Jump to content

mwalimu

Honorary Members
  • Posts

    53
  • Joined

  • Last visited

Everything posted by mwalimu

  1. I was afraid you were going to say that. The domain in question (not the original one the application tries to access, but the one it now gets redirected to) is areasnap(dot)com. Consider this a feature request - the ability to suppress notification of attempts to access a website (either at the site or the app level) while keeping the block in place.
  2. I am running the paid version of MBAM. I have one particular application that keeps triggering a site-block popup. The application is trying to access its home website, "phone home" if you will, except that it's orphan software and the website no longer exists. Recently that domain was cybersquatted by someone AMB blocks, and now whenever I use that application I am constantly seeing the popups from AMB warning me about the site. Is there a way to suppress the warning popups to that particular site? Mind you, I have no reason to access the site and still want to block it, so I don't want to exclude it. I just want to get rid of the popups. Is there a way to have MBAM block a site quietly?
  3. If I want to install MalwareBytes Anti-Malware PRO on two computers (and possibly a third that I may be purchasing in a few months), do I have to buy a separate copy for each? I've seen other software products that permit the buyer to install the paid version of their program on up to four computers in a single household.
  4. Yes, still checking in here from time to time. No new issues or any other evidence of malware. (I have to wonder if there's any known malware that does things like look in the trash folder of your e-mail client and runs executable e-mail attachments it finds there.)
  5. I returned the computer to him yesterday. I'll send him a link to this thread so he can review your final list of suggestions (as well as everything else we did). Would it be okay to keep this thread unlocked for a week or two, in case he has any questions or encounters any problems? (There were after all a number of key applications that I never once opened or tested (Outlook, for instance), and if any of them are now not working...) He may even register and post here himself. Until the memory in the computer gets upgraded, any additional applications that are memory resident represent a trade-off of security vs. performance. Where SpywareBalster lands in this regard may depend on how big its "memory footprint" is. I added the HOSTS file from MVPS to his computer (also added it to my own) before I returned it. That, like other anti-malware measures, appears to need updated periodically. I have WOT on my computer and am quick to concur with the recommendation. The computer was current with Windows updates when I returned it. I personally don't recommend having automatic updates set to the "Automatic (recommended)" setting; I don't trust MS 100% and I don't like anything that reboots my computer when it's running unattended, but I absolutely do recommend getting most updates installed in a timely fashion. Have a happy Easter!
  6. It looks like it found quite a bit, but all of it is in mail folders. Would I be correct in thinking I should empty trash, compact folders, and rerun the scan? (The ones with Eudora in the path, all of which are marked merely 'Suspicious', are essentially archived mail. But I do want to make certain that all of the 'Infected:' entries have been cleared once I empty trash/compact (and I should do that more often). -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Thursday, April 1, 2010 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Thursday, April 01, 2010 12:47:01 Records in database: 3912635 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ Scan statistics: Objects scanned: 409884 Threats found: 52 Infected objects found: 94 Suspicious objects found: 13 Scan duration: 05:34:31 File name / Threat / Threats count C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\Local Folders\Eudora Mail.sbd\Business Suspicious: Trojan-Spy.HTML.Fraud.gen 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\Local Folders\Eudora Mail.sbd\Furry.sbd\TLK-L Suspicious: Exploit.HTML.Iframe.FileDownload 2 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\Local Folders\Eudora Mail.sbd\Out Suspicious: Trojan-Spy.HTML.Fraud.gen 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Inbox Infected: Trojan.Win32.Agent2.kri 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Inbox Infected: Backdoor.Win32.Bredolab.dq 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Inbox Infected: Backdoor.Win32.Bredolab.eh 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Inbox Infected: Backdoor.Win32.Bredolab.fg 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Inbox Infected: Backdoor.Win32.Bredolab.xb 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Inbox Infected: Backdoor.Win32.Bredolab.aug 2 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Inbox Infected: Backdoor.Win32.Bredavi.ak 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Inbox Infected: Trojan-Downloader.Win32.Murlo.cba 2 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Inbox Infected: Trojan.Win32.Vilsel.ihd 3 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Inbox Infected: Trojan.Win32.Vilsel.ijw 3 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Inbox Infected: Trojan.Win32.Vilsel.ikw 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Inbox Infected: Trojan.Win32.Vilsel.ilx 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Inbox Infected: Trojan.Win32.Vilsel.imq 2 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Inbox Infected: Trojan.Win32.Vilsel.iop 2 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Inbox Infected: Trojan.Win32.Vilsel.itv 2 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Inbox Infected: Trojan.Win32.Inject.akjn 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Inbox Infected: Packed.Win32.Krap.x 2 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Inbox Infected: Trojan.Win32.FraudPack.xek 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Inbox Infected: Packed.Win32.Krap.ae 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Inbox Suspicious: Password-protected-EXE 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Inbox Infected: Backdoor.Win32.Small.zs 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Inbox Infected: Backdoor.Win32.Small.ioa 3 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Inbox Infected: Trojan-Spy.Win32.Zbot.xcg 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Inbox Infected: Trojan-Downloader.Win32.Genome.ajjn 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Inbox Infected: Trojan-Downloader.Win32.Genome.ajld 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Inbox Infected: Trojan-Downloader.Win32.Genome.ajrm 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Suspicious: Trojan-Spy.HTML.Fraud.gen 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Backdoor.Win32.Bredolab.di 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Backdoor.Win32.Bredolab.hl 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Backdoor.Win32.Bredolab.ic 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Backdoor.Win32.Bredolab.oo 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Backdoor.Win32.Bredolab.pp 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Backdoor.Win32.Bredolab.ql 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Backdoor.Win32.Bredolab.os 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Backdoor.Win32.Bredolab.aue 5 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Backdoor.Win32.Bredolab.ws 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Backdoor.Win32.Bredolab.aug 3 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Backdoor.Win32.Bredavi.id 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Backdoor.Win32.Bredavi.iu 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Backdoor.Win32.Bredavi.jr 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Backdoor.Win32.Bredavi.kt 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Trojan.Win32.Vilsel.ijw 2 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Trojan.Win32.Vilsel.ikw 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Trojan.Win32.Vilsel.imq 3 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Trojan.Win32.Vilsel.iop 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Trojan.Win32.Inject.akjn 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Trojan.Win32.Vilsel.itv 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Packed.Win32.Krap.ah 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Packed.Win32.Krap.x 3 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Trojan-Downloader.Win32.FraudLoad.wuis 4 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Trojan.Win32.FraudPack.xek 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Backdoor.Win32.Bredolab.azc 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Backdoor.Win32.Bredolab.apa 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Backdoor.Win32.Small.zo 2 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Backdoor.Win32.Bredolab.asd 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Backdoor.Win32.Small.zs 2 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Trojan.Win32.Sasfis.tub 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Email-Worm.Win32.Iksmas.frg 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Backdoor.Win32.Small.ioa 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Packed.Win32.TDSS.aa 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Packed.Win32.Krap.aj 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Spam Infected: Backdoor.Win32.EggDrop.afz 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\TLK-L Infected: Trojan-Downloader.Win32.Genome.ajld 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Trash Infected: Backdoor.Win32.EggDrop.afz 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Trash Infected: Trojan-Downloader.Win32.Genome.ajjn 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Trash Infected: Trojan-Downloader.Win32.Genome.ajld 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Trash Infected: Packed.Win32.Krap.x 1 C:\Documents and Settings\Joe\Application Data\Thunderbird\Profiles\gd11c75q.default\Mail\mail.lionking.org\Trash Infected: Trojan-Downloader.Win32.Genome.ajrm 1 C:\Program Files\Qualcomm\Eudora\Business.mbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1 C:\Program Files\Qualcomm\Eudora\Embedded\bill.zip Suspicious: Password-protected-EXE 1 C:\Program Files\Qualcomm\Eudora\Embedded\bill1.zip Suspicious: Password-protected-EXE 1 C:\Program Files\Qualcomm\Eudora\In.mbx.002 Suspicious: Trojan-Spy.HTML.Fraud.gen 1 C:\Program Files\Qualcomm\Eudora\Out.mbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1 C:\Program Files\Qualcomm\Eudora\Out.mbx.001 Suspicious: Trojan-Spy.HTML.Fraud.gen 1 C:\Program Files\Qualcomm\Eudora\Out.mbx.002 Suspicious: Trojan-Spy.HTML.Fraud.gen 1 Selected area has been scanned.
  7. More followup... Something kept knocking out Winsock resulting in 10107 errors. I kept resetting it. Eventually I figured out that the culprit was CyberSitter. At some point while installing Avast or SuperAntiSpyware and running checks it removed a file used by CyberSitter, which it interpreted as tampering, and locked down all internet access; its method of locking down caused other applications to get the 10107 errors. Once I realized what was going on I updated its files (which apparently restored the one it was missing), changed a couple of other settings, and it hasn't gotten in the way since. Upon subsequently rerunning the SuperAntiSpyware scan, it again flagged the same 29 files as having Rogue.Agent/Gen-Nullo[DLL]. I surmised that these were the ones CyberSitter had complained about being missing and had restored (the filenames more or less corresponded to a list of exclusions I found within CA) so I marked them as trusted. I'll be saying something to my brother about these.
  8. As far as I can tell, everything seems to be running okay at the moment. Since some of the problems I reported earlier were intermittent, I'll be sure and mention any problems I notice in a follow-up post. Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 3939 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 3/31/2010 7:23:37 PM mbam-log-2010-03-31 (19-23-37).txt Scan type: Quick scan Objects scanned: 124680 Time elapsed: 5 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  9. A couple of Google searches, a couple of netsh commands later, and the computer is recovered from the 10107 errors, and MBAM and Firefox now work as before. Unless you have any last minute dire warnings about the infections that SuperAntiSpyware found and fixed, I'll be returning the computer to my brother shortly (tomorrow at the earliest).
  10. Just a few comments off the top of my head... STEP 01 - Those were files (not directories), and the date/time stamps closely match when the XP Security Tool 2010 infection occurred. I believe they are likely to be random-named counterparts corresponding to the files identified as QJyrk5wvCU1 in this post. I could just delete them, unless you think it would be safer to drop them into a CFScript.txt and run ComboFix. STEP 05 - That's the same primary DNS I have under my TCP settings, and appears to be valid (Comcast is my ISP). STEP 06 - Already!? Didn't they just release update 18 less than two weeks ago? (Of course I'll go ahead and update it.) I shall follow those steps when I get home from work in a couple of hours.
  11. Okay. maybe I'm not quite done yet after all. After uninstalling AVG and installing Avast and SuperAntiSpyware, now all of a sudden I'm getting "MBAM_ERROR_UPDATING (10107, 0, WinHttpResponse) A system call that should never fail has failed." Additionally I am now unable to access the web in Firefox. SASW found and quarantined some things no previous scan had detected. Among them are two registry keys that it flagged under Trojan.Agent/Gen-Alureon, and 29 .DLL files from c:\windows\system32 that it flagged as Rogue.Agent/Gen-Nullo[DLL] I'm tempted to Restore the files, and see if it resolves the MBAM error and the web access problem, but neither do I want to ignore the possibility that it found a previously undetected infection of some sort.
  12. The computer is back running again. Apparently it was a problem with the memory modules. After a bit of finaggling with them I've got it running again with 2G (vs. 4G it had before) and I'm going to see if I can get if not all 4G at least 3G of it working again. But it does not appear there was any problem with ComboFix or my c: drive.
  13. Arrgh! My computer was suddenly getting very laggy performance doing certain things, so I decided to close everything and reboot. And now all of a sudden won't boot up. When I power it on, it just keeps beeping at me five times, over and over. I can't get it to safe mode or even a setup screen. I have no idea whether it's something that happened as a result of running ComboFix, or is a hardware or HD problem that happened to choose this moment to rear its head. I do, however, have a backup computer and have the ability to pull the boot drive from the main computer and plug it into that one.
  14. Done... That ran faster than I expected (and it didn't even reboot). Three files that are not mentioned anywhere in the log that I had somewhat expected are these: C:\Documents and Settings\All Users\Application Data\VH56DJI7u87yo C:\Documents and Settings\Joe\Local Settings\Application Data\VH56DJI7u87yo C:\Documents and Settings\Joe\Templates\VH56DJI7u87yo A fourth file that was present a couple of days ago was no longer present. I'm guessing ComboFix removed it, but it's possible I did and didn't realize it: C:\Documents and Settings\Joe\Local Settings\temp\VH56DJI7u87yo A few other files in these directories that look suspicious to me: C:\Documents and Settings\Joe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini C:\Documents and Settings\Joe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT C:\Documents and Settings\Joe\Local Settings\Application Data\fusioncache.dat C:\Documents and Settings\Joe\Local Settings\temp\c98e020c-aebc-46d7-a491-7d91bd2b7e60.mht One other symptom I hadn't mentioned previously - my default broswer was changed to MSIE a few days ago (this was well after I had cleaned up the initial infection and changed it back to Firefox). Just now after running ComboFix I noticed it had been changed to MSIE again. This time I know it had bee Firefox as recently as a couple of hours ago and I don't think I did anything to change it. Would ComboFix do that? Without further ado, here is the log... ComboFix.txt: ComboFix 10-03-29.04 - Joe 03/30/2010 22:04:02.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3584.2770 [GMT -5:00] Running from: c:\documents and settings\Joe\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\CPQDIAG.EXE c:\windows\system32\CMMGR32.EXE c:\windows\YOURAPP.EXE . ((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-31 ))))))))))))))))))))))))))))))) . 2010-03-30 13:57 . 2010-03-30 13:57 516480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerAddin.dll 2010-03-26 04:19 . 2010-01-22 18:11 62800 ----a-w- c:\documents and settings\Me\Application Data\Mozilla\Firefox\Profiles\ls0u18xg.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll 2010-03-26 04:19 . 2010-03-26 04:19 -------- d-----w- c:\documents and settings\Me\Local Settings\Application Data\AVG Security Toolbar 2010-03-26 04:15 . 2010-03-26 04:15 -------- d-sh--w- c:\documents and settings\Me\IETldCache 2010-03-25 05:23 . 2010-03-25 05:23 -------- d-----w- c:\documents and settings\Joe\Application Data\Auslogics 2010-03-25 05:23 . 2010-03-25 05:23 -------- d-----w- c:\program files\Auslogics 2010-03-25 05:17 . 2010-03-25 05:17 503808 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2de80eef-n\msvcp71.dll 2010-03-25 05:17 . 2010-03-25 05:17 499712 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2de80eef-n\jmc.dll 2010-03-25 05:17 . 2010-03-25 05:17 348160 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2de80eef-n\msvcr71.dll 2010-03-25 05:17 . 2010-03-25 05:17 61440 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-64a700e1-n\decora-sse.dll 2010-03-25 05:17 . 2010-03-25 05:17 12800 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-64a700e1-n\decora-d3d.dll 2010-03-24 23:36 . 2010-03-24 23:36 -------- d-----w- c:\documents and settings\Joe\Application Data\AVG9 2010-03-24 17:05 . 2010-03-24 17:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp 2010-03-22 05:32 . 2010-03-22 05:32 152576 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2010-03-22 05:30 . 2010-03-22 05:31 79488 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-21 21:37 . 2010-03-21 21:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-03-21 20:16 . 2010-03-21 20:26 -------- d-----w- c:\documents and settings\Joe\dwhelper 2010-03-15 05:09 . 2010-03-15 05:09 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll 2010-03-15 05:09 . 2010-03-15 05:09 17480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll 2010-03-15 05:06 . 2010-03-15 05:06 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-03-15 05:06 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe 2010-03-14 13:44 . 2010-03-14 13:44 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-03-14 13:44 . 2010-03-14 13:44 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys 2010-03-14 13:44 . 2010-03-14 13:44 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys 2010-03-14 13:44 . 2010-03-14 13:44 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-14 07:12 . 2010-03-14 07:12 766 ----a-r- c:\documents and settings\Joe\Application Data\Microsoft\Installer\{9362ED08-0D76-4C8B-B039-614D45B0C786}\_4ae13d6c.exe 2010-03-14 07:12 . 2010-03-14 07:12 -------- d-----w- c:\program files\Ruud 2010-03-12 02:33 . 2010-03-12 02:33 -------- d-----w- c:\program files\FFmpeg for Audacity 2010-03-12 00:17 . 2010-03-31 02:56 -------- d-----w- c:\documents and settings\Joe\Local Settings\Application Data\ApexDC++ 2010-03-12 00:17 . 2010-03-31 02:56 -------- d-----w- c:\documents and settings\Joe\Application Data\ApexDC++ 2010-03-11 01:48 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-31 03:00 . 2009-01-25 08:21 -------- d-----w- c:\program files\Trillian 2010-03-30 23:25 . 2009-01-25 06:38 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-03-30 05:50 . 2009-02-01 04:20 -------- d-----w- c:\documents and settings\Joe\Application Data\Simple Sudoku 2010-03-30 03:14 . 2009-01-25 20:52 -------- d-----w- c:\documents and settings\Joe\Application Data\Winamp 2010-03-30 03:13 . 2009-01-28 05:43 -------- d-----w- c:\program files\AQScript 2010-03-30 03:13 . 2009-01-30 00:45 -------- d-----w- c:\documents and settings\Joe\Application Data\foobar2000 2010-03-30 00:54 . 2010-01-09 07:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-30 00:54 . 2010-01-09 18:55 5918720 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-03-29 20:24 . 2010-01-09 11:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-29 20:24 . 2010-01-09 11:10 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-25 05:22 . 2010-01-11 14:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-03-25 05:17 . 2009-02-15 20:36 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-22 05:33 . 2009-01-19 05:56 -------- d-----w- c:\program files\Java 2010-03-21 20:32 . 2009-05-26 02:17 -------- d-----w- c:\program files\Mp3tag 2010-03-21 04:42 . 2010-01-09 07:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-03-20 04:10 . 2010-02-23 00:03 -------- d-----w- c:\program files\Links 2003 2010-03-15 05:09 . 2009-11-26 18:15 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-03-15 05:09 . 2009-11-26 18:14 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys 2010-03-15 05:09 . 2009-11-26 18:14 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll 2010-03-15 05:09 . 2009-05-31 06:50 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe 2010-03-15 05:09 . 2009-01-25 08:05 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-03-15 05:09 . 2009-11-26 18:14 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll 2010-03-15 05:09 . 2009-11-26 18:14 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll 2010-03-15 05:09 . 2009-06-21 06:50 6330848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll 2010-03-15 05:06 . 2009-01-25 07:49 -------- d-----w- c:\program files\Lavasoft 2010-03-14 13:44 . 2009-01-19 06:07 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-03-14 13:44 . 2009-01-19 06:07 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-03-14 13:44 . 2009-01-19 06:07 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-14 09:19 . 2009-01-25 04:08 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-03-12 02:36 . 2009-06-07 06:34 -------- d-----w- c:\documents and settings\Joe\Application Data\Audacity 2010-03-12 00:30 . 2009-12-05 02:16 -------- d-----w- c:\program files\ApexDC++ 2010-03-11 14:59 . 2009-11-26 18:15 482288 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-03-11 14:57 . 2009-01-19 06:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-03-01 12:15 . 2009-09-27 06:50 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe 2010-02-26 00:48 . 2010-02-26 00:47 -------- d-----w- c:\program files\VS60 2010-02-23 00:08 . 2010-02-23 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Links 2003 2010-02-08 14:52 . 2010-01-19 05:42 -------- d-----w- c:\program files\SpywareGuard 2010-02-08 14:51 . 2010-01-19 05:37 -------- d-----w- c:\program files\SpywareBlaster 2010-02-06 06:57 . 2009-07-22 02:31 -------- d-----w- c:\program files\Google 2010-02-04 16:01 . 2010-02-18 02:13 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll 2010-02-04 16:01 . 2010-02-18 02:13 528216 ----a-w- c:\windows\system32\XAudio2_6.dll 2010-02-04 16:01 . 2010-02-18 02:13 238936 ----a-w- c:\windows\system32\xactengine3_6.dll 2010-02-04 16:01 . 2010-02-18 02:13 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll 2010-02-04 15:53 . 2009-01-25 07:50 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-01-30 22:38 . 2009-02-04 03:35 -------- d-----w- c:\program files\Paint Shop Pro 7 2010-01-27 12:15 . 2009-06-21 06:50 8 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll 2010-01-09 11:14 . 2009-02-01 00:50 91840 ----a-w- c:\documents and settings\Joe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-11-25 19:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay] @="{80E008A4-EAE7-4867-AEB0-1A245F070F25}" [HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}] 2009-05-13 21:38 679936 ----a-w- c:\program files\Perforce\p4exp.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay] @="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}" [HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}] 2009-05-13 21:38 679936 ----a-w- c:\program files\Perforce\p4exp.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay] @="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}" [HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}] 2009-05-13 21:38 679936 ----a-w- c:\program files\Perforce\p4exp.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-30 818256] "P17Helper"="P17.dll" [2005-05-04 64512] "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792] "ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-07-27 81920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "DefaultP17MIDI"="MIDIDEF.EXE" [2002-12-03 49152] "DefaultP17"="P17Def.Exe" [2005-05-03 20480] c:\documents and settings\Joe\Start Menu\Programs\Startup\ Webshots.lnk - c:\program files\Webshots\Launcher.exe [2009-1-27 63064] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-03-14 13:44 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] 2004-08-04 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2004-07-27 22:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] 2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] 2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "eabconfg.cpl"=c:\program files\HPQ\Quick Launch Buttons\EabServr.exe /Start "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" "WinampAgent"="c:\program files\Winamp\winampa.exe" "SynTPLpr"=c:\program files\Synaptics\SynTP\SynTPLpr.exe "SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe "Smapp"=c:\program files\Analog Devices\SoundMAX\SMTray.exe "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" "DrvLsnr"=c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe "ChkAdmin"=c:\progra~1\Compaq\COMPAQ~1\CHKADMIN.EXE "ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-] "CPQDFWAG"=c:\windows\Cpqdiag\CpqDfwAg.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Trillian\\trillian.exe"= "c:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-2.4.1.8125-to-2.4.2.8278-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Sid Meier's Civilization 4 Gold\\Civilization4.exe"= "c:\\Program Files\\Sid Meier's Civilization 4 Gold\\Warlords\\Civ4Warlords.exe"= "c:\\Program Files\\Trebuchet Tk\\tclkit\\tcl-kit.exe"= "c:\\Program Files\\LeechFTP\\Leechftp.exe"= "c:\\Program Files\\
  15. SASW=SuperAntiSpyWare I found out how to disable TeaTimer without uninstalling Spybot. I will pass along the suggestion to my brother about getting the paid version of MBAM (I'll probably get it for my own computer) but anything involving spending money will have to be his decision. No, I think you've helped as much as I need, and there seem to be plenty of others who can use your expertise. Thank you very much for all of your assistance.
  16. There are malware infections that create registry keys that are "locked", i.e. impossible to remove, modify, or rename, as well as files that cannot be deleted, renamed, or even looked at (the case I'm familiar with involved a rootkit). There are malware infections that modify registry keys to undesired values. Would it be possible, or very effective, for the good guys to employ the same kind of tricks? That is, produce an anti-malware tool that would "lock" certain files or registry keys to their known good values and allow the user to control of what's locked. Or does such a tool already exist?
  17. Since there hadn't been a response to this thread in over a week, this is a combination bump, and repost of current versions of the logs below (to reflect any changes since the original ones were produced). MBAM 1.45 is currently giving me a clean scan. Attach.txt: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 1/16/2009 3:39:48 PM System Uptime: 3/25/2010 8:23:27 AM (110 hours ago) Motherboard: Hewlett-Packard | | 08B4h Processor: Intel® Xeon CPU 3.20GHz | XU1 PROCESSOR | 3200/800mhz Processor: Intel® Xeon CPU 3.20GHz | XU2 PROCESSOR | 3200/800mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 298 GiB total, 220.765 GiB free. D: is CDROM () E: is CDROM () F: is FIXED (NTFS) - 466 GiB total, 75.677 GiB free. G: is FIXED (NTFS) - 932 GiB total, 308.31 GiB free. ==== Disabled Device Manager Items ============= Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: SCSI Controller Device ID: PCI\VEN_1000&DEV_0030&SUBSYS_12F1103C&REV_07\5&D4388E4&0&280018 Manufacturer: Name: SCSI Controller PNP Device ID: PCI\VEN_1000&DEV_0030&SUBSYS_12F1103C&REV_07\5&D4388E4&0&280018 Service: Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: SCSI Controller Device ID: PCI\VEN_1000&DEV_0030&SUBSYS_12F1103C&REV_07\5&D4388E4&0&290018 Manufacturer: Name: SCSI Controller PNP Device ID: PCI\VEN_1000&DEV_0030&SUBSYS_12F1103C&REV_07\5&D4388E4&0&290018 Service: Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318} Description: Synaptics PS/2 Port Pointing Device Device ID: ACPI\PNP0F13\4&369939D9&0 Manufacturer: Synaptics Name: Synaptics PS/2 Port Pointing Device PNP Device ID: ACPI\PNP0F13\4&369939D9&0 Service: i8042prt Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318} Description: Quick Launch Buttons Device ID: ACPI\PNP0303\4&369939D9&0 Manufacturer: Hewlett-Packard Name: Quick Launch Buttons PNP Device ID: ACPI\PNP0303\4&369939D9&0 Service: i8042prt ==== System Restore Points =================== RP13: 1/19/2010 12:18:20 AM - Installed Super Ad Blocker RP14: 1/19/2010 6:53:03 PM - Software Distribution Service 3.0 RP15: 1/21/2010 1:35:33 AM - System Checkpoint RP16: 1/21/2010 6:48:52 PM - Removed Super Ad Blocker RP17: 1/22/2010 8:51:29 AM - Software Distribution Service 3.0 RP18: 1/23/2010 9:06:29 AM - System Checkpoint RP19: 1/24/2010 11:02:50 AM - System Checkpoint RP20: 1/25/2010 11:06:29 AM - System Checkpoint RP21: 1/26/2010 11:09:09 AM - System Checkpoint RP22: 1/27/2010 9:16:15 AM - Avg8 Update RP23: 1/28/2010 9:24:14 AM - System Checkpoint RP24: 1/29/2010 9:30:33 AM - System Checkpoint RP25: 1/30/2010 10:55:26 AM - System Checkpoint RP26: 1/31/2010 11:10:28 AM - System Checkpoint RP27: 2/1/2010 11:34:52 AM - System Checkpoint RP28: 2/2/2010 12:34:52 PM - System Checkpoint RP29: 2/3/2010 1:34:53 PM - System Checkpoint RP30: 2/4/2010 2:34:12 PM - System Checkpoint RP31: 2/5/2010 2:53:17 PM - System Checkpoint RP32: 2/6/2010 4:39:32 PM - System Checkpoint RP33: 2/7/2010 4:53:22 PM - System Checkpoint RP34: 2/8/2010 4:59:46 PM - System Checkpoint RP35: 2/9/2010 5:59:47 PM - System Checkpoint RP36: 2/10/2010 7:23:55 AM - Software Distribution Service 3.0 RP37: 2/11/2010 7:43:31 AM - System Checkpoint RP38: 2/12/2010 9:35:42 AM - System Checkpoint RP39: 2/13/2010 9:38:35 AM - System Checkpoint RP40: 2/14/2010 9:43:31 AM - System Checkpoint RP41: 2/15/2010 9:44:39 AM - System Checkpoint RP42: 2/16/2010 10:43:33 AM - System Checkpoint RP43: 2/17/2010 11:43:34 AM - System Checkpoint RP44: 2/17/2010 8:11:03 PM - Installed Visual C++ 8.0 Runtime Setup Package RP45: 2/17/2010 8:12:35 PM - Installed DirectX RP46: 2/19/2010 12:29:21 AM - System Checkpoint RP47: 2/20/2010 1:06:16 AM - System Checkpoint RP48: 2/21/2010 1:13:37 AM - System Checkpoint RP49: 2/22/2010 2:06:15 AM - System Checkpoint RP50: 2/23/2010 3:06:18 AM - System Checkpoint RP51: 2/24/2010 4:06:25 AM - System Checkpoint RP52: 2/24/2010 7:59:19 AM - Software Distribution Service 3.0 RP53: 2/25/2010 8:06:18 AM - System Checkpoint RP54: 2/26/2010 8:52:26 AM - System Checkpoint RP55: 2/27/2010 4:49:08 PM - System Checkpoint RP56: 3/1/2010 1:01:24 AM - System Checkpoint RP57: 3/2/2010 1:06:18 AM - System Checkpoint RP58: 3/3/2010 1:15:30 AM - System Checkpoint RP59: 3/4/2010 1:21:07 AM - System Checkpoint RP60: 3/5/2010 1:29:38 AM - System Checkpoint RP61: 3/6/2010 2:24:03 AM - System Checkpoint RP62: 3/7/2010 3:06:18 AM - System Checkpoint RP63: 3/8/2010 3:08:00 AM - System Checkpoint RP64: 3/9/2010 3:09:04 AM - System Checkpoint RP65: 3/10/2010 4:08:30 AM - System Checkpoint RP66: 3/11/2010 5:08:00 AM - System Checkpoint RP67: 3/11/2010 8:53:13 AM - Software Distribution Service 3.0 RP68: 3/12/2010 9:06:18 AM - System Checkpoint RP69: 3/13/2010 9:58:38 AM - System Checkpoint RP70: 3/14/2010 2:12:13 AM - Installed SumoCue RP71: 3/14/2010 8:43:00 AM - Avg8 Update RP72: 3/14/2010 8:44:57 AM - Avg Update RP73: 3/15/2010 9:33:16 AM - System Checkpoint RP74: 3/16/2010 10:15:29 AM - System Checkpoint RP75: 3/17/2010 9:27:24 AM - Avg Update RP76: 3/18/2010 9:58:46 AM - System Checkpoint RP77: 3/19/2010 10:11:25 AM - System Checkpoint RP78: 3/20/2010 11:09:09 AM - System Checkpoint RP79: 3/21/2010 11:09:40 AM - System Checkpoint RP80: 3/21/2010 3:04:02 PM - Removed Ask Toolbar. RP81: 3/22/2010 12:32:46 AM - Installed Java 6 Update 17 RP82: 3/23/2010 10:03:52 AM - System Checkpoint RP83: 3/24/2010 10:23:12 AM - System Checkpoint RP84: 3/25/2010 12:16:25 AM - Removed Java 6 Update 12 RP85: 3/25/2010 12:17:00 AM - Installed Java 6 Update 18 RP86: 3/26/2010 2:06:24 AM - System Checkpoint RP87: 3/27/2010 2:10:43 AM - System Checkpoint RP88: 3/28/2010 3:12:24 AM - System Checkpoint RP89: 3/29/2010 9:09:54 AM - System Checkpoint ==== Installed Programs ====================== 7-Zip 4.64 AAC Decoder Acrobat.com Ad-Aware Ad-Aware Email Scanner for Outlook Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.2 Adobe Reader 9.3.1 Advertising Center Album Art Downloader XUI 0.34.1 ApexDC++ 1.3.1 (32-bit) Apple Application Support Apple Software Update AQScript LM-2.5 Audacity 1.3.10 (Unicode) Auslogics Disk Defrag AutoUpdate AVG Free 9.0 Broadcom Gigabit Integrated Controller Compaq Wireless LAN Creative MediaSource Creative MediaSource 5 Creative Software AutoUpdate Creative System Information Creative WaveStudio 7 Defraggler (remove only) Diagnostics for Windows DivX Codec DivX Converter DivX Player DivX Plus DirectShow Filters DivX Version Checker DivX Web Player DolbyFiles DoremiSoft FLV to WAV Converter 1.6 EULAlyzer 2.0 Exact Audio Copy v0.9 beta 4 FFmpeg for Audacity on Windows FileAlyzer foobar2000 v0.9.6.1 Freez FLV to MP3 Converter GameSpy Comrade Google Chrome Google Earth Google Update Helper Google Updater H.264 Decoder HD Tune 2.55 HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) HP Integrated Wireless LAN W400-W500 Driver HP Mobile Printing HP Product Detection ImagXpress Insight Management Agent Intel® PRO Network Connections 12.1.14.1 InterVideo WinDVD Java 2 Runtime Environment, SE v1.4.2 Java Auto Updater Java 6 Update 18 Katawa Shoujo Act 1 LAME v3.98.2 for Audacity Last.fm 1.5.4.24567 LightScribe System Software 1.12.29.2 LJ Comment Stats Wizard 1.7 Malwarebytes' Anti-Malware MediaMonkey 3.2 Menu Templates - Starter Kit Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Links 2003 Microsoft National Language Support Downlevel APIs Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 MKV Splitter Mozilla Firefox (3.6.2) Mozilla Thunderbird (3.0.3) mp3splt Mp3tag v2.46a MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser MusicIP Mixer 1.9 Nero 9 Trial Nero BurnRights Nero ControlCenter Nero CoverDesigner Nero DiscSpeed Nero DriveSpeed Nero InfoTool Nero Installer Nero Recode Nero Rescue Agent Nero StartSmart Nero WaveEditor NeroBurningROM NeroExpress neroxml NVIDIA Drivers O2Micro MemoryCardBus Windows Driver O2Micro SmartCardBus Reader Windows Driver Installer PeerGuardian 2.0 Perforce Visual Components Python 2.6.2 Python 3.0.1 Quick Launch Buttons 5.00 C2 QuickTime RegAlyzer (OpenSBI Edition) Remote Diagnostics Enabling Agent Remote Services Driver Roxio Audio Module Roxio Copy Module Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Data Module Roxio DLA Roxio Drag-to-Disc Roxio Express Labeler Roxio Update Manager RunAlyzer Seagate Manager Installer Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB978380) Security Update for Microsoft Office Excel 2007 (KB978382) Security Update for Microsoft Office Outlook 2007 (KB972363) Security Update for Microsoft Office PowerPoint 2007 (KB957789) Security Update for Microsoft Office Publisher 2007 (KB969693) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB969604) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978706) SHOUTcast Source DSP 1.9.0 (remove only) Sid Meier's Civilization 4 Gold Simple Sudoku 4.2 Sonic Activation Module Sound Blaster Audigy SoundMAX Sparkplayer (Beta) Spelling Dictionaries Support For Adobe Reader 9 Spybot - Search & Destroy SumoCue Synaptics Pointing Device Driver Texas Instruments PCIxx20 drivers. TIPCIxx20 Trillian Tweak UI Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office InfoPath 2007 (KB976416) Update for Outlook 2007 Junk Email Filter (kb979895) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VC80CRTRedist - 8.0.50727.762 Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Visual C++ 8.0 Runtime Setup Package WebFldrs XP Webshots Desktop Winamp Winamp Application Detect Winamp Toolbar for Firefox Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format Runtime Windows XP Service Pack 3 WinRAR archiver WinZip 12.0 World of Warcraft ==== Event Viewer Messages From Past Week ======== 3/24/2010 9:01:13 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eabfiltr SABKUTIL 3/24/2010 8:48:25 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avg9wd service. 3/24/2010 7:01:40 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SABKUTIL 3/24/2010 6:17:44 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000000, parameter2 0000001c, parameter3 00000001, parameter4 86dd6c04. ==== End Of File =========================== DDS.txt: DDS (Ver_10-03-17.01) - NTFSx86 Run by Joe at 22:31:09.82 on Mon 03/29/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3584.2685 [GMT -5:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\Cpqdiag\Cpqdfwag.exe C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe C:\Program Files\Last.fm\LastFM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Documents and Settings\Joe\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRunOnce: [AVG Security Toolbar_FF_UpdateProcess] "c:\program files\avg\avg9\toolbar\firefox\avg@igeared\..\..\toolbarbroker.exe" /ffcheckupdate "c:\program files\avg\avg9\toolbar\firefox\avg@igeared" mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mRun: [P17Helper] Rundll32 P17.dll,P17Helper mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iSUSScheduler] "c:\progra~1\common~1\instal~1\update~1\issch.exe" -start mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent dRunOnce: [DefaultP17MIDI] MIDIDEF.EXE dRunOnce: [DefaultP17] P17Def.Exe StartupFolder: c:\docume~1\joe\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab TCP: {6CE094A5-05EB-451A-AED9-40B575995175} = 68.87.72.130,68.87.77.130 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: avgrsstarter - avgrsstx.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\joe\applic~1\mozilla\firefox\profiles\xm8ci6xx.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - plugin: c:\documents and settings\joe\my documents\sparkplay media\sparkplayer (beta)\npSparkPlayerNS.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-25 64288] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-19 216200] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-19 29512] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-19 242696] R1 ClntMgmt;HP Client Management Driver;c:\windows\system32\drivers\Clntmgmt.sys [2009-1-19 55336] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-14 916760] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-14 308064] R2 cpqWebDmi;Insight Web Agent;c:\progra~1\compaq\compaq~1\cpqweb~1\WebDmi.exe [2009-1-19 24576] R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1263728] S1 SABKUTIL;SABKUTIL;\??\c:\program files\super ad blocker\sabkutil.sys --> c:\program files\super ad blocker\SABKUTIL.sys [?] S2 gupdate1ca0a75299722a4;Google Update Service (gupdate1ca0a75299722a4);c:\program files\google\update\GoogleUpdate.exe [2009-7-21 133104] =============== Created Last 30 ================ 2010-03-25 05:23:04 0 d-----w- c:\docume~1\joe\applic~1\Auslogics 2010-03-25 05:23:00 0 d-----w- c:\program files\Auslogics 2010-03-25 05:17:25 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-03-24 23:36:15 0 d-----w- c:\docume~1\joe\applic~1\AVG9 2010-03-21 20:16:17 0 d-----w- c:\documents and settings\joe\dwhelper 2010-03-15 05:06:30 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-03-14 13:44:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-14 07:12:14 0 d-----w- c:\program files\Ruud 2010-03-12 02:33:55 0 d-----w- c:\program files\FFmpeg for Audacity 2010-03-12 00:17:25 0 d-----w- c:\docume~1\joe\applic~1\ApexDC++ 2010-03-11 01:48:45 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe ==================== Find3M ==================== 2010-03-29 20:24:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-29 20:24:46 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-25 05:17:07 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-15 05:09:17 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-03-15 05:09:15 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-03-14 13:44:45 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-03-14 13:44:04 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-02-04 16:01:14 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll 2010-02-04 16:01:14 528216 ----a-w- c:\windows\system32\XAudio2_6.dll 2010-02-04 16:01:14 238936 ----a-w- c:\windows\system32\xactengine3_6.dll 2010-02-04 16:01:14 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll 2010-02-04 15:53:02 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-01-25 08:16:48 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011220090119\index.dat 2009-01-25 08:16:48 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009012520090126\index.dat ============= FINISH: 22:31:41.17 =============== hijackthis.log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:34:43 PM, on 3/29/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\Cpqdiag\Cpqdfwag.exe C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe C:\Program Files\Last.fm\LastFM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HiJackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iSUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [AVG Security Toolbar_FF_UpdateProcess] "C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\..\..\ToolbarBroker.exe" /FFCHECKUPDATE "C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared" O4 - HKUS\S-1-5-18\..\RunOnce: [DefaultP17MIDI] MIDIDEF.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [DefaultP17] P17Def.Exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [DefaultP17MIDI] MIDIDEF.EXE (User 'Default user') O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15106/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6CE094A5-05EB-451A-AED9-40B575995175}: NameServer = 68.87.72.130,68.87.77.130 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Insight Local Alerter (CPQALERT) - Hewlett-Packard Company - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe O23 - Service: Insight Web Agent (cpqWebDmi) - Hewlett-Packard Company - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Remote Diagnostics Enabling Agent (DfwWebAgent) - Hewlett-Packard - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe O23 - Service: Google Update Service (gupdate1ca0a75299722a4) (gupdate1ca0a75299722a4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe -- End of file - 10035 bytes
  18. Most of the instructions are done. The HTML1.1 setting it recommended wouldn't stick. I reduced the restore space down to about 3% but PCPitStop still thinks I have too much. There were a couple of browser items in CCleaner I wasn't comfortable checking (including the saved passwords) and would rather let my brother make that call himself when he gets the computer back. PCPitStop, though it was good for identifying out of date drivers, was next to useless at actually providing updates and I had to google them from other sources. At least three of the four installers added startup/tray applications that I had to go back and remove and two left behind installshield directories. But they all apper to be working well. The updated report is in the same place as before. Overall, it's performing better. Hopefully it'll improve further after the replacing AVG with Avast, and I'll probably replace Spybot with SASW as well (if Spybot will let me I'll disable TeaTimer but keep it installed so it can still be used as a foreground app).
  19. Okay, a couple of things about the computer. As noted previously, it's my brother's computer, and I need to get it back to him within a few more days. Are you comfortable saying that it's free of malware at this point? That's the only thing that's really a deal-breaker as far as it being ready to return to him. Beyond that, I'd like to make sure it's got adequate measures in place to safeguard it from future malware infections (not foolfproof, obviously, since as I'm sure you're well aware, malware developers keep coming up with new tricks). Finally, I'd like to get it performing better than it was, which led up to the last couple of notes. And yes, it's a 7-year old computer they're trying to keep usable for another year or two until their youngest son gets his own computer.
  20. Uninstall Ad-Aware done. Performance seems to be somewhat improved though still slow. Attempted to run the PCPitstop tests. I did at one point finally get it to run (I hope I ran the right test; the page you pointed me to offered a few different ones). I did eventually get the test to run (one of them) and it dispalyed the results, but it didn't give me a URL were the results screen was saved, and it was a graphically-oriented display that didn't lent itself to being cut-and-pasted here. Finally I got it to run again (a different report, I think). The results are here.
  21. Does MBAM (free edition) include a resident Adware monitor, or do I have to get the full version to have that feature? The crucial link confirmed that the particular brand and model of the computer only supports memory modules up to 512M.
  22. Combofix uninstall done. Delete SecurityCheck done. Uninstall Java SE done. Microsoft Updates done, although it took about three or four iterations before it wasn't finding anything new that needed updating. Although there's no evidence of any new or previously undetected malware, the performance of the system has taken a nosedive. It was getting worse over the last few days, and watching activity under task manager suggests that AVG and/or Ad-Aware may be responsible for a lot of the activity that's taking up resources. So now I have that to figure out. An MBAM quick scan this morning came up clean but took twice as long as it did a few days ago.
  23. I've been working with one of the experts to get a computer cleaned up (and if at all possible I'll postpone changing anything per the discussion below until that's completed). The computer is several years old, has 448M of memory (an attempt to upgrade one of the 256M memory chips to a 1G was unsuccessful; either the motherboard doesn't recognize DRAMs larger than 512M or it's very particular about the memory chipsets it will recognize). It's running Windows XP SP3 Home Edition. It currently has both Ad-Aware and Spybot S&D on it, and currently both install their memory resident extensions (AAWService/AAWTray and TeaTimer respectively). Since this computer is memory constrained, I'm wondering if it would still be adequately protected if it ran only one or the other, not both, at least in resident mode, and if so, which is the better one to keep. For that matter, is it a good idea in general to have both of these boot-loading and memory resident at the same time? I've been running both on another computer for some months now and they've gotten along fine, but that computer has a lot more memory to work with. I also realize that it's probably a good idea to keep both (plus MBAM) for running periodic foreground scans, at least unless one refuses to NOT load on startup. The computer in question also currently has AVG 9.0 on it, which according to some sources is a resource hog, so I'm planning to uninstall that and install Avast or Avira instead. I'm leaning toward Avast, but any suggestions on which of the two would be better in this situation would be appreciated
  24. The F-Secure report: Scanning Report Thursday, March 25, 2010 20:49:39 - 23:05:19 Computer name: YOUR-RVLNHR6V8D Scanning type: Scan system for malware, spyware and rootkits Target: C:\ D:\ -------------------------------------------------------------------------------- 7 malware found TrackingCookie.Adinterax (spyware) System (Disinfected) TrackingCookie.2o7 (spyware) System (Disinfected) Suspicious:W32/Malware!Gemini (spyware) System (Disinfected) TrackingCookie.Revsci (spyware) System (Disinfected) TrackingCookie.Zanox (spyware) System (Disinfected) TrackingCookie.Atwola (spyware) System (Disinfected) Suspicious:W32/Malware!Gemini (virus) C:\PROGRAM FILES\YAHOO! GAMES\PUZZLEINLAY\PUZZLEINLAY.EXE (Not cleaned) -------------------------------------------------------------------------------- Statistics Scanned: Files: 45371 System: 4342 Not scanned: 45 Actions: Disinfected: 6 Renamed: 0 Deleted: 0 Not cleaned: 1 Submitted: 0 Files not scanned: C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\WINDOWS\$NTUNINSTALLKB835732$\CALLCONT.DLL C:\WINDOWS\$NTUNINSTALLKB835732$\GDI32.DLL C:\WINDOWS\$NTUNINSTALLKB835732$\H323.TSP C:\WINDOWS\$NTUNINSTALLKB835732$\H323MSP.DLL C:\WINDOWS\$NTUNINSTALLKB835732$\HELPCTR.EXE C:\WINDOWS\$NTUNINSTALLKB835732$\MSASN1.DLL C:\WINDOWS\$NTUNINSTALLKB835732$\MF3216.DLL C:\WINDOWS\$NTUNINSTALLKB835732$\IPNATHLP.DLL C:\WINDOWS\$NTUNINSTALLKB835732$\LSASRV.DLL C:\WINDOWS\$NTUNINSTALLKB835732$\MSGINA.DLL C:\WINDOWS\$NTUNINSTALLKB835732$\MST120.DLL C:\WINDOWS\$NTUNINSTALLKB835732$\NMCOM.DLL C:\WINDOWS\$NTUNINSTALLKB835732$\NETAPI32.DLL C:\WINDOWS\$NTUNINSTALLKB835732$\RTCDLL.DLL C:\WINDOWS\$NTUNINSTALLKB835732$\SCHANNEL.DLL C:\WINDOWS\$NTUNINSTALLKB828741$\CATSRVUT.DLL C:\WINDOWS\$NTUNINSTALLKB828741$\CATSRV.DLL C:\WINDOWS\$NTUNINSTALLKB828741$\CLBCATEX.DLL C:\WINDOWS\$NTUNINSTALLKB828741$\CLBCATQ.DLL C:\WINDOWS\$NTUNINSTALLKB828741$\COLBACT.DLL C:\WINDOWS\$NTUNINSTALLKB828741$\COMADMIN.DLL C:\WINDOWS\$NTUNINSTALLKB828741$\COMREPL.EXE C:\WINDOWS\$NTUNINSTALLKB828741$\COMSVCS.DLL C:\WINDOWS\$NTUNINSTALLKB828741$\MIGREGDB.EXE C:\WINDOWS\$NTUNINSTALLKB828741$\ES.DLL C:\WINDOWS\$NTUNINSTALLKB828741$\COMUID.DLL C:\WINDOWS\$NTUNINSTALLKB828741$\MSDTCPRX.DLL C:\WINDOWS\$NTUNINSTALLKB828741$\MTXCLU.DLL C:\WINDOWS\$NTUNINSTALLKB828741$\MSDTCUIU.DLL C:\WINDOWS\$NTUNINSTALLKB828741$\MSDTCTM.DLL C:\WINDOWS\$NTUNINSTALLKB828741$\MTXOCI.DLL C:\WINDOWS\$NTUNINSTALLKB828741$\TXFLOG.DLL C:\WINDOWS\$NTUNINSTALLKB828741$\RPCRT4.DLL C:\WINDOWS\$NTUNINSTALLKB828741$\RPCSS.DLL C:\WINDOWS\$NTUNINSTALLKB828741$\OLE32.DLL C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\HSPERFDATA_OWNER\2700 C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\HSPERFDATA_OWNER\1876 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EA563F5ED0B8EA72081A19B9B561DD25_5259E984-4C04-4341-94FF-4A2B73F0F56D C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\BRODERBUND SOFTWARE\PRINT\PRINTMASTER\PMWPRINT.INI -------------------------------------------------------------------------------- Options Scanning engines: Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR Use advanced heuristics -------------------------------------------------------------------------------- Copyright
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.