Jump to content

carljong

Members
  • Posts

    8
  • Joined

  • Last visited

Everything posted by carljong

  1. When I click on search results from Google, a random page will open. I cannot get into safe mode. I get a blue screen and then the computer reboots. I've tried to run GMER, but either it freezes or I get a message from Windows XP saying the program has crashed, do I want to send the info to Microsoft. Anything besides GMER that I can run? Thanks for your help DDS.txt Attach.txt mbam_log_2010_01_18__15_38_55_.txt
  2. My computer is running well. I updated Java. I did the ESET scan, but found no viruses. I did not see where to create a log file for ESET. I ran DDS and am posting both logs. What is a good free firewall? Any other advice to avoid this predicament in the future would be appreciated. Thanks for all your help. DDS (Ver_09-09-29.01) - NTFSx86 Run by Owner at 13:16:07.59 on Sat 10/17/2009 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.98 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Digital Media Reader\shwiconem.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\WINDOWS\zHotkey.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\OEM03Mon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe svchost.exe C:\Documents and Settings\Owner\Application Data\Smilebox\SmileboxTray.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\PrintKey2000\Printkey2000.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\UTSCSI.EXE C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Owner\Desktop\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com mSearch Bar = uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe uRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s uRun: [EA Core] c:\program files\electronic arts\eadm\Core.exe -silent uRun: [cdloader] "c:\documents and settings\owner\application data\mjusbsp\cdloader2.exe" MAGICJACK uRun: [smileboxTray] "c:\documents and settings\owner\application data\smilebox\SmileboxTray.exe" uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [sunKistEM] c:\program files\digital media reader\shwiconem.exe mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe" mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [CHotkey] zHotkey.exe mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe mRun: [_AntiSpyware] c:\program files\mcafee\mcafee antispyware\MssCli.exe mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [soundMan] SOUNDMAN.EXE mRun: [AlcWzrd] ALCWZRD.EXE mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe mRun: [indexSearch] c:\program files\scansoft\paperport\IndexSearch.exe mRun: [setDefPrt] c:\program files\brother\brmfl04g\BrStDvPt.exe mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun mRun: [PPort9reminder] "c:\program files\scansoft\paperport\webereg\ereg.exe" -r "c:\program files\scansoft\paperport\webereg\ereg.ini" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe" mRun: [DMXLauncher] "c:\program files\roxio\cineplayer\DMXLauncher.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [OEM03Mon.exe] c:\windows\OEM03Mon.exe mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{24c67b54-0718-445e-b663-3138d9246bd1}\Icon3E5562ED7.ico StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll Trusted Zone: plaxo.com\www DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install/00/alttiff.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.helloworld.com/root.controls/ImageUploader4.cab DPF: {86425144-8E97-41D5-8BCF-302812D44692} - hxxp://ravenas.razorstream.com/eve-service/objects/RSControl40.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - hxxp://10.10.1.17/forms/jinitiator/jinit.exe DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll Notify: WRNotifier - WRLogonNTF.dll SEH: McAfee AntiSpyware Shell Extension: {f2a0229a-c4ca-4789-b606-973d24dcdd1c} - c:\program files\mcafee\mcafee antispyware\MssShell.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\5hi72rm0.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.ewtn.com/ FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p= FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\documents and settings\owner\local settings\application data\yahoo!\browserplus\2.4.17\plugins\npybrowserplus_2.4.17.dll FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13122.dll FF - plugin: c:\program files\mozilla firefox\plugins\npRLCT4Player.dll FF - plugin: c:\program files\mozilla firefox\plugins\npybrowserplus_2.4.17.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-31 335240] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-31 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-31 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-31 297752] R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2009-2-25 13088] R2 McAfeeAntiSpyware;McAfee AntiSpyware Real-Time Scanner;c:\program files\mcafee\mcafee antispyware\Msssrv.exe [2004-11-17 90112] R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2008-6-25 126976] R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2008-6-25 122368] R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392] R3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.;c:\windows\system32\drivers\OEM03Afx.sys [2008-8-2 141376] R3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;c:\windows\system32\drivers\OEM03Vfx.sys [2008-8-2 7424] R3 OEM03Vid;Creative Camera OEM003 Driver;c:\windows\system32\drivers\OEM03Vid.sys [2008-8-2 235808] R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2008-8-2 31616] S2 gupdate1c98d64a438c640;Google Update Service (gupdate1c98d64a438c640);c:\program files\google\update\GoogleUpdate.exe [2009-2-12 133104] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2007-8-24 362992] S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2007-8-24 309744] S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2007-8-24 166384] S3 JL2005C;Dual Mode Camera;c:\windows\system32\drivers\jl2005c.sys [2007-1-26 68954] S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2006-5-27 245760] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2007-8-24 72176] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2007-8-24 1083888] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344] =============== Created Last 30 ================ 2009-10-17 09:47 <DIR> --d----- c:\program files\ESET 2009-10-16 18:19 73,728 a------- c:\windows\system32\javacpl.cpl 2009-10-16 18:19 411,368 a------- c:\windows\system32\deploytk.dll 2009-10-11 19:41 153,088 -c------ c:\windows\system32\dllcache\triedit.dll 2009-10-11 18:32 <DIR> --d----- C:\Combo-Fix 2009-10-09 18:50 <DIR> a-dshr-- C:\cmdcons 2009-10-09 18:48 236,544 a------- c:\windows\PEV.exe 2009-10-09 18:48 161,792 a------- c:\windows\SWREG.exe 2009-10-09 18:48 98,816 a------- c:\windows\sed.exe 2009-10-06 22:12 <DIR> --d----- C:\rootrepeal 2009-09-21 20:07 <DIR> --d----- c:\program files\Trend Micro ==================== Find3M ==================== 2009-09-25 01:37 667,136 a------- c:\windows\system32\wininet.dll 2009-09-25 01:37 81,920 a------- c:\windows\system32\ieencode.dll 2009-09-11 10:18 136,192 a------- c:\windows\system32\msv1_0.dll 2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-09-04 17:03 58,880 a------- c:\windows\system32\msasn1.dll 2009-08-26 04:00 247,326 a------- c:\windows\system32\strmdll.dll 2009-08-22 15:27 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-08-22 15:27 335,240 a------- c:\windows\system32\drivers\avgldx86.sys 2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-04 11:13 2,145,280 -------- c:\windows\system32\ntoskrnl.exe 2009-08-04 10:20 2,023,936 -------- c:\windows\system32\ntkrnlpa.exe 2009-07-24 17:29 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-04-29 08:55 90,768 a------- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT 2008-09-08 13:31 720 a------- c:\docume~1\owner\applic~1\wklnhst.dat 2008-08-02 13:54 75 ---shr-- c:\windows\CT4CET.bin ============= FINISH: 13:16:24.84 =============== Attach.zip
  3. I ran combofix according to your instructions, and the upload was successful. ComboFix 09-10-15.01 - Owner 10/15/2009 18:29.3.2 - NTFSx86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.341 [GMT -4:00] Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} file zipped: c:\documents and settings\All Users\Application Data\efugefe.scr file zipped: c:\documents and settings\Owner\Application Data\gykaq.pif file zipped: c:\documents and settings\Owner\Application Data\hijegyfup.exe file zipped: c:\documents and settings\Owner\Application Data\zurudeci.sys file zipped: c:\program files\Common Files\jamet.ban file zipped: c:\program files\Common Files\onyde._dl file zipped: c:\program files\Common Files\wuda.bin file zipped: c:\windows\atimoleki.dat file zipped: c:\windows\kyhyt.dat file zipped: c:\windows\lyzelididi.bin file zipped: c:\windows\obypene.bin file zipped: c:\windows\system32\powe.dat . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\efugefe.scr c:\documents and settings\Owner\Application Data\gykaq.pif c:\documents and settings\Owner\Application Data\hijegyfup.exe c:\documents and settings\Owner\Application Data\zurudeci.sys c:\program files\Common Files\jamet.ban c:\program files\Common Files\onyde._dl c:\program files\Common Files\wuda.bin c:\windows\atimoleki.dat c:\windows\kyhyt.dat c:\windows\lyzelididi.bin c:\windows\obypene.bin c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Police Pro c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Police Pro\Windows Police Pro.lnk c:\windows\system32\powe.dat . ((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 ))))))))))))))))))))))))))))))) . 2009-10-12 23:32 . 2009-10-13 13:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-10-11 23:41 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-10-11 22:32 . 2009-10-11 22:52 -------- d-----w- C:\Combo-Fix 2009-10-07 02:12 . 2009-10-07 02:39 -------- d-----w- C:\rootrepeal 2009-09-22 00:07 . 2009-09-22 00:07 -------- d-----w- c:\program files\Trend Micro 2009-09-20 14:57 . 2009-09-20 14:57 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Yahoo! 2009-09-16 19:11 . 2009-09-16 19:11 -------- d-----w- c:\documents and settings\Administrator.YOUR-4A4B701D30\Application Data\Malwarebytes . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-15 22:22 . 2008-07-21 23:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype 2009-10-15 12:53 . 2008-06-15 19:04 -------- d-----w- c:\documents and settings\Owner\Application Data\Smilebox 2009-10-15 12:45 . 2008-12-09 00:43 -------- d-----w- c:\documents and settings\Owner\Application Data\mjusbsp 2009-10-15 12:45 . 2008-07-21 23:37 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM 2009-10-12 12:28 . 2008-10-18 19:10 -------- d-----w- c:\program files\Microsoft Silverlight 2009-10-12 01:07 . 2009-09-12 17:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-11 22:02 . 2006-05-27 21:05 -------- d-----w- c:\program files\Symantec 2009-10-11 21:25 . 2006-05-27 21:04 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-09-20 15:01 . 2007-08-04 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-09-20 14:55 . 2007-08-04 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2009-09-20 14:55 . 2007-08-04 00:28 -------- d-----w- c:\program files\Yahoo! 2009-09-12 17:55 . 2009-09-12 17:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2009-09-12 17:55 . 2009-09-12 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-10 18:54 . 2009-09-12 17:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 18:53 . 2009-09-12 17:55 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-04 12:49 . 2009-04-01 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-08-28 22:18 . 2008-09-14 23:41 -------- d-----w- c:\documents and settings\Owner\Application Data\SPORE Creature Creator 2009-08-26 23:05 . 2006-08-13 19:04 91544 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-22 19:27 . 2009-04-01 02:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-08-22 19:27 . 2009-04-01 02:29 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-08-22 19:27 . 2009-04-01 02:29 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-08-18 02:22 . 2008-07-03 23:36 -------- d-----w- c:\program files\Roxio 2009-08-05 09:01 . 2004-08-26 16:12 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2006-06-16 00:33 . 2008-08-02 17:54 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll 2006-05-25 22:43 . 2008-08-02 17:54 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll 2005-09-29 18:41 . 2008-08-02 17:54 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll 2006-06-19 17:10 . 2008-08-02 17:54 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll 2005-02-02 16:19 . 2008-08-02 17:52 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll 2006-04-10 22:35 . 2008-08-02 17:54 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll 2005-11-09 15:10 . 2008-08-02 17:52 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll 2005-11-09 15:42 . 2008-08-02 17:52 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll 2006-01-04 15:22 . 2008-08-02 17:52 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll 2006-01-04 15:21 . 2008-08-02 17:52 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll 2008-08-02 17:54 . 2008-08-02 17:54 75 --sh--r- c:\windows\CT4CET.bin . ((((((((((((((((((((((((((((( SnapShot@2009-10-11_22.50.02 ))))))))))))))))))))))))))))))))))))))))) . + 2006-05-27 18:41 . 2007-07-27 14:41 16760 c:\windows\system32\spmsg.dll + 2008-06-19 20:25 . 2009-10-12 23:33 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe + 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2004-08-26 16:11 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll - 2004-08-26 16:11 . 2008-05-09 10:53 512000 c:\windows\system32\jscript.dll - 2008-05-09 10:53 . 2008-05-09 10:53 512000 c:\windows\system32\dllcache\jscript.dll + 2008-05-09 10:53 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll + 2004-08-26 16:12 . 2009-05-20 16:24 2373504 c:\windows\system32\WMVCore.dll + 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll + 2004-08-26 16:12 . 2009-05-20 16:24 2373504 c:\windows\system32\dllcache\WMVCore.dll + 2009-10-12 01:34 . 2009-08-28 18:38 24689600 c:\windows\system32\MRT.exe + 2009-10-12 01:33 . 2009-10-12 01:33 15709696 c:\windows\Installer\161c8c.msp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-06-09 2321600] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312] "DELL Webcam Manager"="c:\program files\DELL\DELL Webcam Manager\DellWMgr.exe" [2007-06-07 118784] "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-06-13 2752512] "cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520] "SmileboxTray"="c:\documents and settings\Owner\Application Data\Smilebox\SmileboxTray.exe" [2009-09-22 266888] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-08-18 5137648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992] "SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168] "AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104] "MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992] "_AntiSpyware"="c:\program files\McAfee\McAfee AntiSpyware\MssCli.exe" [2004-11-17 114688] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-29 282624] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960] "SetDefPrt"="c:\program files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 49152] "ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-11-12 864256] "PPort9reminder"="c:\program files\ScanSoft\PaperPort\WebEreg\Ereg.exe" [2003-07-07 729088] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-01-04 185896] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112] "DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168] "OEM03Mon.exe"="c:\windows\OEM03Mon.exe" [2007-05-18 36864] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-05 2023704] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952] "CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2004-05-18 543232] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-09-23 77824] "AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-09-24 2559488] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] BigFix.lnk - c:\program files\BigFix\BigFix.exe [2006-5-27 1742384] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-9-3 67128] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2006-5-24 869376] VPN Client.lnk - c:\windows\Installer\{24C67B54-0718-445E-B663-3138D9246BD1}\Icon3E5562ED7.ico [2006-6-9 6144] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-6-19 122880] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"= "c:\program files\McAfee\McAfee AntiSpyware\MssShell.dll" [2004-11-17 86016] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-22 19:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "%windir%\\system32\\drivers\\svchost.exe"= "c:\\WINDOWS\\SOUNDMAN.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"= R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/31/2009 10:29 PM 108552] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/31/2009 10:29 PM 335240] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/31/2009 10:28 PM 297752] S2 gupdate1c98d64a438c640;Google Update Service (gupdate1c98d64a438c640);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2009 6:52 PM 133104] S2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2/25/2009 6:06 PM 13088] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 3:53 PM 362992] S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 3:52 PM 309744] S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 3:52 PM 166384] S3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.;c:\windows\system32\drivers\OEM03Afx.sys [8/2/2008 1:51 PM 141376] S3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;c:\windows\system32\drivers\OEM03Vfx.sys [8/2/2008 1:51 PM 7424] S3 OEM03Vid;Creative Camera OEM003 Driver;c:\windows\system32\drivers\OEM03Vid.sys [8/2/2008 1:51 PM 235808] S3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [8/2/2008 1:51 PM 31616] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 3:53 PM 72176] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 3:52 PM 1083888] . Contents of the 'Scheduled Tasks' folder 2009-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 22:52] 2009-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 22:52] 2006-05-27 c:\windows\Tasks\ISP signup reminder 2.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com mSearch Bar = IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: plaxo.com\www Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: {86425144-8E97-41D5-8BCF-302812D44692} - hxxp://ravenas.razorstream.com/eve-service/objects/RSControl40.cab DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - hxxp://10.10.1.17/forms/jinitiator/jinit.exe FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hi72rm0.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.ewtn.com/ FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJinit13122.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npRLCT4Player.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npybrowserplus_2.4.17.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-15 18:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\ . Completion time: 2009-10-15 18:46 ComboFix-quarantined-files.txt 2009-10-15 22:46 ComboFix2.txt 2009-10-11 22:52 Pre-Run: 120,406,515,712 bytes free Post-Run: 120,489,369,600 bytes free 269 --- E O F --- 2009-10-12 01:37 Upload was successful Add-Remove Programs is below. ACA Screen Recorder 2.03 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 8 Advanced Audio FX Engine Advanced Video FX Engine America Online (Choose which version to remove) AnswerWorks 5.0 English Runtime AOL Coach Version 1.0(Build:20040229.1 en) AOL Connectivity Services AOL Spyware Protection AOL Toolbar AOL You've Got Pictures Screensaver AVG 8.5 BigFix BitZipper 5.1 Brother MFL-Pro Suite Chessmaster 9000 Cisco Systems VPN Client 4.8.00.0440 DELL Webcam Center DELL Webcam Manager Digital Media Reader DirectXInstallService DivX 4.0 Beta Codec EA Download Manager EMC 10 Content GetASFStream Google Earth Google Update Helper High Definition Audio Driver Package - KB835221 HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Indeo
  4. I was able to run ComboFix by running it in safe mode. The log file is below. I then ran Malwarebytes' Anti-Malware. It found Rogue.GreenAV. Is there a good, free firewall I can install? What other anti-malware should I have to surf safely? Thanks for all your help. ComboFix 09-10-11.01 - Administrator 10/11/2009 18:34.1.2 - NTFSx86 NETWORK Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Documents\awokuwanit.inf c:\documents and settings\All Users\Documents\dotalevydo.inf c:\documents and settings\Owner\Desktop\Documents.exe c:\documents and settings\Owner\Local Settings\Temporary Internet Files\ogofatafi.dat c:\recycler\S-1-5-21-2630891956-4157808084-829909429-4665 c:\recycler\S-1-5-21-2731037943-2078004698-1517481602-1003 c:\recycler\S-1-5-21-6659035261-4052384156-056067421-6221 c:\recycler\S-1-5-21-8246840900-0713024257-153982742-8569 c:\windows\elefa.dll c:\windows\system32\_004370_.tmp.dll c:\windows\system32\_004371_.tmp.dll c:\windows\system32\_004372_.tmp.dll c:\windows\system32\_004373_.tmp.dll c:\windows\system32\_004379_.tmp.dll c:\windows\system32\_004380_.tmp.dll c:\windows\system32\_004381_.tmp.dll c:\windows\system32\_004382_.tmp.dll c:\windows\system32\_004383_.tmp.dll c:\windows\system32\_004385_.tmp.dll c:\windows\system32\_004386_.tmp.dll c:\windows\system32\_004389_.tmp.dll c:\windows\system32\_004390_.tmp.dll c:\windows\system32\_004392_.tmp.dll c:\windows\system32\_004393_.tmp.dll c:\windows\system32\_004394_.tmp.dll c:\windows\system32\_004396_.tmp.dll c:\windows\system32\_004399_.tmp.dll c:\windows\system32\_004400_.tmp.dll c:\windows\system32\_004404_.tmp.dll c:\windows\system32\_004405_.tmp.dll c:\windows\system32\_004407_.tmp.dll c:\windows\system32\_004410_.tmp.dll c:\windows\system32\_004412_.tmp.dll c:\windows\system32\_004413_.tmp.dll c:\windows\system32\_004414_.tmp.dll c:\windows\system32\_004415_.tmp.dll c:\windows\system32\_004416_.tmp.dll c:\windows\system32\_004419_.tmp.dll c:\windows\system32\_004420_.tmp.dll c:\windows\system32\_004421_.tmp.dll c:\windows\system32\_004422_.tmp.dll c:\windows\system32\_004423_.tmp.dll c:\windows\system32\_004428_.tmp.dll c:\windows\system32\_004430_.tmp.dll c:\windows\system32\_004431_.tmp.dll c:\windows\system32\nuqojec.vbs c:\windows\xumoloqi.exe c:\windows\ypokugyp.vbs D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-09-11 to 2009-10-11 ))))))))))))))))))))))))))))))) . 2009-10-07 02:12 . 2009-10-07 02:39 -------- d-----w- C:\rootrepeal 2009-09-22 00:07 . 2009-09-22 00:07 -------- d-----w- c:\program files\Trend Micro 2009-09-20 14:57 . 2009-09-20 14:57 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Yahoo! 2009-09-16 19:11 . 2009-09-16 19:11 -------- d-----w- c:\documents and settings\Administrator.YOUR-4A4B701D30\Application Data\Malwarebytes 2009-09-13 19:26 . 2009-09-13 19:26 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll 2009-09-13 19:15 . 2009-09-13 19:16 -------- d-----w- c:\windows\ERUNT 2009-09-13 19:10 . 2009-09-13 19:59 -------- d-----w- C:\SDFix 2009-09-12 18:26 . 2004-08-04 19:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys 2009-09-12 18:26 . 2004-08-04 19:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys 2009-09-12 17:55 . 2009-09-12 17:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2009-09-12 17:55 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-12 17:55 . 2009-09-22 00:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-12 17:55 . 2009-09-12 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-12 17:55 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-11 22:08 . 2008-07-21 23:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype 2009-10-11 22:02 . 2006-05-27 21:05 -------- d-----w- c:\program files\Symantec 2009-10-11 21:25 . 2006-05-27 21:04 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-10-11 21:15 . 2008-12-09 00:43 -------- d-----w- c:\documents and settings\Owner\Application Data\mjusbsp 2009-10-11 21:15 . 2008-07-21 23:37 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM 2009-09-20 19:31 . 2008-06-15 19:04 -------- d-----w- c:\documents and settings\Owner\Application Data\Smilebox 2009-09-20 15:01 . 2007-08-04 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-09-20 14:55 . 2007-08-04 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2009-09-20 14:55 . 2007-08-04 00:28 -------- d-----w- c:\program files\Yahoo! 2009-09-04 12:49 . 2009-04-01 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-09-04 12:09 . 2009-09-04 12:09 19821 ----a-w- c:\program files\Common Files\wuda.bin 2009-09-04 12:09 . 2009-09-04 12:09 11563 ----a-w- c:\windows\system32\powe.dat 2009-09-04 12:09 . 2009-09-04 12:09 10919 ----a-w- c:\windows\kyhyt.dat 2009-09-04 12:09 . 2009-09-04 12:09 19269 ----a-w- c:\windows\obypene.bin 2009-09-04 12:09 . 2009-09-04 12:09 19056 ----a-w- c:\windows\atimoleki.dat 2009-09-04 12:09 . 2009-09-04 12:09 17954 ----a-w- c:\documents and settings\Owner\Application Data\hijegyfup.exe 2009-09-04 12:09 . 2009-09-04 12:09 15316 ----a-w- c:\program files\Common Files\onyde._dl 2009-09-04 12:09 . 2009-09-04 12:09 15313 ----a-w- c:\documents and settings\All Users\Application Data\efugefe.scr 2009-09-04 12:09 . 2009-09-04 12:09 14484 ----a-w- c:\program files\Common Files\jamet.ban 2009-09-04 12:09 . 2009-09-04 12:09 13278 ----a-w- c:\documents and settings\Owner\Application Data\zurudeci.sys 2009-09-04 12:09 . 2009-09-04 12:09 12691 ----a-w- c:\documents and settings\Owner\Application Data\gykaq.pif 2009-09-04 12:09 . 2009-09-04 12:09 11264 ----a-w- c:\windows\lyzelididi.bin 2009-08-28 22:18 . 2008-09-14 23:41 -------- d-----w- c:\documents and settings\Owner\Application Data\SPORE Creature Creator 2009-08-26 23:05 . 2006-08-13 19:04 91544 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-22 19:27 . 2009-04-01 02:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-08-22 19:27 . 2009-04-01 02:29 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-08-22 19:27 . 2009-04-01 02:29 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-08-18 02:22 . 2008-07-03 23:36 -------- d-----w- c:\program files\Roxio 2009-08-15 03:44 . 2009-08-15 03:44 -------- d-----w- c:\program files\MSBuild 2009-08-15 03:44 . 2009-08-15 03:44 -------- d-----w- c:\program files\Reference Assemblies 2009-08-05 09:01 . 2004-08-26 16:12 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:01 . 2004-08-26 16:11 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-16 02:24 . 2009-07-16 02:24 229208 ----a-w- c:\windows\system32\drivers\VMM.sys 2008-12-20 15:38 . 2006-05-27 20:07 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2008-12-20 15:38 . 2006-05-27 20:07 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2008-12-20 15:38 . 2007-07-13 20:07 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2008-12-20 15:38 . 2007-07-13 20:07 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2008-12-20 15:38 . 2006-05-27 20:07 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll 2006-06-16 00:33 . 2008-08-02 17:54 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll 2006-05-25 22:43 . 2008-08-02 17:54 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll 2005-09-29 18:41 . 2008-08-02 17:54 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll 2006-06-19 17:10 . 2008-08-02 17:54 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll 2005-02-02 16:19 . 2008-08-02 17:52 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll 2006-04-10 22:35 . 2008-08-02 17:54 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll 2005-11-09 15:10 . 2008-08-02 17:52 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll 2005-11-09 15:42 . 2008-08-02 17:52 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll 2006-01-04 15:22 . 2008-08-02 17:52 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll 2006-01-04 15:21 . 2008-08-02 17:52 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll 2008-08-02 17:54 . 2008-08-02 17:54 75 --sh--r- c:\windows\CT4CET.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992] "SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168] "AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104] "MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992] "_AntiSpyware"="c:\program files\McAfee\McAfee AntiSpyware\MssCli.exe" [2004-11-17 114688] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-29 282624] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960] "SetDefPrt"="c:\program files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 49152] "ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-11-12 864256] "PPort9reminder"="c:\program files\ScanSoft\PaperPort\WebEreg\Ereg.exe" [2003-07-07 729088] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-01-04 185896] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112] "DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168] "OEM03Mon.exe"="c:\windows\OEM03Mon.exe" [2007-05-18 36864] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-05 2023704] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952] "CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2004-05-18 543232] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-09-23 77824] "AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-09-24 2559488] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] BigFix.lnk - c:\program files\BigFix\BigFix.exe [2006-5-27 1742384] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-9-3 67128] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2006-5-24 869376] VPN Client.lnk - c:\windows\Installer\{24C67B54-0718-445E-B663-3138D9246BD1}\Icon3E5562ED7.ico [2006-6-9 6144] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-6-19 122880] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"= "c:\program files\McAfee\McAfee AntiSpyware\MssShell.dll" [2004-11-17 86016] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-22 19:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "%windir%\\system32\\drivers\\svchost.exe"= "c:\\WINDOWS\\SOUNDMAN.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"= R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/31/2009 10:29 PM 108552] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/31/2009 10:29 PM 335240] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/31/2009 10:28 PM 297752] S2 gupdate1c98d64a438c640;Google Update Service (gupdate1c98d64a438c640);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2009 6:52 PM 133104] S2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2/25/2009 6:06 PM 13088] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 3:53 PM 362992] S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 3:52 PM 309744] S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 3:52 PM 166384] S3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.;c:\windows\system32\drivers\OEM03Afx.sys [8/2/2008 1:51 PM 141376] S3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;c:\windows\system32\drivers\OEM03Vfx.sys [8/2/2008 1:51 PM 7424] S3 OEM03Vid;Creative Camera OEM003 Driver;c:\windows\system32\drivers\OEM03Vid.sys [8/2/2008 1:51 PM 235808] S3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [8/2/2008 1:51 PM 31616] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 3:53 PM 72176] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 3:52 PM 1083888] . Contents of the 'Scheduled Tasks' folder 2009-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 22:52] 2009-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 22:52] 2006-05-27 c:\windows\Tasks\ISP signup reminder 2.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12] 2009-09-19 c:\windows\Tasks\McAfee AntiSpyware.job - c:\progra~1\McAfee\MCAFEE~1\McSpy.exe [2004-11-17 08:00] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.gateway.com/ mStart Page = hxxp://www.google.com mSearch Bar = Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: {86425144-8E97-41D5-8BCF-302812D44692} - hxxp://ravenas.razorstream.com/eve-service/objects/RSControl40.cab DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - hxxp://10.10.1.17/forms/jinitiator/jinit.exe FF - ProfilePath - FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe HKLM-Run-ShowWnd - ShowWnd.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-11 18:49 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\ . Completion time: 2009-10-11 18:52 ComboFix-quarantined-files.txt 2009-10-11 22:52 Pre-Run: 117,732,655,104 bytes free Post-Run: 120,876,462,080 bytes free 268 --- E O F --- 2009-09-03 02:14 **************************************************************** Malwarebytes' Anti-Malware 1.41 Database version: 2944 Windows 5.1.2600 Service Pack 3 10/11/2009 9:08:01 PM mbam-log-2009-10-11 (21-08-01).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 212192 Time elapsed: 1 hour(s), 9 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hi72rm0.default\gsl.dll (Rogue.GreenAV) -> Quarantined and deleted successfully.
  5. I can't run ComboFix. I disabled AVG and McAfee. Combofix got to the "However scan times for badly infected machines may easily double." and just sat there. I let it run for 40 minutes, but nothing more happened. I have Norton Security Center on my computer, but I didn't see a way to disable it. I was hesitant to uninstall it because I thought I read in the forums not to uninstall anything.
  6. DDS (Ver_09-09-29.01) - NTFSx86 Run by Owner at 19:55:30.62 on Thu 10/08/2009 Internet Explorer: 6.0.2900.5512 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.108 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe svchost.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\WINDOWS\zHotkey.exe C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe c:\program files\mcafee.com\agent\mcdetect.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\OEM03Mon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Documents and Settings\Owner\Application Data\Smilebox\SmileboxTray.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\PrintKey2000\Printkey2000.exe C:\WINDOWS\system32\UTSCSI.EXE C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Owner\Application Data\mjusbsp\st00000\mjsetup.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe C:\Documents and Settings\Owner\Desktop\dds.pif ============== Pseudo HJT Report =============== uSearch Bar = hxxp://www.google.com/ie uStart Page = hxxp://www.google.com uSearch Page = hxxp://www.google.com mDefault_Page_URL = hxxp://www.gatewaybiz.com mDefault_Search_URL = hxxp://www.google.com/ie mSearch Page = hxxp://www.google.com mStart Page = hxxp://www.google.com mSearch Bar = uSearchAssistant = hxxp://www.google.com uCustomizeSearch = mSearchAssistant = hxxp://www.google.com uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe uRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s uRun: [EA Core] c:\program files\electronic arts\eadm\Core.exe -silent uRun: [cdloader] "c:\documents and settings\owner\application data\mjusbsp\cdloader2.exe" MAGICJACK uRun: [smileboxTray] "c:\documents and settings\owner\application data\smilebox\SmileboxTray.exe" uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [sunKistEM] c:\program files\digital media reader\shwiconem.exe mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe" mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [CHotkey] zHotkey.exe mRun: [showWnd] ShowWnd.exe mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe mRun: [_AntiSpyware] c:\program files\mcafee\mcafee antispyware\MssCli.exe mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [soundMan] SOUNDMAN.EXE mRun: [AlcWzrd] ALCWZRD.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe mRun: [indexSearch] c:\program files\scansoft\paperport\IndexSearch.exe mRun: [setDefPrt] c:\program files\brother\brmfl04g\BrStDvPt.exe mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun mRun: [PPort9reminder] "c:\program files\scansoft\paperport\webereg\ereg.exe" -r "c:\program files\scansoft\paperport\webereg\ereg.ini" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe" mRun: [DMXLauncher] "c:\program files\roxio\cineplayer\DMXLauncher.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [OEM03Mon.exe] c:\windows\OEM03Mon.exe mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{24c67b54-0718-445e-b663-3138d9246bd1}\Icon3E5562ED7.ico StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll Trusted Zone: plaxo.com\www DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install/00/alttiff.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.helloworld.com/root.controls/ImageUploader4.cab DPF: {86425144-8E97-41D5-8BCF-302812D44692} - hxxp://ravenas.razorstream.com/eve-service/objects/RSControl40.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - hxxp://10.10.1.17/forms/jinitiator/jinit.exe DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll Notify: WRNotifier - WRLogonNTF.dll SEH: McAfee AntiSpyware Shell Extension: {f2a0229a-c4ca-4789-b606-973d24dcdd1c} - c:\program files\mcafee\mcafee antispyware\MssShell.dll LSA: Notification Packages = scecli scecli ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\5hi72rm0.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.ewtn.com/ FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\5hi72rm0.default\gsl.dll FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-31 335240] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-31 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-31 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-31 297752] R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2009-2-25 13088] R2 McAfeeAntiSpyware;McAfee AntiSpyware Real-Time Scanner;c:\program files\mcafee\mcafee antispyware\Msssrv.exe [2004-11-17 90112] R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2008-6-25 126976] R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2008-6-25 122368] R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392] R3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.;c:\windows\system32\drivers\OEM03Afx.sys [2008-8-2 141376] R3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;c:\windows\system32\drivers\OEM03Vfx.sys [2008-8-2 7424] R3 OEM03Vid;Creative Camera OEM003 Driver;c:\windows\system32\drivers\OEM03Vid.sys [2008-8-2 235808] R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2008-8-2 31616] S2 gupdate1c98d64a438c640;Google Update Service (gupdate1c98d64a438c640);c:\program files\google\update\GoogleUpdate.exe [2009-2-12 133104] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2007-8-24 362992] S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2007-8-24 309744] S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2007-8-24 166384] S3 JL2005C;Dual Mode Camera;c:\windows\system32\drivers\jl2005c.sys [2007-1-26 68954] S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2006-5-27 245760] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2007-8-24 72176] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2007-8-24 1083888] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344] =============== Created Last 30 ================ 2009-10-06 22:12 <DIR> --d----- C:\rootrepeal 2009-09-21 20:07 <DIR> --d----- c:\program files\Trend Micro 2009-09-13 15:26 578,560 ac------ c:\windows\system32\dllcache\user32.dll 2009-09-13 15:15 <DIR> --d----- c:\windows\ERUNT 2009-09-13 15:10 <DIR> --d----- C:\SDFix 2009-09-12 14:26 4,224 ac------ c:\windows\system32\dllcache\beep.sys 2009-09-12 14:26 4,224 a------- c:\windows\system32\drivers\beep.sys 2009-09-12 13:55 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes 2009-09-12 13:55 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-12 13:55 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-09-12 13:55 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-09-12 13:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes ==================== Find3M ==================== 2009-08-22 15:27 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-08-22 15:27 335,240 a------- c:\windows\system32\drivers\avgldx86.sys 2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-24 17:29 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll 2009-04-29 08:55 90,768 a------- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT 2008-09-08 13:31 720 a------- c:\docume~1\owner\applic~1\wklnhst.dat 2008-08-02 13:54 75 ---shr-- c:\windows\CT4CET.bin ============= FINISH: 19:56:24.29 =============== **Malwarebytes found Rogue.GreenAV and Trojan.Dropper. See below Malwarebytes' Anti-Malware 1.41 Database version: 2896 Windows 5.1.2600 Service Pack 3 10/2/2009 4:04:54 PM mbam-log-2009-10-02 (16-04-54).txt Scan type: Quick Scan Objects scanned: 127660 Time elapsed: 24 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 1 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. Folders Infected: C:\Documents and Settings\All Users\Application Data\gwr (Rogue.GreenAV) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system\He_tga.dil (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\gwr\Viruses.dat (Rogue.GreenAV) -> Quarantined and deleted successfully. Attach.zip
  7. ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/10/06 22:20 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xA9FF1000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF8A4F000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xA846A000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: c:\windows\temp\perflib_perfdata_5c4.dat Status: Allocation size mismatch (API: 16384, Raw: 0) Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc159.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc160.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc161.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc162.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc163.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc164.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc165.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc166.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc167.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc168.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc169.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc170.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc171.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc172.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc173.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc174.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc175.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc177.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc178.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc179.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc180.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc181.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc182.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc183.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc184.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc185.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc186.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc187.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc188.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc189.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc190.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc191.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc192.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc193.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc195.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc196.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc197.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc198.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc199.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc200.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc201.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc202.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc203.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc204.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc205.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc206.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc207.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc158.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc176.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc194.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc210.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc154.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc155.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc156.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc157.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc208.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc209.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Philippines\Dc32.AVI Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Philippines\Dc31.AVI Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Philippines\Dc30.AVI Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Philippines\Dc29.AVI Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Philippines\Dc28.AVI Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Philippines\Philippines 006.jpg:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Philippines\Philippines 006.jpg:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Philippines\Philippines 006.jpg:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Philippines\Philippines 006.jpg:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Philippines\Philippines 006.jpg:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Dc101.AVI Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Dc98.AVI Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Dc96.AVI Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Dc97.AVI Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Dc105.AVI Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Dc104.AVI Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Dc103.AVI Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Dc102.AVI Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\120CANON\Dc75.AVI Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\120CANON\Dc76.THM Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\120CANON\Dc77.AVI Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\120CANON\Dc78.THM Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\120CANON\Dc79.AVI Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\120CANON\Dc80.THM Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\120CANON\Dc81.AVI Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\120CANON\Dc82.THM Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\120CANON\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\120CANON\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\120CANON\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\120CANON\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc58.JPG Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc59.JPG Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc60.JPG Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc61.JPG Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc62.JPG Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc63.JPG Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc64.JPG Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc65.JPG Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc66.JPG Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc67.JPG Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc68.JPG Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc69.JPG Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc70.JPG Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc71.JPG Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc72.JPG Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc73.JPG Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc57.JPG Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc83.AVI Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc84.THM Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc85.AVI Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc86.THM Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc87.AVI Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc88.THM Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc89.AVI Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc90.THM Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\122CANON\Dc91.AVI Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\122CANON\Dc92.THM Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\122CANON\Dc93.AVI Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\122CANON\Dc74.THM Status: Locked to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\122CANON\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\122CANON\Thumbs.db:Roxio EMC Stream Status: Invisible to the Windows API! Path: c:\program files\logitech\desktop messenger\8876480\users\owner\data\d0000000.fcs Status: Allocation size mismatch (API: 512, Raw: 0) Stealth Objects ------------------- Object: Hidden Module [Name: IEToolbar.dll] Process: iexplore.exe (PID: 492) Address: 0x10000000 Size: 2596864 ==EOF== Since I first posted, our computer was infected with a trojan. This was removed with Malwarebytes.
  8. I am not able to use Mozilla to get to the internet, but IE works. Thanks in advance for your assistance. Malwarebytes' Anti-Malware 1.41 Database version: 2839 Windows 5.1.2600 Service Pack 3 9/21/2009 8:03:35 PM mbam-log-2009-09-21 (20-03-35).txt Scan type: Quick Scan Objects scanned: 127270 Time elapsed: 23 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:08:37 PM, on 9/21/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Digital Media Reader\shwiconem.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\WINDOWS\zHotkey.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\OEM03Mon.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Documents and Settings\Owner\Application Data\Smilebox\SmileboxTray.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\PrintKey2000\Printkey2000.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\UTSCSI.EXE C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [showWnd] ShowWnd.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [PPort9reminder] "C:\Program Files\ScanSoft\PaperPort\WebEreg\Ereg.exe" -r "C:\Program Files\ScanSoft\PaperPort\WebEreg\ereg.ini" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [OEM03Mon.exe] C:\WINDOWS\OEM03Mon.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKCU\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe" /s O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [smileboxTray] "C:\Documents and Settings\Owner\Application Data\Smilebox\SmileboxTray.exe" O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe O4 - Global Startup: VPN Client.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.helloworld.com/root.controls/ImageUploader4.cab O16 - DPF: {86425144-8E97-41D5-8BCF-302812D44692} (RazorStreamControl.CaptureControl) - http://ravenas.razorstream.com/eve-service...RSControl40.cab O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) - http://10.10.1.17/forms/jinitiator/jinit.exe O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Update Service (gupdate1c98d64a438c640) (gupdate1c98d64a438c640) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\ O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 15811 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.