Hello,
I had been experiencing typical infected pc symptons. I downloaded, installed and ran full Malwarebytes scan. All but 2 problems were fixed, asked to reboot to complete process. After reboot i i was able to connect to local network but unable to connect to internet. Also, malwarebytes was blocked from startup. I did the the router and modem cycle on and off, no internet. I have access to another pc on this network and have been able to browse for solutions. I have tried several things including winsock resets and such. At this point i have been able to install hyjackthis on my infected pc. Here is the latest Malwarebytes quick scan and hijackthis log files. Thank you in advance for your time and efforts.
~Ben
ps- i have been unable to update my norton antivirus for sometime, i have purchased a new antivirus, when should i install it?

I have a dell inspirion 1501
it runs vista home basic


Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 6.0.6001 Service Pack 1

9/25/2009 7:24:51 AM
mbam-log-2009-09-25 (07-24-51).txt

Scan type: Quick Scan
Objects scanned: 83029
Time elapsed: 10 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:10:49 PM, on 9/27/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\sttray.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 93.174.93.98 12chan.org
O1 - Hosts: 93.174.93.98 www.12chan.org
O1 - Hosts: 93.174.93.98 img.12chan.org
O1 - Hosts: 93.174.93.98 img.12chan.crabdance.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: SPCSUtilityService - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9170 bytes

You're HOSTS file appears to have been attacked which is probably causing you improper access to many sites.
You should be able to edit or even delete that file as long as no current Malware is locking it.

See if you can edit the file with notepad. Try doing the following.

Click on the Start button and in the search or run line type in the following. NOTEPAD and when it comes up then right click over it and choose Run As Admin.

Then do file -> open and type in (don't try to browse as the location will probably be hidden.

Then hit okay and it should open your hosts file. Towards the top there should probably be an entry for 127.0.0.1
Delete everything below that and Save the file. If it won't let you save it then let me know and we'll do some other stuff to fix it.

Thank you for your response. I was able to delete and save. Still unable to access internet. Just local network connection. Malwarebytes is still being blocked at startup.

Okay I was hoping that would help you out enough but apparently something else going on.

Please run the following.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

1. If you are using Firefox, make sure that your download settings are as follows:
   
   • Tools->Options->Main tab
   • Set to "Always ask me where to Save the files".
2. During the download, rename Combofix to Combo-Fix as follows:
   
   
   
   
   
   
3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   -----------------------------------------------------------
   
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
     
     -----------------------------------------------------------
   
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
   
   
   -----------------------------------------------------------
7. Double click on combo-Fix.exe & follow the prompts.
8. When finished, it will produce a report for you.
9. Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

If you still cannot get this to run, try booting into Safe Mode, and run it there.

To boot into Safe Mode, tap F8 after BIOS, and just before the Windows logo appears. A list of options will appear, select "Safe Mode."

If this doesn't work either, try the same method (above method), but name Combofix.exe to iexplore.exe instead, or winlogon.exe..
This because It also happens in some cases that malware blocks EVERY process except for what is in its own whitelist, so this whitelist also includes system important processes such as iexplore.exe, explorer.exe, winlogon.exe...

thanks again. I got combofix on the sick pc. it ran no problem. I ran hijackthis and the host issues from first hjackthis log were there. I ran hijackthis as admin (as it suggested) and they seem to be gone? anyway heres the newest logs.


ComboFix 09-09-25.01 - Benjamin Poulin 09/30/2009 17:54.1.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.893.413 [GMT -4:00]
Running from: c:\users\Benjamin Poulin\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1738422755-998661840-641317060-500
c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500
c:\$recycle.bin\S-1-5-21-326680276-3348478282-2575308340-500
c:\windows\Installer\f106c.msi
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-30 )))))))))))))))))))))))))))))))
.

2009-09-30 22:02 . 2009-09-30 22:03 -------- dc----w- c:\users\Benjamin Poulin\AppData\Local\temp
2009-09-30 22:02 . 2009-09-30 22:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-30 21:14 . 2009-09-30 21:14 -------- dc----w- c:\users\Benjamin Poulin\AppData\Roaming\U3
2009-09-27 23:10 . 2009-09-27 23:10 -------- dc----w- c:\program files\Trend Micro
2009-09-25 00:49 . 2009-09-25 00:49 -------- d-----w- C:\found.000
2009-09-21 01:03 . 2009-09-21 01:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-19 15:09 . 2001-04-12 22:00 182272 ----a-w- c:\windows\patchw32.dll
2009-09-19 15:09 . 2009-09-19 15:09 -------- dc----w- c:\program files\Common Files\PocketSoft
2009-09-19 15:09 . 2009-09-19 15:09 -------- dc----w- c:\program files\ubi.com
2009-09-19 15:02 . 2009-09-19 15:02 -------- dc----w- c:\program files\directx
2009-09-19 14:16 . 2009-09-19 14:16 -------- dc----w- c:\program files\Red Storm Entertainment
2009-09-19 13:48 . 2009-09-19 13:48 -------- dc----w- c:\program files\Elaborate Bytes
2009-09-06 23:42 . 2009-09-06 23:42 -------- dc----w- c:\users\Benjamin Poulin\triplea
2009-09-04 01:05 . 2009-09-19 14:09 -------- dc----w- c:\program files\—zŽË‚µ‚Ì’†‚̃ŠƒAƒ‹

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-30 21:48 . 2007-10-24 19:14 -------- dc----w- c:\programdata\Symantec
2009-09-30 21:48 . 2007-10-24 19:14 -------- dc----w- c:\program files\Common Files\Symantec Shared
2009-09-27 23:08 . 2009-09-27 23:08 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-09-24 20:57 . 2009-05-14 01:10 -------- dc----w- c:\program files\SPAMfighter
2009-09-23 21:13 . 2008-07-02 03:19 -------- dc----w- c:\users\Benjamin Poulin\AppData\Roaming\Azureus
2009-09-23 04:16 . 2009-03-05 19:29 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-21 01:00 . 2007-10-24 19:00 -------- dc----w- c:\program files\Java
2009-09-21 00:11 . 2008-07-20 14:21 -------- dc----w- c:\program files\WarZone
2009-09-21 00:09 . 2008-12-03 04:43 -------- dc----w- c:\program files\Common Files\AOL
2009-09-19 15:08 . 2007-10-24 19:02 -------- dc-h--w- c:\program files\InstallShield Installation Information
2009-09-16 01:49 . 2008-07-07 03:12 -------- dc----w- c:\program files\Full Tilt Poker
2009-09-10 18:54 . 2009-03-05 19:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-03-05 19:29 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-27 03:53 . 2008-09-06 04:25 -------- dc----w- c:\users\Benjamin Poulin\AppData\Roaming\GetRightToGo
2009-08-27 03:22 . 2008-07-19 02:02 7944 -c--a-w- c:\users\Benjamin Poulin\AppData\Local\d3d9caps.dat
2009-08-10 02:24 . 2008-07-02 00:52 -------- dc----w- c:\users\Benjamin Poulin\AppData\Roaming\Move Networks
2008-08-11 03:07 . 2008-08-11 03:07 122880 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-10-25 02:40 . 2007-10-25 02:31 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-03-14 2807296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-20 815104]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1540096]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-03-12 326792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-21 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-02-08 303104]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-10-24 50688]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-10-24 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5BD34971-B494-4E82-970C-577BAD114687}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{FBC8C3A0-EDD9-4419-8C51-F06ACF69195A}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4DCAD501-0D41-4CB1-A6D0-D930F195F99A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A96B2896-FEBA-450E-9A75-A319B9870862}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{57DCA2E8-102F-4A3B-AADE-0D7E44731BB7}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{032597C9-1123-43EB-95EC-5DD419C4DAB0}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{8B2E7F5B-C5D3-4DEF-853B-95618DCDD2C6}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{C697837F-3D05-45B3-8012-E5AC2DC121D4}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"TCP Query User{118EDEF3-1AEF-4801-A9C7-AF4CA74F000F}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{45D07FF3-67C8-4F01-8A1A-6502AE6457D7}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{8361E002-C1F9-4974-9EB7-B2AD7B5CB41A}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{BB42C62C-9B09-4B11-82C2-74562626458E}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{CC74E0BE-722C-417F-B644-DDCA2DB962B6}"= UDP:3300:aaa

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [3/12/2009 10:44 AM 184968]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/24/2007 3:27 PM 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071025
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
FF - ProfilePath - c:\users\Benjamin Poulin\AppData\Roaming\Mozilla\Firefox\Profiles\r1r64onr.default\
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Benjamin Poulin\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\users\Benjamin Poulin\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-30 18:03
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-09-30 18:06
ComboFix-quarantined-files.txt 2009-09-30 22:05

Pre-Run: 3,777,904,640 bytes free
Post-Run: 5,617,881,088 bytes free

180 --- E O F --- 2009-03-12 05:10


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:16:28 PM, on 9/30/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\sttray.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: SPCSUtilityService - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6552 bytes

STEP 01
Download but do not yet run ComboFix
If you have a previous version of Combofix.exe, delete it and download a fresh copy.
Download it to your DESKTOP - it MUST run from the Desktop
download.bleepingcomputer.com/sUBs/ComboFix.exe
subs.geekstogo.com/ComboFix.exe

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines


Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:

• Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
• Disconnect from the Internet.
• Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
• A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
• It may identify that Recovery Console is not installed. Please accept when asked if you wish it to be installed.
  When the scan completes Notepad will open with with your results log open. Do a File, Exit.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post back the Combofix log on your next reply.

STEP 02
Update and Scan with Malwarebytes' Anti-Malware

• Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
• Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
  
  • Update Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Update
• When the update is complete, select the Scanner tab
• Select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log on your next reply

STEP 03
Eset NOD32 Online AntiVirus
Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.

Please temporarily disable your current Anti-Virus in order to run this Online AV scanner.
Run Eset NOD32 Online AntiVirus

Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Anvirisus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

I want to make sure i am doing things correctly. The computer that is infected has no internet access thus i can not download anything to its desktop. The pc i am on now is online and i have downloaded the programs you have recommended and moved them to my infected pc via memory stick. Is this acceptable for the use of combofix? Thanks again

Yes you can do that for Combofix. You need to copy the rules.ref file over to it as well from your updated system for MBAM.

XP Path is:
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref

Vista Path is:
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref

You can also lookup and print if you want this FAQ
http://www.malwarebytes.org/forums/index.php?showtopic=10138


Then try the following to see if you can restore network access or not.

On the infected computer click on the Start button and type in CMD in the search line and when it comes up on the menu right click it and choose Run As Admin

Then in the DOS console type in exactly the information below and hit the ENTER key when done, doing this one line at a time.





Then if that restores the network connection go ahead and run the Online NOD32 scan.

i am afraid i made matters worse. I followed step 1, the pc rebooted, combofix finished and produced a log. in attempt to create a txt file for the combofix log to transfer to this pc to copy and paste here i receive this error message -

"C:Users\My Name\Desktop\log.txt

Illegal operation attempted on a registry key that has been marked for deletion."

i cant seem to access any notepad files on my desktop... i wish had more of a clue as to what i am doing, i appreciate your patience...

I still have no internet access.
While unable to open the notepad files on my desktop i was able to drag it to my memory stick.
i am going to wait before i proceed to step 2

ComboFix 09-09-30.01 - Benjamin Poulin 09/30/2009 20:50.2.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.893.338 [GMT -4:00]
Running from: c:\users\Benjamin Poulin\Desktop\ComboFix.exe
Command switches used :: c:\users\Benjamin Poulin\Desktop\CFscript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-09-01 to 2009-10-01 )))))))))))))))))))))))))))))))
.

2009-10-01 00:56 . 2009-10-01 00:58 -------- dc----w- c:\users\Benjamin Poulin\AppData\Local\temp
2009-10-01 00:56 . 2009-10-01 00:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-01 00:56 . 2009-10-01 00:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-30 21:52 . 2009-09-30 22:06 -------- dc----w- C:\Combo-Fix
2009-09-30 21:14 . 2009-10-01 00:45 -------- dc----w- c:\users\Benjamin Poulin\AppData\Roaming\U3
2009-09-27 23:10 . 2009-09-27 23:10 -------- dc----w- c:\program files\Trend Micro
2009-09-25 00:49 . 2009-09-25 00:49 -------- d-----w- C:\found.000
2009-09-21 01:03 . 2009-09-21 01:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-19 15:09 . 2001-04-12 22:00 182272 ----a-w- c:\windows\patchw32.dll
2009-09-19 15:09 . 2009-09-19 15:09 -------- dc----w- c:\program files\Common Files\PocketSoft
2009-09-19 15:09 . 2009-09-19 15:09 -------- dc----w- c:\program files\ubi.com
2009-09-19 15:02 . 2009-09-19 15:02 -------- dc----w- c:\program files\directx
2009-09-19 14:16 . 2009-09-19 14:16 -------- dc----w- c:\program files\Red Storm Entertainment
2009-09-19 13:48 . 2009-09-19 13:48 -------- dc----w- c:\program files\Elaborate Bytes
2009-09-06 23:42 . 2009-09-06 23:42 -------- dc----w- c:\users\Benjamin Poulin\triplea
2009-09-04 01:05 . 2009-09-19 14:09 -------- dc----w- c:\program files\—zŽË‚µ‚Ì’†‚̃ŠƒAƒ‹

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-30 21:48 . 2007-10-24 19:14 -------- dc----w- c:\programdata\Symantec
2009-09-30 21:48 . 2007-10-24 19:14 -------- dc----w- c:\program files\Common Files\Symantec Shared
2009-09-27 23:08 . 2009-09-27 23:08 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-09-24 20:57 . 2009-05-14 01:10 -------- dc----w- c:\program files\SPAMfighter
2009-09-23 21:13 . 2008-07-02 03:19 -------- dc----w- c:\users\Benjamin Poulin\AppData\Roaming\Azureus
2009-09-23 04:16 . 2009-03-05 19:29 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-21 01:00 . 2007-10-24 19:00 -------- dc----w- c:\program files\Java
2009-09-21 00:11 . 2008-07-20 14:21 -------- dc----w- c:\program files\WarZone
2009-09-21 00:09 . 2008-12-03 04:43 -------- dc----w- c:\program files\Common Files\AOL
2009-09-19 15:08 . 2007-10-24 19:02 -------- dc-h--w- c:\program files\InstallShield Installation Information
2009-09-16 01:49 . 2008-07-07 03:12 -------- dc----w- c:\program files\Full Tilt Poker
2009-09-10 18:54 . 2009-03-05 19:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-03-05 19:29 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-27 03:53 . 2008-09-06 04:25 -------- dc----w- c:\users\Benjamin Poulin\AppData\Roaming\GetRightToGo
2009-08-27 03:22 . 2008-07-19 02:02 7944 -c--a-w- c:\users\Benjamin Poulin\AppData\Local\d3d9caps.dat
2009-08-10 02:24 . 2008-07-02 00:52 -------- dc----w- c:\users\Benjamin Poulin\AppData\Roaming\Move Networks
2008-08-11 03:07 . 2008-08-11 03:07 122880 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-10-25 02:40 . 2007-10-25 02:31 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-09-30_22.03.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-25 17:52 . 2009-09-30 21:53 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-25 17:52 . 2009-10-01 00:58 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-25 17:52 . 2009-10-01 00:58 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-25 17:52 . 2009-09-30 21:53 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-25 17:52 . 2009-10-01 00:58 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-25 17:52 . 2009-09-30 21:53 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-03 09:50 . 2009-10-01 00:28 273874 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-03-14 2807296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-20 815104]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1540096]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-03-12 326792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-21 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-02-08 303104]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-10-24 50688]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-10-24 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5BD34971-B494-4E82-970C-577BAD114687}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{FBC8C3A0-EDD9-4419-8C51-F06ACF69195A}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4DCAD501-0D41-4CB1-A6D0-D930F195F99A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A96B2896-FEBA-450E-9A75-A319B9870862}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{57DCA2E8-102F-4A3B-AADE-0D7E44731BB7}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{032597C9-1123-43EB-95EC-5DD419C4DAB0}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{8B2E7F5B-C5D3-4DEF-853B-95618DCDD2C6}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{C697837F-3D05-45B3-8012-E5AC2DC121D4}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"TCP Query User{118EDEF3-1AEF-4801-A9C7-AF4CA74F000F}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{45D07FF3-67C8-4F01-8A1A-6502AE6457D7}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{8361E002-C1F9-4974-9EB7-B2AD7B5CB41A}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{BB42C62C-9B09-4B11-82C2-74562626458E}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{CC74E0BE-722C-417F-B644-DDCA2DB962B6}"= UDP:3300:aaa

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [3/12/2009 10:44 AM 184968]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/24/2007 3:27 PM 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071025
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
FF - ProfilePath - c:\users\Benjamin Poulin\AppData\Roaming\Mozilla\Firefox\Profiles\r1r64onr.default\
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-30 20:58
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\BCMWLTRY.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\WUDFHost.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorEngine.exe
c:\program files\Dell\QuickSet\quickset.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\msiexec.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-10-01 21:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-01 01:04
ComboFix2.txt 2009-09-30 22:06

Pre-Run: 5,500,203,008 bytes free
Post-Run: 5,404,286,976 bytes free

180 --- E O F --- 2009-03-12 05:10

Just hold on a minute - I have to take off but will try to get back with you again later tonight. Do not share a USB memory stick from an infected computer and a clean computer as you can easily infect the clean computer. Try to use a burned CDd if possible.

Please download and burn this CD from a clean system and then boot to it and run it on the infected system. I will be leaving out of town Friday so you need to get this done soon or I won't be able to help you till probably Monday.


Avira AntiVir Rescue System

Requires access to a working computer with a CD/DVD burner to create a bootable CD.

• Download the Avira AntiVir Rescue System from here
• Place a blank CD in your burner and double-click on the downloaded file named rescue_system-common-en.exe
• If the above link does not work please try this one: here
• The program will automatically burn the CD for you.
• Place the burned CD into the affected computer and start the computer from this CD.
• On the bottom left side of the screen there are 2 flags. Using your mouse click on the British flag to use English.
• Click on the Configuration button.
  
  • Select Scan all files
  • Select Try to repair infected files and Rename files, if they cannot be removed
  • Select Scan for dialers
  • Select Scan for joke programs (Jokes)
  • Select Scan for games
  • Select Scan for spyware (SPR)
• Click on Virus scanner
• Click on Start scanner at the bottom of the screen
• Currently the program does not support saving a log. Write down the amount of items for Records, Suspect files, and Warnings

The Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore and is updated several times a day so that the most recent security updates are always available.

Possible solutions to Screen Resolution and other issues

1. Please see the post here if you're unable to view the entire screen of Avira.
2. You can also review this one Fixed Rescue CD Resolution Probs with Dell Video
3. Currently only the German keyboard is supported. Command Line not working English keyboards require work arounds.
4. Some computers attempt to mount the floppy even though they don't have one. You may need to go in to the BIOS and disable the floppy drive in order to mount your hard drive for scanning.

Please post a status update on this.

Thanks.

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.