Jump to content

backlineguy

Members
  • Posts

    11
  • Joined

  • Last visited

Everything posted by backlineguy

  1. Thanks again AdvancedSetup...your attention is much appreciated.
  2. AdvancedSetup, Thank you for your persistence and patience...I uninstalled IE8, and it rolled back to IE6...I ran the Dial a fix, and downloaded the latest version, installed it, and it WORKED. Iupdated it, and I plan to run a FULL SCAN in a moment. Thank you sir.
  3. Disabled anti-Virus, uninstalled current version, ( note* for what it's worth, the same error messages are displayed when uninstalling too), loaded that installer, rebooted, launched the ramdom name shortcut, and the same error messages are displayed...I did not get to run a scan...how's your patience with this one?...I'm going to wait to hear your next move...I'm all ears!
  4. Thank you once again for your atention to my issue! I downloaded the file and I still have the same issue, with the same error messages when I attempt to install Malwarebytes' Anti-Malware...I'll wait to hear your next instructions. Thanks again.
  5. Thanks AdvancedSetup! I followed each step to the letter, and a couple of notes here: I can not include a Malwarebytes' log, as it still will not run after installation. In fact, just before the installation completes, I get these error messages: 1. vbAccelerator SGrid II Control Run-time error "0" 2. Malwarebytes' Anti-Malware Automation error 3. #1 repeats in identical fashion 4. Malwarebytes' Anti-Malware Run-time error "440" Automation error Any attempt to start the newly installed program is instead prevented by these same error messages.... Here are the Combofix, JavaRa, and ESET logs as requested. Thanks for your efforts, as I know you are extremely busy. I will await futher instructions. ComboFix 09-07-14.08 - Stacia Haley 07/17/2009 8:40.3.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.626 [GMT -5:00] Running from: c:\documents and settings\Stacia Haley\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Stacia Haley\Desktop\CFscript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((( Files Created from 2009-06-17 to 2009-07-17 ))))))))))))))))))))))))))))))) . 2009-07-16 13:03 . 2009-07-17 13:04 -------- d--h--w- C:\$AVG8.VAULT$ 2009-07-16 12:45 . 2009-07-15 22:45 760600 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgscanx.exe 2009-07-16 12:45 . 2009-07-15 22:45 338712 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgscanx.dll 2009-07-15 22:37 . 2009-07-17 13:12 -------- d-----w- c:\windows\system32\drivers\Avg 2009-07-15 22:37 . 2009-07-15 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-07-15 21:54 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-07-15 21:54 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-07-15 21:54 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-07-15 21:54 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-07-15 20:36 . 2009-07-15 20:36 -------- d-----w- c:\program files\Alwil Software 2009-07-15 19:32 . 2009-07-15 19:32 -------- d-----w- c:\windows\system32\drivers\AU_Backup 2009-07-15 19:32 . 2009-05-22 05:58 287608 ----a-w- c:\windows\system32\drivers\Tmfilter.sys 2009-07-15 19:28 . 2009-07-15 23:58 -------- d-----w- c:\program files\Trend Micro 2009-07-15 19:01 . 2004-08-04 05:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll 2009-07-15 19:01 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll 2009-07-15 19:01 . 2001-08-18 03:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll 2009-07-15 19:01 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe 2009-07-15 19:01 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe 2009-07-15 18:59 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe 2009-07-15 18:58 . 2001-08-17 17:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys 2009-07-15 18:58 . 2004-08-04 03:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys 2009-07-15 18:58 . 2004-08-04 03:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys 2009-07-15 18:58 . 2004-08-04 05:56 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll 2009-07-15 18:58 . 2004-08-04 04:07 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys 2009-07-15 18:58 . 2004-08-04 03:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys 2009-07-15 18:58 . 2001-08-17 17:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys 2009-07-15 18:57 . 2001-08-17 18:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys 2009-07-15 18:57 . 2001-08-18 03:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll 2009-07-15 18:57 . 2001-08-18 03:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll 2009-07-15 18:57 . 2001-08-17 18:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys 2009-07-15 18:57 . 2004-08-04 03:29 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys 2009-07-15 18:57 . 2004-08-04 04:08 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys 2009-07-15 18:57 . 2001-08-17 17:10 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys 2009-07-15 18:57 . 2004-08-04 03:29 25471 -c--a-w- c:\windows\system32\dllcache\watv10nt.sys 2009-07-15 18:57 . 2004-08-04 03:29 22271 -c--a-w- c:\windows\system32\dllcache\watv06nt.sys 2009-07-15 18:57 . 2004-08-04 03:29 33599 -c--a-w- c:\windows\system32\dllcache\watv04nt.sys 2009-07-15 18:55 . 2001-08-17 17:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys 2009-07-15 18:55 . 2001-08-17 18:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys 2009-07-15 18:55 . 2004-08-04 03:59 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys 2009-07-15 18:55 . 2004-08-04 04:07 42240 -c--a-w- c:\windows\system32\dllcache\viaagp.sys 2009-07-15 18:55 . 2004-08-04 05:56 11325 -c--a-w- c:\windows\system32\dllcache\vchnt5.dll 2009-07-15 18:55 . 2001-08-17 18:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys 2009-07-15 18:55 . 2001-08-17 18:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys 2009-07-15 18:55 . 2001-08-17 18:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys 2009-07-15 18:55 . 2001-08-17 18:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys 2009-07-15 18:55 . 2001-08-17 18:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys 2009-07-15 18:55 . 2001-08-17 18:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys 2009-07-15 18:55 . 2001-08-17 18:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys 2009-07-15 18:55 . 2001-08-17 18:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys 2009-07-15 18:54 . 2004-08-04 04:10 78464 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys 2009-07-15 18:54 . 2004-08-04 04:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys 2009-07-15 18:54 . 2004-08-04 04:08 17024 -c--a-w- c:\windows\system32\dllcache\usbohci.sys 2009-07-15 18:54 . 2004-08-04 04:04 12672 -c--a-w- c:\windows\system32\dllcache\usb8023x.sys 2009-07-15 18:54 . 2004-08-04 03:31 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys 2009-07-15 18:54 . 2001-08-18 03:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll 2009-07-15 18:54 . 2001-08-18 03:36 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll 2009-07-15 18:54 . 2001-08-18 03:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll 2009-07-15 18:54 . 2001-08-18 03:36 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll 2009-07-15 18:54 . 2001-08-18 03:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll 2009-07-15 18:54 . 2001-08-17 18:58 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys 2009-07-15 18:54 . 2001-08-18 03:36 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll 2009-07-15 18:53 . 2001-08-18 03:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll 2009-07-15 18:53 . 2001-08-18 03:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll 2009-07-15 18:53 . 2001-08-18 03:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll 2009-07-15 18:53 . 2001-08-17 18:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys 2009-07-15 18:53 . 2004-08-04 04:07 44672 -c--a-w- c:\windows\system32\dllcache\uagp35.sys 2009-07-15 18:53 . 2001-08-17 18:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys 2009-07-15 18:53 . 2001-08-17 17:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys 2009-07-15 18:53 . 2001-08-18 03:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll 2009-07-15 18:53 . 2001-08-17 17:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys 2009-07-15 18:53 . 2001-08-17 19:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll 2009-07-15 18:53 . 2001-08-17 17:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys 2009-07-15 18:52 . 2001-08-17 19:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll 2009-07-15 18:52 . 2001-08-17 17:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys 2009-07-15 18:52 . 2001-08-18 03:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll 2009-07-15 18:52 . 2004-08-04 05:56 82432 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe 2009-07-15 18:52 . 2001-08-18 03:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll 2009-07-15 18:52 . 2001-08-17 18:51 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys 2009-07-15 18:52 . 2001-08-17 19:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys 2009-07-15 18:52 . 2001-08-17 19:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys 2009-07-15 18:52 . 2001-08-17 17:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys 2009-07-15 18:52 . 2001-08-17 17:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys 2009-07-15 18:52 . 2001-08-17 17:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys 2009-07-15 18:51 . 2001-08-17 19:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll 2009-07-15 18:51 . 2004-08-04 04:00 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys 2009-07-15 18:51 . 2001-08-17 17:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys 2009-07-15 18:51 . 2001-08-17 17:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys 2009-07-15 18:51 . 2001-08-17 18:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys 2009-07-15 18:51 . 2001-08-17 18:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys 2009-07-15 18:51 . 2001-08-17 17:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys 2009-07-15 18:51 . 2001-08-17 19:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll 2009-07-15 18:51 . 2001-08-17 19:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys 2009-07-15 18:51 . 2001-08-17 19:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys 2009-07-15 18:51 . 2001-08-17 19:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys 2009-07-15 18:50 . 2001-08-17 19:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys 2009-07-15 18:50 . 2001-08-18 03:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll 2009-07-15 18:50 . 2001-08-17 18:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys 2009-07-15 18:50 . 2001-08-17 19:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys 2009-07-15 18:50 . 2001-08-18 03:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll 2009-07-15 18:50 . 2001-08-18 03:36 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll 2009-07-15 18:50 . 2001-08-18 03:36 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll 2009-07-15 18:50 . 2001-08-18 03:36 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll 2009-07-15 18:50 . 2001-08-18 03:36 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll 2009-07-15 18:50 . 2001-08-18 03:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll 2009-07-15 18:50 . 2001-08-17 17:18 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys 2009-07-15 18:50 . 2001-08-17 18:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys 2009-07-15 18:49 . 2001-08-17 17:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys 2009-07-15 18:49 . 2001-08-18 03:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll 2009-07-15 18:49 . 2001-08-18 03:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll 2009-07-15 18:49 . 2001-08-17 18:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys 2009-07-15 18:49 . 2001-08-18 03:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll 2009-07-15 18:49 . 2001-08-17 19:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys 2009-07-15 18:49 . 2001-08-17 18:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys 2009-07-15 18:49 . 2001-08-17 17:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys 2009-07-15 18:49 . 2001-08-18 03:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll 2009-07-15 18:49 . 2001-08-17 17:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys 2009-07-15 18:47 . 2001-08-18 03:36 28672 -c--a-w- c:\windows\system32\dllcache\sma0w.dll 2009-07-15 18:46 . 2001-08-17 17:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys 2009-07-15 18:46 . 2001-08-17 19:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll 2009-07-15 18:46 . 2001-08-17 17:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys 2009-07-15 18:46 . 2004-08-04 05:56 3901 -c--a-w- c:\windows\system32\dllcache\siint5.dll 2009-07-15 18:46 . 2001-07-21 19:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys 2009-07-15 18:46 . 2001-07-21 19:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys 2009-07-15 18:46 . 2001-08-17 17:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys 2009-07-15 18:46 . 2001-08-18 03:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-16 12:45 . 2009-07-15 22:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-07-16 12:45 . 2009-07-15 22:37 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-07-16 12:45 . 2009-07-15 22:37 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-07-15 23:15 . 2009-07-15 23:15 -------- d-----w- c:\program files\VS Revo Group 2009-07-15 17:27 . 2006-01-08 20:05 -------- d-----w- c:\program files\Google 2009-07-15 17:18 . 2009-07-15 17:18 -------- d-----w- c:\program files\Common Files\snp2std 2009-07-15 17:18 . 2005-12-08 02:47 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-15 16:14 . 2005-12-26 05:35 -------- d-----w- c:\program files\Yahoo! 2009-07-15 13:12 . 2005-12-26 03:13 -------- d-----w- c:\program files\AOD 2009-07-15 02:29 . 2009-07-14 15:13 24908 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-07-15 02:29 . 2009-07-14 15:13 1940 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-07-04 23:56 . 2006-02-07 17:55 -------- d-----w- c:\documents and settings\Stacia Haley\Application Data\Apple Computer 2009-07-01 19:18 . 2009-07-01 19:18 360320 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL 2009-07-01 17:56 . 2006-12-04 04:07 -------- d-----w- c:\program files\Apple Software Update 2009-06-16 14:55 . 2004-08-10 11:00 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:55 . 2004-08-10 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-03 19:24 . 2004-08-10 11:00 1291264 ----a-w- c:\windows\system32\quartz.dll 2009-06-01 13:22 . 2009-07-15 19:32 9070 ----a-w- c:\windows\system32\drivers\tmfilter.cat 2009-05-22 06:03 . 2009-07-15 19:32 3444 ----a-w- c:\windows\system32\drivers\tmpreflt.inf 2009-05-22 06:03 . 2009-07-15 19:32 2583 ----a-w- c:\windows\system32\drivers\tmxpflt.inf 2009-05-22 05:46 . 2009-07-15 19:32 2544 ----a-w- c:\windows\system32\drivers\vsapint.inf 2009-05-13 05:15 . 2004-08-10 11:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-07 15:44 . 2004-08-10 11:00 344064 ----a-w- c:\windows\system32\localspl.dll 2006-01-08 20:05 . 2006-01-08 20:05 774144 ----a-w- c:\program files\RngInterstitial.dll 2009-04-30 15:54 . 2009-01-09 18:08 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-11-10 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-10 602182] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-16 1948440] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-07-15 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-07-15 15:54 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-07-16 12:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk backup=c:\windows\pss\ExifLauncher2.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^F1U201.401.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\F1U201.401.lnk backup=c:\windows\pss\F1U201.401.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/15/2009 5:37 PM 327688] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 1:53 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 12:39 PM 55024] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/15/2009 5:37 PM 298776] R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [8/10/2004 6:00 AM 14336] S2 gupdate1ca057150e0f4a6;Google Update Service (gupdate1ca057150e0f4a6);c:\program files\Google\Update\GoogleUpdate.exe [7/15/2009 12:25 PM 133104] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/8/2006 3:05 PM 29744] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-07-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2009-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 17:25] 2009-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 17:25] 2009-07-17 c:\windows\Tasks\User_Feed_Synchronization-{1F43B247-0DC3-47FA-9C2C-882D7CF6C161}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31] . . ------- Supplementary Scan ------- . FF - ProfilePath - c:\documents and settings\Stacia Haley\Application Data\Mozilla\Firefox\Profiles\0zh1zc82.default\ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\program files\Java\j2re1.4.1_07\bin\NPJava11.dll FF - plugin: c:\program files\Java\j2re1.4.1_07\bin\NPJava12.dll FF - plugin: c:\program files\Java\j2re1.4.1_07\bin\NPJava13.dll FF - plugin: c:\program files\Java\j2re1.4.1_07\bin\NPJava32.dll FF - plugin: c:\program files\Java\j2re1.4.1_07\bin\NPJPI141_07.dll FF - plugin: c:\program files\Java\j2re1.4.1_07\bin\NPOJI610.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-17 08:47 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\INTEL\Wireless\Folders\0* 2*] "Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1008) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(2912) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Executive Software\Diskeeper\DkService.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\windows\system32\HPZipm12.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\ehome\mcrdsvc.exe c:\program files\AVG\AVG8\avgrsx.exe c:\windows\system32\dllhost.exe c:\windows\ehome\ehmsas.exe c:\windows\system32\igfxsrvc.exe c:\program files\Apoint\ApntEx.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe . ************************************************************************** . Completion time: 2009-07-17 8:51 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-17 13:51 ComboFix2.txt 2009-07-16 12:34 ComboFix3.txt 2009-07-14 04:31 Pre-Run: 21,660,618,752 bytes free Post-Run: 21,636,505,600 bytes free 298 --- E O F --- 2009-07-16 11:18 JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Fri Jul 17 09:03:21 2009 ------------------------------------ Finished reporting. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=6 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.5886 # api_version=3.0.2 # EOSSerial=e5df5f52e39c324db649dafb3ac183ca # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-07-17 05:04:37 # local_time=2009-07-17 12:04:37 (-0600, Central Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=1026 37 83 100 1019269218750 # scanned=60315 # found=0 # cleaned=0 # scan_time=1997
  6. Thank you for your attention to this issue. I ran Combofix as instructed, and will include that log as well as a new HJT log. ComboFix 09-07-14.08 - Stacia Haley 07/16/2009 7:26.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.184 [GMT -5:00] Running from: c:\documents and settings\Stacia Haley\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Installer\eb768.msi c:\windows\system32\tmp.reg . ((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 ))))))))))))))))))))))))))))))) . 2009-07-15 23:15 . 2009-07-15 23:15 -------- d-----w- c:\program files\VS Revo Group 2009-07-15 22:37 . 2009-07-15 22:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-07-15 22:37 . 2009-07-15 22:45 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-07-15 22:37 . 2009-07-15 22:45 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-07-15 22:37 . 2009-07-16 11:36 -------- d-----w- c:\windows\system32\drivers\Avg 2009-07-15 22:37 . 2009-07-15 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-07-15 21:54 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-07-15 21:54 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-07-15 21:54 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-07-15 21:54 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-07-15 20:36 . 2009-07-15 20:36 -------- d-----w- c:\program files\Alwil Software 2009-07-15 19:32 . 2009-07-15 19:32 -------- d-----w- c:\windows\system32\drivers\AU_Backup 2009-07-15 19:32 . 2009-05-22 05:58 287608 ----a-w- c:\windows\system32\drivers\Tmfilter.sys 2009-07-15 19:28 . 2009-07-15 23:58 -------- d-----w- c:\program files\Trend Micro 2009-07-15 19:01 . 2004-08-04 05:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll 2009-07-15 19:01 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll 2009-07-15 19:01 . 2001-08-18 03:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll 2009-07-15 19:01 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe 2009-07-15 19:01 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe 2009-07-15 18:59 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe 2009-07-15 18:58 . 2001-08-17 17:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys 2009-07-15 18:58 . 2004-08-04 03:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys 2009-07-15 18:58 . 2004-08-04 03:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys 2009-07-15 18:58 . 2004-08-04 05:56 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll 2009-07-15 18:58 . 2004-08-04 04:07 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys 2009-07-15 18:58 . 2004-08-04 03:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys 2009-07-15 18:58 . 2001-08-17 17:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys 2009-07-15 18:57 . 2001-08-17 18:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys 2009-07-15 18:57 . 2001-08-18 03:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll 2009-07-15 18:57 . 2001-08-18 03:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll 2009-07-15 18:57 . 2001-08-17 18:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys 2009-07-15 18:57 . 2004-08-04 03:29 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys 2009-07-15 18:57 . 2004-08-04 04:08 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys 2009-07-15 18:57 . 2001-08-17 17:10 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys 2009-07-15 18:57 . 2004-08-04 03:29 25471 -c--a-w- c:\windows\system32\dllcache\watv10nt.sys 2009-07-15 18:57 . 2004-08-04 03:29 22271 -c--a-w- c:\windows\system32\dllcache\watv06nt.sys 2009-07-15 18:57 . 2004-08-04 03:29 33599 -c--a-w- c:\windows\system32\dllcache\watv04nt.sys 2009-07-15 18:55 . 2001-08-17 17:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys 2009-07-15 18:55 . 2001-08-17 18:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys 2009-07-15 18:55 . 2004-08-04 03:59 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys 2009-07-15 18:55 . 2004-08-04 04:07 42240 -c--a-w- c:\windows\system32\dllcache\viaagp.sys 2009-07-15 18:55 . 2004-08-04 05:56 11325 -c--a-w- c:\windows\system32\dllcache\vchnt5.dll 2009-07-15 18:55 . 2001-08-17 18:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys 2009-07-15 18:55 . 2001-08-17 18:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys 2009-07-15 18:55 . 2001-08-17 18:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys 2009-07-15 18:55 . 2001-08-17 18:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys 2009-07-15 18:55 . 2001-08-17 18:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys 2009-07-15 18:55 . 2001-08-17 18:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys 2009-07-15 18:55 . 2001-08-17 18:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys 2009-07-15 18:55 . 2001-08-17 18:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys 2009-07-15 18:54 . 2004-08-04 04:10 78464 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys 2009-07-15 18:54 . 2004-08-04 04:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys 2009-07-15 18:54 . 2004-08-04 04:08 17024 -c--a-w- c:\windows\system32\dllcache\usbohci.sys 2009-07-15 18:54 . 2004-08-04 04:04 12672 -c--a-w- c:\windows\system32\dllcache\usb8023x.sys 2009-07-15 18:54 . 2004-08-04 03:31 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys 2009-07-15 18:54 . 2001-08-18 03:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll 2009-07-15 18:54 . 2001-08-18 03:36 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll 2009-07-15 18:54 . 2001-08-18 03:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll 2009-07-15 18:54 . 2001-08-18 03:36 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll 2009-07-15 18:54 . 2001-08-18 03:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll 2009-07-15 18:54 . 2001-08-17 18:58 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys 2009-07-15 18:54 . 2001-08-18 03:36 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll 2009-07-15 18:53 . 2001-08-18 03:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll 2009-07-15 18:53 . 2001-08-18 03:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll 2009-07-15 18:53 . 2001-08-18 03:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll 2009-07-15 18:53 . 2001-08-17 18:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys 2009-07-15 18:53 . 2004-08-04 04:07 44672 -c--a-w- c:\windows\system32\dllcache\uagp35.sys 2009-07-15 18:53 . 2001-08-17 18:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys 2009-07-15 18:53 . 2001-08-17 17:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys 2009-07-15 18:53 . 2001-08-18 03:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll 2009-07-15 18:53 . 2001-08-17 17:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys 2009-07-15 18:53 . 2001-08-17 19:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll 2009-07-15 18:53 . 2001-08-17 17:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys 2009-07-15 18:52 . 2001-08-17 19:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll 2009-07-15 18:52 . 2001-08-17 17:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys 2009-07-15 18:52 . 2001-08-18 03:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll 2009-07-15 18:52 . 2004-08-04 05:56 82432 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe 2009-07-15 18:52 . 2001-08-18 03:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll 2009-07-15 18:52 . 2001-08-17 18:51 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys 2009-07-15 18:52 . 2001-08-17 19:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys 2009-07-15 18:52 . 2001-08-17 19:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys 2009-07-15 18:52 . 2001-08-17 17:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys 2009-07-15 18:52 . 2001-08-17 17:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys 2009-07-15 18:52 . 2001-08-17 17:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys 2009-07-15 18:51 . 2001-08-17 19:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll 2009-07-15 18:51 . 2004-08-04 04:00 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys 2009-07-15 18:51 . 2001-08-17 17:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys 2009-07-15 18:51 . 2001-08-17 17:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys 2009-07-15 18:51 . 2001-08-17 18:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys 2009-07-15 18:51 . 2001-08-17 18:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys 2009-07-15 18:51 . 2001-08-17 17:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys 2009-07-15 18:51 . 2001-08-17 19:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll 2009-07-15 18:51 . 2001-08-17 19:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys 2009-07-15 18:51 . 2001-08-17 19:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys 2009-07-15 18:51 . 2001-08-17 19:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys 2009-07-15 18:50 . 2001-08-17 19:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys 2009-07-15 18:50 . 2001-08-18 03:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll 2009-07-15 18:50 . 2001-08-17 18:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys 2009-07-15 18:50 . 2001-08-17 19:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys 2009-07-15 18:50 . 2001-08-18 03:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll 2009-07-15 18:50 . 2001-08-18 03:36 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll 2009-07-15 18:50 . 2001-08-18 03:36 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll 2009-07-15 18:50 . 2001-08-18 03:36 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll 2009-07-15 18:50 . 2001-08-18 03:36 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll 2009-07-15 18:50 . 2001-08-18 03:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll 2009-07-15 18:50 . 2001-08-17 17:18 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys 2009-07-15 18:50 . 2001-08-17 18:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys 2009-07-15 18:49 . 2001-08-17 17:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys 2009-07-15 18:49 . 2001-08-18 03:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll 2009-07-15 18:49 . 2001-08-18 03:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll 2009-07-15 18:49 . 2001-08-17 18:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys 2009-07-15 18:49 . 2001-08-18 03:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll 2009-07-15 18:49 . 2001-08-17 19:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys 2009-07-15 18:49 . 2001-08-17 18:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys 2009-07-15 18:49 . 2001-08-17 17:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys 2009-07-15 18:49 . 2001-08-18 03:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll 2009-07-15 18:49 . 2001-08-17 17:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys 2009-07-15 18:47 . 2001-08-18 03:36 28672 -c--a-w- c:\windows\system32\dllcache\sma0w.dll 2009-07-15 18:46 . 2001-08-17 17:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys 2009-07-15 18:46 . 2001-08-17 19:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll 2009-07-15 18:46 . 2001-08-17 17:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys 2009-07-15 18:46 . 2004-08-04 05:56 3901 -c--a-w- c:\windows\system32\dllcache\siint5.dll 2009-07-15 18:46 . 2001-07-21 19:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys 2009-07-15 18:46 . 2001-07-21 19:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys 2009-07-15 18:46 . 2001-08-17 17:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-15 17:27 . 2006-01-08 20:05 -------- d-----w- c:\program files\Google 2009-07-15 17:18 . 2009-07-15 17:18 -------- d-----w- c:\program files\Common Files\snp2std 2009-07-15 17:18 . 2005-12-08 02:47 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-15 16:14 . 2005-12-26 05:35 -------- d-----w- c:\program files\Yahoo! 2009-07-15 13:12 . 2005-12-26 03:13 -------- d-----w- c:\program files\AOD 2009-07-15 02:29 . 2009-07-14 15:13 24908 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-07-15 02:29 . 2009-07-14 15:13 1940 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-07-04 23:56 . 2006-02-07 17:55 -------- d-----w- c:\documents and settings\Stacia Haley\Application Data\Apple Computer 2009-07-01 19:18 . 2009-07-01 19:18 360320 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL 2009-07-01 17:56 . 2006-12-04 04:07 -------- d-----w- c:\program files\Apple Software Update 2009-06-16 14:55 . 2004-08-10 11:00 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:55 . 2004-08-10 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-03 19:24 . 2004-08-10 11:00 1291264 ----a-w- c:\windows\system32\quartz.dll 2009-06-01 13:22 . 2009-07-15 19:32 9070 ----a-w- c:\windows\system32\drivers\tmfilter.cat 2009-05-22 06:03 . 2009-07-15 19:32 3444 ----a-w- c:\windows\system32\drivers\tmpreflt.inf 2009-05-22 06:03 . 2009-07-15 19:32 2583 ----a-w- c:\windows\system32\drivers\tmxpflt.inf 2009-05-22 05:46 . 2009-07-15 19:32 2544 ----a-w- c:\windows\system32\drivers\vsapint.inf 2009-05-13 05:15 . 2004-08-10 11:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-07 15:44 . 2004-08-10 11:00 344064 ----a-w- c:\windows\system32\localspl.dll 2006-01-08 20:05 . 2006-01-08 20:05 774144 ----a-w- c:\program files\RngInterstitial.dll 2009-04-30 15:54 . 2009-01-09 18:08 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-11-10 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-10 602182] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-15 1948440] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-07-15 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-07-15 15:54 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-07-15 22:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk backup=c:\windows\pss\ExifLauncher2.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^F1U201.401.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\F1U201.401.lnk backup=c:\windows\pss\F1U201.401.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/15/2009 5:37 PM 327688] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 1:53 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 12:39 PM 55024] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/15/2009 5:37 PM 298776] R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [8/10/2004 6:00 AM 14336] S2 gupdate1ca057150e0f4a6;Google Update Service (gupdate1ca057150e0f4a6);c:\program files\Google\Update\GoogleUpdate.exe [7/15/2009 12:25 PM 133104] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/8/2006 3:05 PM 29744] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-07-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2009-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 17:25] 2009-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 17:25] 2009-07-16 c:\windows\Tasks\User_Feed_Synchronization-{1F43B247-0DC3-47FA-9C2C-882D7CF6C161}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31] . . ------- Supplementary Scan ------- . FF - ProfilePath - c:\documents and settings\Stacia Haley\Application Data\Mozilla\Firefox\Profiles\0zh1zc82.default\ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\program files\Java\j2re1.4.1_07\bin\NPJava11.dll FF - plugin: c:\program files\Java\j2re1.4.1_07\bin\NPJava12.dll FF - plugin: c:\program files\Java\j2re1.4.1_07\bin\NPJava13.dll FF - plugin: c:\program files\Java\j2re1.4.1_07\bin\NPJava32.dll FF - plugin: c:\program files\Java\j2re1.4.1_07\bin\NPJPI141_07.dll FF - plugin: c:\program files\Java\j2re1.4.1_07\bin\NPOJI610.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-16 07:32 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\INTEL\Wireless\Folders\0* 2*] "Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1008) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . Completion time: 2009-07-16 7:34 ComboFix-quarantined-files.txt 2009-07-16 12:34 ComboFix2.txt 2009-07-14 04:31 Pre-Run: 21,784,985,600 bytes free Post-Run: 21,797,916,672 bytes free 273 --- E O F --- 2009-07-16 11:18 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:09:13 AM, on 7/16/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Apoint\Apoint.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_07\bin\npjpi141_07.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_07\bin\npjpi141_07.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1ca057150e0f4a6) (gupdate1ca057150e0f4a6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 6541 bytes
  7. Thanks!...I posted a HJT log...hopefully, we can find the culprit.....
  8. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:58:52 PM, on 7/15/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_07\bin\npjpi141_07.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_07\bin\npjpi141_07.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1ca057150e0f4a6) (gupdate1ca057150e0f4a6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 6749 bytes
  9. oh well...I looked for all of those, and none of them are on this computer....still need a resolution!...
  10. Hello all, I'm brand new here, so please forgive me if this issue has been resolved...I cannot run Malwarebytes. I get this error message "vbAccelerator SGrid II Control" ...I have tried to rename the installer file...same result. I've tried to reinstall Visual Basic Runtime from Microsoft...same result. Tried Revo uninstaller, and reinstall...same result. I've scanned with AVG and removed the Virut virus, and multiple scans with SuperAntiSpyware, CCleaner, tried uninstalling AVG and running Avast...same result. If anyone's got any more ideas...I'm all ears...thanks.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.