help me

[MelissaG]

whats up everybody,
ok i know i have a virus now. i was reading up on some posts last night and i came across ?bisons post/(forgive me if thats not the right name) and realized that i too have the triangle with ex point also. i havent seen any porn pop ups or websites but my pc sure is acting up.i need help, my kids are on this computer almost everyday when they get home from school and i dont need them seeing a bunch of garbage. i have included my hijack this log.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:44 AM, on 2/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
C:\Program Files\Dell Photo AIO Printer 966\memcard.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\winlogon.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 966\memcard.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-21-725345543-1844823847-2147112213-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Bill Gilbert')
O4 - HKUS\S-1-5-21-725345543-1844823847-2147112213-1004\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'Bill Gilbert')
O4 - HKUS\S-1-5-21-725345543-1844823847-2147112213-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Bill Gilbert')
O4 - HKUS\S-1-5-21-725345543-1844823847-2147112213-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'Bill Gilbert')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-18 Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE (User 'Default user')
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.com/v/8.1.1.1/applet/hangman/hangman-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/v/8.1.1.1/applet/fancy/fancy-en_US.cab
O16 - DPF: Spooky Slots - http://game1.pogo.com/v/8.1.2.12/applet/spooky/spooky-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/v/8.1.1.1/applet/peaks/peaks-en_US.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10893 bytes

 

[ghost]

There is one thing I can see, may want to wait for Gamemaster to have a look...

O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

To remove you can go to START>RUN...

Then type regedit and hit enter. Now go to this path...

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and delete IPClient.exe.

Now boot up in safe mode (F8 at startup) and go to...
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\
or
C:\Program Files\BellSouth\Connection Tool\

and delete the all of the content. (NOTE some of them are hidden files, info to view hidden files click here).


Also wait for this to be double checked as I'm a noob at HTLs!

 

[GameMaster]

Hello!
Yes, that's not needed.
Please open up your HijackThis and click Do a system scan only.
Now check this items:

• O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -
• O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"

Now please close all open windows except HijackThis and click Fix selected.
Now reboot your computer and post a fresh HijackThis log.

Also, tell me do you by any case feel a difference, because I am not sure I understood you well.
Maybe there is more to do!
GameMaster

 

[MelissaG]

new log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:01:05 PM, on 2/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
C:\Program Files\Dell Photo AIO Printer 966\memcard.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\winlogon.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 966\memcard.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-21-725345543-1844823847-2147112213-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Bill Gilbert')
O4 - HKUS\S-1-5-21-725345543-1844823847-2147112213-1004\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'Bill Gilbert')
O4 - HKUS\S-1-5-21-725345543-1844823847-2147112213-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Bill Gilbert')
O4 - HKUS\S-1-5-21-725345543-1844823847-2147112213-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'Bill Gilbert')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-18 Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE (User 'Default user')
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.com/v/8.1.1.1/applet/hangman/hangman-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/v/8.1.1.1/applet/fancy/fancy-en_US.cab
O16 - DPF: Spooky Slots - http://game1.pogo.com/v/8.1.2.12/applet/spooky/spooky-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/v/8.1.1.1/applet/peaks/peaks-en_US.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10536 bytes
ok gamemaster,
i did that. i played around on it a little bit. imnot noticing much difference.tis started about 2 weeks ago. i sat down at my pc and as my desktop and toolbar were loading up. down by the clock there was an icon i hadnt seen before.it was an exclamation point inside a yellow triangle. i went to roll over it to see what it was and it disappeared. . my pc has been acting strange, its not locking up but its been pretty sluggish here as of late and when no one is near it or has been on it it will be working like crazy doing something(light on hd is goin without pause)yet theres nothing pulled up.this will happen at like 2 or 3 in the morn. i have windows defender and norton. they both run everyday and neither one of them have found anything other than a few tracking cookies.thank you for all your help!
melissa

 

[GameMaster]

Well that's the point I haven't noticed a presence of Malwares...
Let's dig deeper.
Please visit this webpage for instructions for downloading ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

 

[MelissaG]

combo fix/hijack logs

ComboFix 08-02-20.2 - Owner 2008-02-19 15:23:14.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.543 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))
.

2008-02-14 18:54 . 2008-02-14 18:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Motive
2008-02-13 09:13 . 2008-02-13 09:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-11 14:55 . 2008-02-11 14:55 <DIR> d-------- C:\Documents and Settings\Bill Gilbert\Application Data\Ahead
2008-02-10 22:34 . 2008-02-10 22:34 <DIR> d-------- C:\WINDOWS\Sun
2008-02-10 11:14 . 2008-02-10 11:14 <DIR> d-------- C:\Program Files\Nick Arcade
2008-02-09 00:55 . 2008-02-09 00:55 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-02-08 18:34 . 2008-02-08 18:34 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Talkback
2008-02-07 20:07 . 2008-02-07 20:07 <DIR> d-------- C:\Documents and Settings\Bill Gilbert\Application Data\Talkback
2008-02-07 15:54 . 2008-02-07 15:54 <DIR> d-------- C:\Documents and Settings\Kay Court maddie\Application Data\Talkback
2008-02-06 23:38 . 2008-02-06 23:38 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-06 23:37 . 2008-02-06 23:37 1,158 --a------ C:\WINDOWS\mozver.dat
2008-02-06 22:54 . 2008-02-06 22:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Talkback
2008-02-06 16:56 . 2008-02-18 18:31 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-02-05 21:03 . 2008-02-05 21:13 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Ahead
2008-02-05 20:59 . 2008-02-05 20:59 <DIR> d-------- C:\Program Files\Nero
2008-02-05 20:59 . 2008-02-05 21:04 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-02-05 20:59 . 2008-02-05 20:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-01-31 16:30 . 2008-02-04 09:00 6,736 --a------ C:\Documents and Settings\All Users\Application Data\ypinfo.bin
2008-01-31 13:04 . 2008-02-10 18:47 <DIR> d-------- C:\Documents and Settings\Bill Gilbert\Shared
2008-01-31 13:04 . 2008-01-31 13:28 <DIR> d-------- C:\Documents and Settings\Bill Gilbert\Incomplete
2008-01-31 13:04 . 2008-01-31 14:19 <DIR> d-------- C:\Documents and Settings\Bill Gilbert\.limewire
2008-01-31 13:03 . 2008-02-11 14:26 <DIR> d-------- C:\Program Files\LimeWire
2008-01-26 22:53 . 2008-01-26 22:53 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-26 22:53 . 2006-02-28 06:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-26 22:51 . 2008-01-26 22:51 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-26 22:51 . 2008-01-26 22:52 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-26 20:17 . 2008-02-17 21:00 <DIR> d-------- C:\Documents and Settings\Bill Gilbert\Application Data\LimeWire
2008-01-24 20:49 . 2008-02-05 18:46 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-01-24 20:48 . 2008-01-24 20:48 <DIR> d-------- C:\Program Files\Java
2008-01-24 20:48 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-24 20:46 . 2008-01-24 20:46 <DIR> d-------- C:\Program Files\Common Files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 21:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-19 03:43 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-02-18 01:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-15 01:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-02-15 00:54 --------- d-----w C:\Program Files\SBC Self Support Tool
2008-02-09 17:07 --------- d-----w C:\Program Files\Dl_cats
2008-02-01 15:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-31 22:37 --------- d-----w C:\Documents and Settings\Kay Court maddie\Application Data\Yahoo!
2008-01-31 03:47 --------- d-----w C:\Program Files\Rhapsody
2008-01-31 03:45 --------- d-----w C:\Program Files\Oberon Media
2008-01-15 15:54 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-15 11:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-14 01:10 --------- d-----w C:\Documents and Settings\Guest\Application Data\Yahoo!
2008-01-13 15:06 --------- d-----w C:\Documents and Settings\Guest\Application Data\DellFaxCtr
2008-01-13 00:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-07 23:18 --------- d-----w C:\Documents and Settings\Kay Court maddie\Application Data\Corel
2008-01-06 08:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\funkitron
2008-01-04 20:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-04 16:25 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-04 16:25 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-04 16:25 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-04 16:25 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-04 16:25 --------- d-----w C:\Program Files\Symantec
2008-01-04 06:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-04 05:52 --------- d-----w C:\Documents and Settings\Bill Gilbert\Application Data\Yahoo!
2008-01-04 05:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-04 05:02 --------- d-----w C:\Program Files\Yahoo!
2007-12-31 23:15 --------- d-----w C:\Program Files\Common Files\Motive
2007-12-31 21:53 8,413 ----a-w C:\WINDOWS\system32\drivers\mcstrm.sys
2007-12-31 21:53 --------- d-----w C:\Program Files\Common Files\Real
2007-12-30 15:31 --------- d-----w C:\Documents and Settings\Owner\Application Data\Corel Photo Album
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 06:00 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 03:52 380928]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19 129536]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 14:55 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 14:51 118784]
"dlcqmon.exe"="C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe" [2007-01-12 11:21 292336]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 966\memcard.exe" [2006-12-12 02:22 304008]
"FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" [2006-12-12 02:22 312200]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"DLCQCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll" [2006-10-15 23:31 106496]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42 1404928]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-10-26 15:42 509224]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 01:11 771704]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26 368706]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 11:06 106496]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Microsoft Works Calendar Reminders.lnk - C:\Program Files\MSWorks\Calendar\WKCALREM.EXE [1998-07-21 68368]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2007-10-12 06:53:43 217088]

R2 dlcq_device;dlcq_device;C:\WINDOWS\system32\dlcqcoms.exe [2006-12-12 02:22]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f61ac0c7-7825-11dc-ad78-806d6172696f}]
\Shell\AutoRun\command - D:\Autorun\Autorun.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-19 07:47:31 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-02-19 02:41:42 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Owner.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 15:25:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCQCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-20 15:26:57
.
2008-02-15 07:23:16 --- E O F ---

 

[MelissaG]

hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:31:06 PM, on 2/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
C:\Program Files\Dell Photo AIO Printer 966\memcard.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 966\memcard.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-21-725345543-1844823847-2147112213-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Bill Gilbert')
O4 - HKUS\S-1-5-21-725345543-1844823847-2147112213-1004\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'Bill Gilbert')
O4 - HKUS\S-1-5-21-725345543-1844823847-2147112213-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Bill Gilbert')
O4 - HKUS\S-1-5-21-725345543-1844823847-2147112213-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'Bill Gilbert')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-18 Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE (User 'Default user')
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.com/v/8.1.1.1/applet/hangman/hangman-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/v/8.1.1.1/applet/fancy/fancy-en_US.cab
O16 - DPF: Spooky Slots - http://game1.pogo.com/v/8.1.2.12/applet/spooky/spooky-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/v/8.1.1.1/applet/peaks/peaks-en_US.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10285 bytes

 

[GameMaster]

The HijackThis log is all clean. Green field, couldn't be cleaner.
I'm reviewing the ComboFix log, it should be over tomorrow, because I have school in the morning and I'm a different timezone, I hope nothing urgent is happening...
Update us please, tell me for any changes and /or problems...

 

[MelissaG]

OK! thanks again,i really appreciate it.I know some about computers but i know i couldnt fix it myself. i look for your post tom. im wondering tho if i have this virus if ive sent it to other people ive emailed?

 

[GameMaster]

Well I must be straight and say that I doubt there is any malware problem and no, any virus that kind ( that transfers by e-mail or messenger ) would be visible in log...
still reviewing though, so...
Have you by any case used LimeWire, and are you still using it?

 

[Punk]

The triangle with exclamation point is on the bottom right of your screen in the toolbar? It is the windows updater, I don't think you're infected. All your logs are clean, GameMaster and I did not find anything, if you want we can wait for Ceewi1 to check your log but I think it's useless . Your PC is acting up when you're not around because it chooses to run programs when computer is idle, so that it doesn't slow down your computer.

 

[MelissaG]

ya i use limewire.not as much as i did but i still have it installed on my puter

 

[MelissaG]

new stuff

hey all,
i just sat down at my computer and there was a window from yahoo messenger opened up and it said youve been signed out cause you signed in on a different computer or window. I dont have a different puter hooked up. i hope its nothing.



im sorry if i seem pesky but ive had so much trouble with this computer. I HATE it but its the best one ive had thus far. its a dell dimension 2400. i have upgraded it some, i put a dvd burner in it and a gig of ram. the one i had before this was so crappy you could only run win 98 on it and it was causing conflicts with some of my stuff. i couldnt update anything cause support for 98 had been discontinued. so now i have this one. still crappy but better than the last.
melissa

 

[Vizy]

have you done any AV scans? im no pro but google 'avg free' and download, install. do a scan...

 

[GameMaster]

Hello there again!
Since the logs are clean, as benji said, it's most likely a windows updater...
Your problem may be due to the outdated windows...just give an update, maybe it carries required data...
I don't understand I foudn many yahoo toolbars and products in your log, is yahoo your...ISP? ( Internet Service Provider).

Also...
P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

List programs here

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).