End of file - 11977 bytes





THIS IS THE UNINSTALL FILE

924PLC32
ABBYY FineReader 6.0 Sprint
[email protected] Boot Disk Demo
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
Adobe Shockwave Player 11
AT&T Self Support Tool
AT&T Toolbar
Big Fish Games Client
CCleaner (remove only)
Conexant D850 56K V.9x DFVc Modem
Corel Photo Album 6
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell PC TuneUp
Dell Photo AIO Printer 924
Dell Support Center (Support Software)
DellSupport
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
ebgcInfra
ebgcRes
ebgcRes
ebgcSDK
ebgcSDK
EducateU
ELIcon
ERUNT 1.1j
Foxit Reader
Games, Music, & Photos Launcher
getPlus® for Adobe
Google Desktop
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5

SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5

SP1 (KB958484)
Hotfix for Windows Internet Explorer 7

(KB947864)
Hotfix for Windows XP (KB961118)
I Spy Fantasy
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and

Drivers
Intel® Processor ID Utility
Intel® PROSet for Wired Connections
Internet Service Offers Launcher
iWin Games (remove only)
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE

v1.4.2_03
Malwarebytes' Anti-Malware
McAfee SecurityCenter
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix

(KB928366)
Microsoft .NET Framework 2.0 Service

Pack 2
Microsoft .NET Framework 3.0 Service

Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Diagnostics and Recovery

Toolset 5.0
Microsoft Office 2000 SR-1 Professional
Microsoft Silverlight
Minimem
Modem Helper
MrRobot 1.21
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
NetWaiting
Polar Bowler
QuickTime
RealPlayer Basic
Robbox
Roxio Backup MyPC
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Search Assist
Security Update for CAPICOM

(KB931906)
Security Update for CAPICOM

(KB931906)
Security Update for Windows Internet

Explorer 7 (KB937143)
Security Update for Windows Internet

Explorer 7 (KB938127)
Security Update for Windows Internet

Explorer 7 (KB939653)
Security Update for Windows Internet

Explorer 7 (KB942615)
Security Update for Windows Internet

Explorer 7 (KB944533)
Security Update for Windows Internet

Explorer 7 (KB950759)
Security Update for Windows Internet

Explorer 7 (KB953838)
Security Update for Windows Internet

Explorer 7 (KB956390)
Security Update for Windows Internet

Explorer 7 (KB958215)
Security Update for Windows Internet

Explorer 7 (KB960714)
Security Update for Windows Internet

Explorer 7 (KB961260)
Security Update for Windows XP

(KB960715)
Shockwave
Sonic Activation Module
Sonic Update Manager
Spelling Dictionaries Support For Adobe

Reader 9
Spybot - Search & Destroy
Super Granny 4 (remove only)
TuneUp Utilities 2009
Uniblue RegistryBooster 2009
Uniblue RegistryBooster 2009
Update for Windows XP (KB967715)
Viewpoint Media Player
WebCyberCoach 3.2 Dell
Windows Defender
Windows Installer Clean Up
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Presentation Foundation
WordPerfect Office 12
WordPerfect OfficeReady
Yahoo! Anti-Spy
Yahoo! Music Jukebox
Yahoo! Search Protection
Yahoo! Toolbar
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP