Jump to content

thanks

Members
  • Posts

    20
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I accidentally hit F2 during start-up and now system recovery is all set to wipe all of my files and programs. I rebooted before recovery continued, but I can't start in safe mode or anything. How do I stop it from continuing with the recovery or at least back up my files? Thanks for the help.
  2. Will do...Kenny, it's been a pleasure. Thanks a bunch, from your boy, Thanks.
  3. Okay, I removed AVG...here is my latest hijack this log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:07:14 PM, on 8/16/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\EeePC\ACPI\AsTray.exe C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe C:\Program Files\EeePC\ACPI\AsEPCMon.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Documents and Settings\Jared Goodman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\MsiExec.exe C:\WINDOWS\system32\MsiExec.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jared Goodman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: SuperHybridEngine.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 9492 bytes
  4. actually i got hooked up with lifetime mcaffee license from my old job, but if you think avg is better, then I'll remove mcaffee...
  5. Cool...I uninstalled java and combofix, and created a new system restore point...but when I ran hijack this the second file you noted didn't show up...do I need to do something more? The hijack log is below, thanks for all of your help. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:57:20 AM, on 8/16/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\EeePC\ACPI\AsTray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe C:\Program Files\EeePC\ACPI\AsEPCMon.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Documents and Settings\Jared Goodman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jared Goodman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: SuperHybridEngine.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- End of file - 8862 bytes
  6. Hey, here are the jotti logs and the uninstall list...computer's been running fine without any problems...i think i see that light at the end of the tunnel. Filename: gymatyji.scr Status: Scan finished. 0 out of 21 scanners reported malware. Scan taken on: Sun 16 Aug 2009 03:54:09 (CET) Permalink Additional info File size: 17092 bytes Filetype: Unknown MD5: 794cf646c10966d89e58231af93a6261 SHA1: 7ad9c4d048b5dcf450f0c58ccf1afb01e4b0484f Filename: olyrofena.scr Status: Scan finished. 0 out of 21 scanners reported malware. Scan taken on: Sun 16 Aug 2009 03:55:41 (CET) Permalink Additional info File size: 16875 bytes Filetype: Unknown MD5: fa66102d5efacc07a2a847e99f7c3f87 SHA1: 9cc02145dadc1999cb471f4e1542bb451f3d4f9e Here is the uninstall list: Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 8.1.1 Apple Mobile Device Support Apple Software Update Asus ACPI Driver ASUSUpdate for Eee PC Atheros Client Installation Program Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver AVG Free 8.5 Azurewave Wireless LAN Brother MFL-Pro Suite MFC-490CW Compatibility Pack for the 2007 Office system Critical Update for Windows Media Player 11 (KB959772) Eee Instant Key Eee Storage 1.2.16.309 Full Tilt Poker HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Intel® Graphics Media Accelerator Driver InterVideo WinDVD iTunes Java 6 Update 15 Java 6 Update 3 Malwarebytes' Anti-Malware McAfee VirusScan Enterprise Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 1.1 Hotfix (KB929729) Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Professional Edition 2003 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Mozilla Firefox (3.0.13) QuickTime Realtek High Definition Audio Driver Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953155) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Skype
  7. sorry about all of that, i think each time i refreshed, it re-posted my message...
  8. yeah, i chose it because that's how i'm going to feel when this gets fixed...lots and lots of thanks...and it's easy to remember...here is what jotti turned up: Filename: ykabiqex.reg Status: Scan finished. 0 out of 21 scanners reported malware. Scan taken on: Fri 14 Aug 2009 16:42:17 (CET) Permalink Additional info File size: 11731 bytes Filetype: Unknown MD5: ded4b73960e244ee6a2c57ebfbebe264 SHA1: c8161fddbf1dbcd91e1ea2572ba1f6478a5c13a5 Scanners [ArcaVir] 2009-08-13 Found nothing [G DATA] 2009-08-14 Found nothing [A-Squared] 2009-08-14 Found nothing [ikarus] 2009-08-14 Found nothing [Avast! antivirus] 2009-08-13 Found nothing [Kaspersky Anti-Virus] 2009-08-14 Found nothing [Grisoft AVG Anti-Virus] 2009-08-14 Found nothing [ESET NOD32] 2009-08-14 Found nothing [Avira AntiVir] 2009-08-14 Found nothing [Norman Virus Control] 2009-08-14 Found nothing [softwin BitDefender] 2009-08-10 Found nothing [Panda Antivirus] 2009-08-13 Found nothing [ClamAV] 2009-08-14 Found nothing [Quick Heal] 2009-08-13 Found nothing [CPsecure] 2009-08-14 Found nothing [sophos] 2009-08-14 Found nothing [Dr.Web] 2009-08-14 Found nothing [VirusBlokAda VBA32] 2009-08-13 Found nothing [Frisk F-Prot Antivirus] 2009-08-13 Found nothing [VirusBuster] 2009-08-14 Found nothing [F-Secure Anti-Virus] 2009-08-14 Found nothing
  9. yeah, i chose it because that's how i'm going to feel when this gets fixed...lots and lots of thanks...and it's easy to remember...here is what jotti turned up: Filename: ykabiqex.reg Status: Scan finished. 0 out of 21 scanners reported malware. Scan taken on: Fri 14 Aug 2009 16:42:17 (CET) Permalink Additional info File size: 11731 bytes Filetype: Unknown MD5: ded4b73960e244ee6a2c57ebfbebe264 SHA1: c8161fddbf1dbcd91e1ea2572ba1f6478a5c13a5 Scanners [ArcaVir] 2009-08-13 Found nothing [G DATA] 2009-08-14 Found nothing [A-Squared] 2009-08-14 Found nothing [ikarus] 2009-08-14 Found nothing [Avast! antivirus] 2009-08-13 Found nothing [Kaspersky Anti-Virus] 2009-08-14 Found nothing [Grisoft AVG Anti-Virus] 2009-08-14 Found nothing [ESET NOD32] 2009-08-14 Found nothing [Avira AntiVir] 2009-08-14 Found nothing [Norman Virus Control] 2009-08-14 Found nothing [softwin BitDefender] 2009-08-10 Found nothing [Panda Antivirus] 2009-08-13 Found nothing [ClamAV] 2009-08-14 Found nothing [Quick Heal] 2009-08-13 Found nothing [CPsecure] 2009-08-14 Found nothing [sophos] 2009-08-14 Found nothing [Dr.Web] 2009-08-14 Found nothing [VirusBlokAda VBA32] 2009-08-13 Found nothing [Frisk F-Prot Antivirus] 2009-08-13 Found nothing [VirusBuster] 2009-08-14 Found nothing [F-Secure Anti-Virus] 2009-08-14 Found nothing
  10. yeah, i chose it because that's how i'm going to feel when this gets fixed...lots and lots of thanks...and it's easy to remember...here is what jotti turned up: Filename: ykabiqex.reg Status: Scan finished. 0 out of 21 scanners reported malware. Scan taken on: Fri 14 Aug 2009 16:42:17 (CET) Permalink Additional info File size: 11731 bytes Filetype: Unknown MD5: ded4b73960e244ee6a2c57ebfbebe264 SHA1: c8161fddbf1dbcd91e1ea2572ba1f6478a5c13a5 Scanners [ArcaVir] 2009-08-13 Found nothing [G DATA] 2009-08-14 Found nothing [A-Squared] 2009-08-14 Found nothing [ikarus] 2009-08-14 Found nothing [Avast! antivirus] 2009-08-13 Found nothing [Kaspersky Anti-Virus] 2009-08-14 Found nothing [Grisoft AVG Anti-Virus] 2009-08-14 Found nothing [ESET NOD32] 2009-08-14 Found nothing [Avira AntiVir] 2009-08-14 Found nothing [Norman Virus Control] 2009-08-14 Found nothing [softwin BitDefender] 2009-08-10 Found nothing [Panda Antivirus] 2009-08-13 Found nothing [ClamAV] 2009-08-14 Found nothing [Quick Heal] 2009-08-13 Found nothing [CPsecure] 2009-08-14 Found nothing [sophos] 2009-08-14 Found nothing [Dr.Web] 2009-08-14 Found nothing [VirusBlokAda VBA32] 2009-08-13 Found nothing [Frisk F-Prot Antivirus] 2009-08-13 Found nothing [VirusBuster] 2009-08-14 Found nothing [F-Secure Anti-Virus] 2009-08-14 Found nothing
  11. yeah, i chose it because that's how i'm going to feel when this gets fixed...lots and lots of thanks...and it's easy to remember...here is what jotti turned up: Filename: ykabiqex.reg Status: Scan finished. 0 out of 21 scanners reported malware. Scan taken on: Fri 14 Aug 2009 16:42:17 (CET) Permalink Additional info File size: 11731 bytes Filetype: Unknown MD5: ded4b73960e244ee6a2c57ebfbebe264 SHA1: c8161fddbf1dbcd91e1ea2572ba1f6478a5c13a5 Scanners [ArcaVir] 2009-08-13 Found nothing [G DATA] 2009-08-14 Found nothing [A-Squared] 2009-08-14 Found nothing [ikarus] 2009-08-14 Found nothing [Avast! antivirus] 2009-08-13 Found nothing [Kaspersky Anti-Virus] 2009-08-14 Found nothing [Grisoft AVG Anti-Virus] 2009-08-14 Found nothing [ESET NOD32] 2009-08-14 Found nothing [Avira AntiVir] 2009-08-14 Found nothing [Norman Virus Control] 2009-08-14 Found nothing [softwin BitDefender] 2009-08-10 Found nothing [Panda Antivirus] 2009-08-13 Found nothing [ClamAV] 2009-08-14 Found nothing [Quick Heal] 2009-08-13 Found nothing [CPsecure] 2009-08-14 Found nothing [sophos] 2009-08-14 Found nothing [Dr.Web] 2009-08-14 Found nothing [VirusBlokAda VBA32] 2009-08-13 Found nothing [Frisk F-Prot Antivirus] 2009-08-13 Found nothing [VirusBuster] 2009-08-14 Found nothing [F-Secure Anti-Virus] 2009-08-14 Found nothing
  12. Okay, disabled (then re-enabled) AVG. Ran combofix w/o a problem, here is the log: ComboFix 09-08-10.06 - Jared Goodman 08/13/2009 12:53.1.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1328 [GMT -4:00] Running from: c:\documents and settings\Jared Goodman\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Jared Goodman\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Jared Goodman\Local Settings\Temporary Internet Files\bose.pif c:\documents and settings\Jared Goodman\Local Settings\Temporary Internet Files\pacywi.ban c:\documents and settings\Jared Goodman\Local Settings\Temporary Internet Files\papeqiqypu._sy c:\documents and settings\Jared Goodman\Local Settings\Temporary Internet Files\uhiganinuc._sy c:\documents and settings\Jared Goodman\Local Settings\Temporary Internet Files\wafo.dat c:\documents and settings\Jared Goodman\Local Settings\Temporary Internet Files\xajijuc.pif C:\p2hhr.bat c:\recycler\S-1-5-21-761675721-1383887356-1344091335-1003 c:\windows\Installer\d2cba.msp c:\windows\Installer\d2cbb.msp c:\windows\run.log . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_UACd.sys -------\Service_UACd.sys ((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 ))))))))))))))))))))))))))))))) . 2009-08-12 20:53 . 2009-08-12 20:53 -------- d-----w- c:\program files\Trend Micro 2009-08-12 19:18 . 2009-08-12 19:17 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-08-12 19:17 . 2009-08-12 19:17 152576 ----a-w- c:\documents and settings\Jared Goodman\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-08-12 07:14 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-12 07:12 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll 2009-08-12 07:12 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll 2009-08-12 07:12 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2009-08-12 07:12 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll 2009-08-12 07:12 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll 2009-08-12 07:12 . 2009-08-12 07:12 -------- d-----w- c:\documents and settings\Jared Goodman\Application Data\Simply Super Software 2009-08-12 07:12 . 2009-08-12 07:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software 2009-08-12 04:25 . 2009-08-12 04:26 -------- d-----w- c:\documents and settings\Jared Goodman\Local Settings\Application Data\Temp 2009-08-12 04:25 . 2009-08-12 04:27 -------- d-----w- c:\documents and settings\Jared Goodman\Local Settings\Application Data\Google 2009-08-11 22:52 . 2009-08-11 22:52 -------- d-----w- c:\documents and settings\Jared Goodman\Application Data\Malwarebytes 2009-08-11 22:51 . 2009-08-12 03:25 -------- d-----w- c:\program files\hook 2009-08-11 22:12 . 2009-08-11 22:12 -------- d-----w- c:\program files\Windows Defender 2009-08-11 22:06 . 2009-08-13 16:02 -------- d--h--w- c:\windows\$hf_mig$ 2009-08-11 20:05 . 2009-07-24 13:55 1090816 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll 2009-08-11 20:04 . 2009-08-11 21:50 -------- d--h--w- C:\$AVG8.VAULT$ 2009-08-11 19:50 . 2009-08-11 19:50 -------- d-----w- c:\documents and settings\Jared Goodman\Local Settings\Application Data\AVG Security Toolbar 2009-08-11 19:49 . 2009-08-11 19:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-08-11 19:49 . 2009-08-11 19:49 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-08-11 19:49 . 2009-08-11 19:49 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-08-11 19:49 . 2009-08-11 19:49 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-08-11 19:49 . 2009-08-13 14:57 -------- d-----w- c:\windows\system32\drivers\Avg 2009-08-11 19:49 . 2009-08-11 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2009-08-11 19:49 . 2009-08-11 19:49 -------- d-----w- c:\program files\AVG 2009-08-11 19:49 . 2009-08-11 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-08-11 19:42 . 2009-08-11 19:42 -------- d-----w- c:\documents and settings\Jared Goodman\Application Data\AVG8 2009-08-11 19:27 . 2009-08-11 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard 2009-08-11 19:26 . 2009-08-11 19:26 -------- d-----w- c:\program files\Common Files\iS3 2009-08-11 19:26 . 2009-08-11 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla! 2009-08-11 18:48 . 2009-08-12 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-08-11 18:42 . 2009-08-11 18:42 19435 ----a-w- c:\program files\Common Files\sovacyl.exe 2009-08-11 18:42 . 2009-08-11 18:42 17516 ----a-w- c:\program files\Common Files\ofolahax.reg 2009-08-11 18:42 . 2009-08-11 18:42 17475 ----a-w- c:\documents and settings\Jared Goodman\Application Data\zakynoz.dll 2009-08-11 18:42 . 2009-08-11 18:42 17129 ----a-w- c:\documents and settings\Jared Goodman\Application Data\hanezo.exe 2009-08-11 18:42 . 2009-08-11 18:42 16084 ----a-w- c:\windows\system32\iwoximyd.com 2009-08-11 18:42 . 2009-08-11 18:42 16013 ----a-w- c:\documents and settings\Jared Goodman\Application Data\oxeler.exe 2009-08-11 18:42 . 2009-08-11 18:42 15565 ----a-w- c:\documents and settings\Jared Goodman\Local Settings\Application Data\ehunicoxu.dat 2009-08-11 18:42 . 2009-08-11 18:42 14752 ----a-w- c:\windows\system32\ykag.exe 2009-08-11 18:42 . 2009-08-11 18:42 10064 ----a-w- c:\documents and settings\All Users\Application Data\dowy.bat 2009-08-11 17:43 . 2009-08-11 17:43 18288 ----a-w- c:\windows\system32\padizep.sys 2009-08-11 17:43 . 2009-08-11 17:43 18178 ----a-w- c:\program files\Common Files\vuzumuhap.sys 2009-08-11 17:43 . 2009-08-11 17:43 17569 ----a-w- c:\windows\ysimab.bin 2009-08-11 17:43 . 2009-08-11 17:43 16355 ----a-w- c:\documents and settings\Jared Goodman\Local Settings\Application Data\lizocalazo.reg 2009-08-11 17:43 . 2009-08-11 17:43 13506 ----a-w- c:\windows\xoqy.bin 2009-08-11 17:43 . 2009-08-11 17:43 13034 ----a-w- c:\windows\system32\nygimeguz.dll 2009-08-11 17:43 . 2009-08-11 17:43 12929 ----a-w- c:\windows\system32\kedovevo.scr 2009-08-11 17:43 . 2009-08-11 17:43 12338 ----a-w- c:\windows\system32\sinutu.scr 2009-08-11 17:43 . 2009-08-11 17:43 10388 ----a-w- c:\program files\Common Files\ebifuvimyg.bat 2009-08-10 18:33 . 2009-08-10 18:33 19982 ----a-w- c:\windows\hajo.bin 2009-08-10 18:33 . 2009-08-10 18:33 19041 ----a-w- c:\program files\Common Files\zejagexa.com 2009-08-10 18:33 . 2009-08-10 18:33 17636 ----a-w- c:\documents and settings\Jared Goodman\Local Settings\Application Data\mizokumy.sys 2009-08-10 18:33 . 2009-08-10 18:33 17092 ----a-w- c:\windows\system32\gymatyji.scr 2009-08-10 18:33 . 2009-08-10 18:33 16503 ----a-w- c:\program files\Common Files\miwehyko.exe 2009-08-10 18:33 . 2009-08-10 18:33 16094 ----a-w- c:\windows\biriguti.bat 2009-08-10 18:33 . 2009-08-10 18:33 15662 ----a-w- c:\program files\Common Files\imymynonym.scr 2009-08-10 18:33 . 2009-08-10 18:33 15393 ----a-w- c:\windows\tyliju.scr 2009-08-10 18:33 . 2009-08-10 18:33 14407 ----a-w- c:\windows\widy.dat 2009-08-10 18:33 . 2009-08-10 18:33 14343 ----a-w- c:\documents and settings\Jared Goodman\Application Data\tevew.bat 2009-08-10 18:33 . 2009-08-10 18:33 13463 ----a-w- c:\program files\Common Files\exepub.sys 2009-08-10 18:33 . 2009-08-10 18:33 12794 ----a-w- c:\documents and settings\Jared Goodman\Local Settings\Application Data\ynipi.bat 2009-08-10 18:08 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-10 18:08 . 2009-08-10 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-10 18:08 . 2009-08-11 22:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-10 18:08 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-09 18:29 . 2009-08-09 18:33 -------- d-----w- C:\WARE 2009-08-09 18:17 . 2009-08-11 22:43 -------- d-----w- c:\program files\Mware 2009-08-08 08:08 . 2009-08-08 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix 2009-08-08 08:05 . 2009-08-08 08:05 -------- d-----w- c:\program files\Citrix 2009-08-08 08:05 . 2009-08-08 08:05 -------- d-----w- c:\documents and settings\Jared Goodman\Local Settings\Application Data\Citrix 2009-08-08 08:05 . 2009-08-08 08:05 61224 ----a-w- c:\documents and settings\Jared Goodman\GoToAssistDownloadHelper.exe 2009-08-08 07:40 . 2009-08-08 07:40 19059 ----a-w- c:\program files\Common Files\gaka.reg 2009-08-08 07:40 . 2009-08-08 07:40 18960 ----a-w- c:\windows\system32\ytal.pif 2009-08-08 07:40 . 2009-08-08 07:40 15204 ----a-w- c:\documents and settings\Jared Goodman\Application Data\nuti.pif 2009-08-08 07:40 . 2009-08-08 07:40 13888 ----a-w- c:\windows\system32\tovo.bat 2009-08-08 07:40 . 2009-08-08 07:40 12329 ----a-w- c:\windows\iwoc.vbs 2009-08-08 07:40 . 2009-08-08 07:40 11731 ----a-w- c:\windows\ykabiqex.reg 2009-08-08 07:40 . 2009-08-08 07:40 16453 ----a-w- c:\windows\ivinerotov.sys 2009-08-08 07:40 . 2009-08-08 07:40 18626 ----a-w- c:\documents and settings\All Users\Application Data\wimit.sys 2009-08-08 07:40 . 2009-08-08 07:40 17422 ----a-w- c:\windows\aqixefatik.pif 2009-08-08 07:40 . 2009-08-08 07:40 16875 ----a-w- c:\windows\olyrofena.scr 2009-08-08 07:40 . 2009-08-08 07:40 15540 ----a-w- c:\documents and settings\Jared Goodman\Application Data\bogi.bat 2009-08-08 07:40 . 2009-08-08 07:40 14074 ----a-w- c:\documents and settings\Jared Goodman\Application Data\lede.exe 2009-08-08 07:34 . 2009-08-13 16:08 -------- d-----w- c:\windows\inf 2009-08-08 04:36 . 2009-08-08 05:44 -------- d-----w- C:\SCAN 2009-08-07 23:32 . 2009-08-07 23:32 17430 ----a-w- c:\documents and settings\All Users\Application Data\uroqek.pif 2009-08-07 23:32 . 2009-08-07 23:32 15161 ----a-w- c:\windows\system32\ulawonek.dat 2009-08-07 23:32 . 2009-08-07 23:32 14559 ----a-w- c:\windows\system32\tyrubah.exe 2009-08-07 23:32 . 2009-08-07 23:32 13741 ----a-w- c:\documents and settings\Jared Goodman\Local Settings\Application Data\cikijosa.exe 2009-08-07 23:32 . 2009-08-07 23:32 11899 ----a-w- c:\documents and settings\All Users\Application Data\muxuxike.scr 2009-07-27 15:22 . 2009-07-27 15:22 -------- d-----r- c:\documents and settings\Jared Goodman\Application Data\Brother 2009-07-20 16:08 . 2009-08-11 16:19 -------- d-----w- C:\QUARANTINE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-12 19:17 . 2009-01-08 08:53 -------- d-----w- c:\program files\Java 2009-08-11 19:33 . 2009-08-11 19:29 2176 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg 2009-08-11 19:29 . 2009-08-11 19:29 520 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg 2009-08-11 18:42 . 2009-08-11 18:42 14846 ----a-w- c:\program files\Common Files\ofyxunuz.dl 2009-08-11 17:43 . 2009-08-11 17:43 19524 ----a-w- c:\documents and settings\Jared Goodman\Application Data\ypysyn.dat 2009-08-11 17:43 . 2009-08-11 17:43 16856 ----a-w- c:\program files\Common Files\ikytuka.db 2009-08-11 17:43 . 2009-08-11 17:43 16401 ----a-w- c:\documents and settings\All Users\Application Data\sajoxyfe.reg 2009-08-10 18:33 . 2009-08-10 18:33 19386 ----a-w- c:\program files\Common Files\xapirija._sy 2009-08-10 18:33 . 2009-08-10 18:33 13668 ----a-w- c:\program files\Common Files\xikyburivo.lib 2009-08-10 18:33 . 2009-08-10 18:33 13313 ----a-w- c:\documents and settings\Jared Goodman\Application Data\luto.bin 2009-08-10 18:33 . 2009-08-10 18:33 13148 ----a-w- c:\documents and settings\All Users\Application Data\sulaci.bin 2009-08-10 18:33 . 2009-08-10 18:33 10023 ----a-w- c:\documents and settings\Jared Goodman\Application Data\kyqyroloqa.vbs 2009-08-08 18:07 . 2009-01-08 09:15 -------- d-----w- c:\program files\Elantech 2009-08-08 07:40 . 2009-08-08 07:40 16408 ----a-w- c:\program files\Common Files\ureky.db 2009-08-08 01:51 . 2009-01-08 08:46 -------- d-----w- c:\program files\Windows Live Toolbar 2009-08-07 23:32 . 2009-08-07 23:32 19967 ----a-w- c:\documents and settings\Jared Goodman\Application Data\janu.reg 2009-08-07 23:32 . 2009-08-07 23:32 17017 ----a-w- c:\documents and settings\All Users\Application Data\uzilyfa.vbs 2009-08-07 23:32 . 2009-08-07 23:32 16262 ----a-w- c:\documents and settings\All Users\Application Data\givuwu.reg 2009-08-05 09:01 . 2009-01-09 05:31 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-29 22:02 . 2009-03-24 02:58 -------- d-----w- c:\documents and settings\Jared Goodman\Application Data\LimeWire 2009-07-20 16:20 . 2009-03-11 20:37 -------- d-----w- c:\documents and settings\Jared Goodman\Application Data\Apple Computer 2009-07-17 19:01 . 2009-01-09 05:30 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 16:27 . 2009-07-14 16:26 -------- d-----w- c:\documents and settings\Jared Goodman\Application Data\U3 2009-07-14 03:43 . 2009-01-09 05:31 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-09 01:24 . 2009-07-09 01:24 50 ----a-w- c:\windows\system32\bridf08b.dat 2009-07-09 01:24 . 2009-07-09 01:23 -------- d-----w- c:\program files\Brother 2009-07-09 01:23 . 2009-01-08 08:38 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-09 01:08 . 2009-07-09 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother 2009-06-29 16:12 . 2009-01-09 05:31 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2009-01-09 05:31 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2009-01-09 05:30 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-16 14:36 . 2009-01-09 05:31 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:36 . 2009-01-09 05:31 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-10 14:13 . 2009-01-09 05:30 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 13:19 . 2009-01-09 06:43 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:14 . 2009-01-09 05:31 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:09 . 2009-01-09 05:31 1291264 ----a-w- c:\windows\system32\quartz.dll 2008-05-07 08:34 . 2009-01-08 08:47 15523560 ----a-w- c:\program files\U1 Setup.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-07-24 13:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Jared Goodman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-12 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-12-04 114688] "AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-12-18 622592] "AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-12 149280] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-05-23 111952] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-05-29 1085440] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-11 2000152] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-18 16855040] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776] SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-1-8 376832] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-3-11 118784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-11 19:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Brother\\Brmfl08b\\FAXRX.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "54925:UDP"= 54925:UDP:*:Disabled:BrotherNetwork Scanner R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/11/2009 3:49 PM 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/11/2009 3:49 PM 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/11/2009 3:49 PM 297752] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [1/8/2009 4:39 AM 10752] R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [7/31/2008 10:24 PM 25216] R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [11/4/2008 5:28 AM 38400] S2 rvmnhbhp;rvmnhbhp;c:\windows\system32\drivers\girqcqr.sys --> c:\windows\system32\drivers\girqcqr.sys [?] . Contents of the 'Scheduled Tasks' folder 2009-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-382615644-1615748766-3516731530-1006Core.job - c:\documents and settings\Jared Goodman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-12 04:25] 2009-08-13 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20] . - - - - ORPHANS REMOVED - - - - Toolbar-SITEguard - (no file) HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\documents and settings\Jared Goodman\Application Data\Mozilla\Firefox\Profiles\9x1w6o64.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\Jared Goodman\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-13 13:00 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2260) c:\windows\system32\WININET.dll c:\windows\system32\btmmhook.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\igfxext.exe c:\program files\McAfee\Common Framework\Mctray.exe c:\program files\Brother\Brmfcmon\BrMfimon.exe c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-08-13 13:04 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-13 17:04 Pre-Run: 56,945,459,200 bytes free Post-Run: 57,575,768,064 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4 308 --- E O F --- 2009-08-13 16:04
  13. I'm getting a message to disable AVG...but I can't figure out how to do that...please advise, thanks.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.