Jump to content

capthook

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

 Content Type 

Everything posted by capthook

  1. capthook
    Sweet! All done! I spent 14 hours trying to fix this issue myself... was getting close to considering a windows re-install. You made quick work of a seemingly impossible task. You are a scholar and a gentleman and your help has been amazing! All the best to you and yours :-D
  2. capthook
    Looks great! All fixes have held: 'C' drive back, windows update ok, hard drive good Guess I need to re-install java and adobe reader now? And AVG anti-virus is no longer in the lower-right system tray but running.
  3. capthook
    Ok - new ComboFix log: ComboFix 10-06-02.04 - JCP 06/03/2010 16:28:07.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.571 [GMT -4:00] Running from: c:\documents and settings\JCP\Desktop\Spybot etc\Malwarebytes tools\Combo-Fix.exe Command switches used :: c:\documents and settings\JCP\Desktop\Spybot etc\Malwarebytes tools\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FILE :: "c:\documents and settings\JCP\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Avira c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\addr_file.html c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\avevtdb.dbe c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\IDX\master.idx c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\JOBS\produpd.avj c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\JOBS\scanjob.avj c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\JOBS\startupd.avj c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\JOBS\updjob.avj c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\LOGFILES\avguard.log c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\LOGFILES\AVSCAN-20100602-075044-68EE9D84.LOG c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\LOGFILES\AVSCAN-20100602-075604-B927E370.LOG c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\LOGFILES\AVSCAN-20100602-080708-0367FBAC.LOG c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\LOGFILES\AVSCAN-20100602-080807-4AB7584A.LOG c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\LOGFILES\sched.log c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\LOGFILES\setup.log c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\LOGFILES\Upd-2010-06-02-07-48-16.log c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\PROFILES\folder.avp c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\PROFILES\rootkit.avp c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\REPORTS\27eb4658.avl c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\REPORTS\2e438d70.avl c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\REPORTS\4a5cc743.avl c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\REPORTS\4dd9b3bb.avl c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\REPORTS\4e3c16a2.avl c:\documents and settings\JCP\Application Data\Uniblue c:\documents and settings\JCP\Application Data\Uniblue\RegistryBooster 2010\error.log c:\documents and settings\JCP\Application Data\Uniblue\RegistryBooster 2010\history\latest_scan_results.html c:\documents and settings\JCP\Application Data\Uniblue\RegistryBooster 2010\last_scan.dat c:\documents and settings\JCP\Application Data\Uniblue\RegistryBooster 2010\settings.dat c:\documents and settings\JCP\Application Data\Uniblue\RegistryBooster\backup\20100602.015619.zip c:\documents and settings\JCP\Application Data\Uniblue\RegistryBooster\error.log c:\documents and settings\JCP\Application Data\Uniblue\RegistryBooster\history\20100602-015531_repair.xml c:\documents and settings\JCP\Application Data\Uniblue\RegistryBooster\history\latest_scan_results.html c:\documents and settings\JCP\Application Data\Uniblue\RegistryBooster\last_scan.dat c:\documents and settings\JCP\Application Data\Uniblue\RegistryBooster\settings.dat c:\documents and settings\JCP\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe c:\program files\Avira c:\program files\Avira\AntiVir Desktop\about.htm c:\program files\Avira\AntiVir Desktop\aelidb.dat c:\program files\Avira\AntiVir Desktop\aeset.dat c:\program files\Avira\AntiVir Desktop\aevdf.dat c:\program files\Avira\AntiVir Desktop\alldiscs.avp c:\program files\Avira\AntiVir Desktop\alldrives.avp c:\program files\Avira\AntiVir Desktop\antivir.oem c:\program files\Avira\AntiVir Desktop\antivir0.rdf c:\program files\Avira\AntiVir Desktop\avscan.dat c:\program files\Avira\AntiVir Desktop\avwin.chm c:\program files\Avira\AntiVir Desktop\build.dat c:\program files\Avira\AntiVir Desktop\ccplg.xml c:\program files\Avira\AntiVir Desktop\default.wav c:\program files\Avira\AntiVir Desktop\eula.txt c:\program files\Avira\AntiVir Desktop\FAILSAFE\aelidb.dat c:\program files\Avira\AntiVir Desktop\FAILSAFE\aeset.dat c:\program files\Avira\AntiVir Desktop\FAILSAFE\aevdf.dat c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase000.vdf c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase001.vdf c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase002.vdf c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase003.vdf c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase004.vdf c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase005.vdf c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase006.vdf c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase007.vdf c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase008.vdf c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase009.vdf c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase010.vdf c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase011.vdf c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase012.vdf c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase013.vdf c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase014.vdf c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase015.vdf c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase016.vdf c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase017.vdf c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase018.vdf c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase019.vdf c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase020.vdf c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase021.vdf c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase022.vdf c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase023.vdf c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase024.vdf c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase025.vdf c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase026.vdf c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase027.vdf c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase028.vdf c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase029.vdf c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase030.vdf c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase031.vdf c:\program files\Avira\AntiVir Desktop\gavid.xsl c:\program files\Avira\AntiVir Desktop\hbedv.key c:\program files\Avira\AntiVir Desktop\mydocs.avp c:\program files\Avira\AntiVir Desktop\prefix_msg.avr c:\program files\Avira\AntiVir Desktop\process.avp c:\program files\Avira\AntiVir Desktop\prodinfo.dat c:\program files\Avira\AntiVir Desktop\quicksysscan.avp c:\program files\Avira\AntiVir Desktop\readme.txt c:\program files\Avira\AntiVir Desktop\rmdiscs.avp c:\program files\Avira\AntiVir Desktop\setupprf.dat c:\program files\Avira\AntiVir Desktop\sweb.zip c:\program files\Avira\AntiVir Desktop\sysdir.avp c:\program files\Avira\AntiVir Desktop\sysscan.avp c:\program files\Avira\AntiVir Desktop\vbase000.vdf c:\program files\Avira\AntiVir Desktop\vbase001.vdf c:\program files\Avira\AntiVir Desktop\vbase002.vdf c:\program files\Avira\AntiVir Desktop\vbase003.vdf c:\program files\Avira\AntiVir Desktop\vbase004.vdf c:\program files\Avira\AntiVir Desktop\vbase005.vdf c:\program files\Avira\AntiVir Desktop\vbase006.vdf c:\program files\Avira\AntiVir Desktop\vbase007.vdf c:\program files\Avira\AntiVir Desktop\vbase008.vdf c:\program files\Avira\AntiVir Desktop\vbase009.vdf c:\program files\Avira\AntiVir Desktop\vbase010.vdf c:\program files\Avira\AntiVir Desktop\vbase011.vdf c:\program files\Avira\AntiVir Desktop\vbase012.vdf c:\program files\Avira\AntiVir Desktop\vbase013.vdf c:\program files\Avira\AntiVir Desktop\vbase014.vdf c:\program files\Avira\AntiVir Desktop\vbase015.vdf c:\program files\Avira\AntiVir Desktop\vbase016.vdf c:\program files\Avira\AntiVir Desktop\vbase017.vdf c:\program files\Avira\AntiVir Desktop\vbase018.vdf c:\program files\Avira\AntiVir Desktop\vbase019.vdf c:\program files\Avira\AntiVir Desktop\vbase020.vdf c:\program files\Avira\AntiVir Desktop\vbase021.vdf c:\program files\Avira\AntiVir Desktop\vbase022.vdf c:\program files\Avira\AntiVir Desktop\vbase023.vdf c:\program files\Avira\AntiVir Desktop\vbase024.vdf c:\program files\Avira\AntiVir Desktop\vbase025.vdf c:\program files\Avira\AntiVir Desktop\vbase026.vdf c:\program files\Avira\AntiVir Desktop\vbase027.vdf c:\program files\Avira\AntiVir Desktop\vbase028.vdf c:\program files\Avira\AntiVir Desktop\vbase029.vdf c:\program files\Avira\AntiVir Desktop\vbase030.vdf c:\program files\Avira\AntiVir Desktop\vbase031.vdf c:\program files\Avira\AntiVir Desktop\weblink.url c:\program files\Uniblue c:\program files\Uniblue\RegistryBooster\cache.dll c:\program files\Uniblue\RegistryBooster\cwebpage.dll c:\program files\Uniblue\RegistryBooster\InstallerExtensions.dll c:\program files\Uniblue\RegistryBooster\intermediate_views.dat c:\program files\Uniblue\RegistryBooster\Launcher.exe c:\program files\Uniblue\RegistryBooster\library.dat c:\program files\Uniblue\RegistryBooster\locale\br\br.dll c:\program files\Uniblue\RegistryBooster\locale\br\LC_MESSAGES\messages.mo c:\program files\Uniblue\RegistryBooster\locale\de\de.dll c:\program files\Uniblue\RegistryBooster\locale\de\LC_MESSAGES\messages.mo c:\program files\Uniblue\RegistryBooster\locale\dk\dk.dll c:\program files\Uniblue\RegistryBooster\locale\dk\LC_MESSAGES\messages.mo c:\program files\Uniblue\RegistryBooster\locale\en\en.dll c:\program files\Uniblue\RegistryBooster\locale\en\LC_MESSAGES\messages.mo c:\program files\Uniblue\RegistryBooster\locale\es\es.dll c:\program files\Uniblue\RegistryBooster\locale\es\LC_MESSAGES\messages.mo c:\program files\Uniblue\RegistryBooster\locale\fi\fi.dll c:\program files\Uniblue\RegistryBooster\locale\fi\LC_MESSAGES\messages.mo c:\program files\Uniblue\RegistryBooster\locale\fr\fr.dll c:\program files\Uniblue\RegistryBooster\locale\fr\LC_MESSAGES\messages.mo c:\program files\Uniblue\RegistryBooster\locale\gr\gr.dll c:\program files\Uniblue\RegistryBooster\locale\gr\LC_MESSAGES\messages.mo c:\program files\Uniblue\RegistryBooster\locale\it\it.dll c:\program files\Uniblue\RegistryBooster\locale\it\LC_MESSAGES\messages.mo c:\program files\Uniblue\RegistryBooster\locale\jp\jp.dll c:\program files\Uniblue\RegistryBooster\locale\jp\LC_MESSAGES\messages.mo c:\program files\Uniblue\RegistryBooster\locale\nl\LC_MESSAGES\messages.mo c:\program files\Uniblue\RegistryBooster\locale\nl\nl.dll c:\program files\Uniblue\RegistryBooster\locale\no\LC_MESSAGES\messages.mo c:\program files\Uniblue\RegistryBooster\locale\no\no.dll c:\program files\Uniblue\RegistryBooster\locale\pl\LC_MESSAGES\messages.mo c:\program files\Uniblue\RegistryBooster\locale\pl\pl.dll c:\program files\Uniblue\RegistryBooster\locale\pt\LC_MESSAGES\messages.mo c:\program files\Uniblue\RegistryBooster\locale\pt\pt.dll c:\program files\Uniblue\RegistryBooster\locale\ru\LC_MESSAGES\messages.mo c:\program files\Uniblue\RegistryBooster\locale\ru\ru.dll c:\program files\Uniblue\RegistryBooster\locale\se\LC_MESSAGES\messages.mo c:\program files\Uniblue\RegistryBooster\locale\se\se.dll c:\program files\Uniblue\RegistryBooster\locale\tr\LC_MESSAGES\messages.mo c:\program files\Uniblue\RegistryBooster\locale\tr\tr.dll c:\program files\Uniblue\RegistryBooster\Microsoft.VC90.CRT.manifest c:\program files\Uniblue\RegistryBooster\msvcp90.dll c:\program files\Uniblue\RegistryBooster\msvcr90.dll c:\program files\Uniblue\RegistryBooster\registrybooster.exe c:\program files\Uniblue\RegistryBooster\repair_transform.xsl c:\program files\Uniblue\RegistryBooster\unins000.dat c:\program files\Uniblue\RegistryBooster\unins000.exe c:\program files\Uniblue\RegistryBooster\views.dat c:\windows\TEMP\logishrd\LVPrcInj01.dll . ((((((((((((((((((((((((( Files Created from 2010-05-03 to 2010-06-03 ))))))))))))))))))))))))))))))) . 2010-06-03 03:55 . 2010-06-03 03:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-06-03 03:55 . 2010-06-03 04:00 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-06-03 03:55 . 2010-06-03 03:55 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-06-03 03:55 . 2010-06-03 04:00 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-06-03 03:54 . 2010-06-03 14:02 -------- d-----w- c:\windows\system32\drivers\Avg 2010-06-03 03:54 . 2010-06-03 03:54 -------- d-----w- c:\program files\AVG 2010-06-03 03:54 . 2010-06-03 03:54 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-06-03 02:47 . 2010-06-03 02:47 8734 ----a-w- C:\cc_20100602_224741.reg 2010-06-03 02:14 . 2010-06-03 02:14 -------- d-----w- c:\windows\system32\wbem\Repository 2010-06-03 01:54 . 2010-06-03 02:13 -------- d-----w- c:\windows\BDOSCAN8 2010-06-03 00:38 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-03 00:13 . 2001-08-18 02:36 94720 ----a-w- c:\windows\system32\dllcache\umaxud32.dll 2010-06-03 00:12 . 2001-08-17 16:51 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys 2010-06-03 00:11 . 2001-08-17 18:05 31872 ----a-w- c:\windows\system32\dllcache\ovce.sys 2010-06-03 00:10 . 2002-08-29 11:00 34304 ----a-w- c:\windows\system32\dllcache\migisol.exe 2010-06-03 00:09 . 2002-08-29 11:00 10096640 ----a-w- c:\windows\system32\dllcache\hwxcht.dll 2010-06-03 00:08 . 2008-04-13 18:39 206976 ----a-w- c:\windows\system32\dllcache\dot4.sys 2010-06-03 00:07 . 2001-08-17 17:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys 2010-06-02 07:33 . 2010-06-02 07:33 -------- d-----w- C:\$AVG 2010-05-17 07:33 . 2010-05-17 07:33 460 ----a-w- C:\cc_20100517_033336.reg 2010-05-12 02:59 . 2010-05-12 02:59 2600 ----a-w- C:\cc_20100511_225943.reg . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-03 20:38 . 2003-11-11 13:47 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat 2010-06-03 20:38 . 2003-11-11 13:47 288 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat 2010-06-03 18:02 . 2003-11-18 20:49 -------- d-----w- c:\program files\Common Files\Adobe 2010-06-03 02:46 . 2004-06-13 06:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-06-02 22:25 . 2010-01-29 05:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-01 01:39 . 2007-11-20 01:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-04-29 19:39 . 2010-01-29 05:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:39 . 2010-01-29 05:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-24 06:21 . 2010-04-24 06:21 6074 ----a-w- C:\cc_20100424_022103.reg 2010-04-24 05:35 . 2010-03-26 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit 2010-04-21 20:11 . 2009-03-29 03:01 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-04-21 20:11 . 2009-03-29 03:01 0 ----a-w- c:\windows\system32\drivers\logiflt.iad 2010-04-19 06:39 . 2010-04-19 06:39 460 ----a-w- C:\cc_20100419_023906.reg 2010-04-12 07:32 . 2010-04-12 07:32 10018 ----a-w- C:\cc_20100412_033213.reg 2010-04-08 18:36 . 2010-02-19 06:37 -------- d-----w- c:\program files\Electronic Arts 2010-04-08 08:36 . 2007-04-07 17:46 -------- d-----w- c:\documents and settings\JCP\Application Data\OpenOffice.org2 2010-04-08 05:38 . 2010-04-08 05:38 -------- d-----w- c:\program files\AGEIA Technologies 2010-04-08 05:37 . 2003-11-18 02:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-04-08 05:34 . 2009-05-26 02:07 -------- d-----w- c:\program files\SystemRequirementsLab 2010-04-04 22:42 . 2010-04-04 22:42 -------- d-----w- c:\program files\Common Files\EasyInfo 2010-04-04 21:37 . 2010-03-17 06:36 -------- d-----w- c:\program files\EA GAMES 2010-04-04 21:37 . 2003-11-11 13:38 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-03 02:06 . 2010-04-03 02:06 48870 ----a-w- C:\cc_20100402_220603.reg 2010-03-17 07:44 . 2008-08-22 15:59 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2009-11-04 08:08 . 2009-10-28 23:20 372805 ----a-w- c:\program files\uninstal.log 2009-10-11 07:19 . 2009-10-05 20:33 23751680 ----a-w- c:\program files\Independence Free.dll 2004-08-04 07:56 . 2005-02-16 23:13 73728 --sha-w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe 2006-05-03 09:06 . 2008-08-22 07:51 163328 --sh--r- c:\windows\SYSTEM32\flvDX.dll 2007-02-21 10:47 . 2008-08-22 07:51 31232 --sh--r- c:\windows\SYSTEM32\msfDX.dll 2008-03-16 12:30 . 2008-08-22 07:51 216064 --sh--r- c:\windows\SYSTEM32\nbDX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}] 2010-03-26 08:56 2447360 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152] "CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056] "CTHelper"="CTHELPER.EXE" [2003-02-20 28672] "AsioReg"="CTASIO.DLL" [2003-02-20 110592] "DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672] "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968] "SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-08-13 2532576] "WinFast2KLoadDefault"="wf2kcpl.dll" [2005-08-24 615424] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-17 1197648] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "nwiz"="nwiz.exe" [2008-05-16 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-06-03 03:55 12464 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^JCP^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\JCP\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^JCP^Start Menu^Programs^Startup^Logitech . Product Registration.lnk] path=c:\documents and settings\JCP\Start Menu\Programs\Startup\Logitech . Product Registration.lnk backup=c:\windows\pss\Logitech . Product Registration.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^JCP^Start Menu^Programs^Startup^MEMonitor.lnk] path=c:\documents and settings\JCP\Start Menu\Programs\Startup\MEMonitor.lnk backup=c:\windows\pss\MEMonitor.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-09-21 20:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2008-08-14 21:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ---h--w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2006-09-28 18:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard] 2003-02-13 05:01 155648 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 07:00 90112 ------w- c:\windows\Updreg.EXE [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Motorola\\Software Update\\msu.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"= "c:\\Program Files\\REAPER\\reaper.exe"= "c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"= "c:\\Program Files\\EA GAMES\\MOHAA\\moh_spearhead.exe"= "c:\\Program Files\\EA GAMES\\MOHAA\\moh_Breakthrough.exe"= "c:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault\\mohpa.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [6/2/2010 11:55 PM 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [6/2/2010 11:55 PM 242896] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/2/2010 11:54 PM 308064] R3 WFsys;WinFox Control I/O Driver;c:\windows\SYSTEM32\DRIVERS\wfsys.sys [3/15/2006 11:21 PM 13692] R4 WINFOXIO;WINFOXIO;c:\windows\SYSTEM32\DRIVERS\WINFOXIO.sys [3/15/2006 11:21 PM 9600] S3 Bulk503;Chameleon Mega Digital Camera;c:\windows\system32\Drivers\Bulk503.sys --> c:\windows\system32\Drivers\Bulk503.sys [?] S3 CEUSBAUD;DigiTech USB MIDI Driver;c:\windows\SYSTEM32\DRIVERS\ceusbaud.sys [11/2/2009 2:45 PM 17920] S3 ISO503;Chameleon Mega Video Camera;c:\windows\system32\Drivers\ISO503.SYS --> c:\windows\system32\Drivers\ISO503.SYS [?] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\SYSTEM32\DRIVERS\motccgp.sys [3/25/2008 9:18 PM 17920] S3 motccgpfl;MotCcgpFlService;c:\windows\SYSTEM32\DRIVERS\motccgpfl.sys [3/25/2008 6:02 PM 7680] S3 MotDev;Motorola Inc. USB Device;c:\windows\SYSTEM32\DRIVERS\motodrv.sys [3/25/2008 9:18 PM 42112] S3 motport;Motorola USB Diagnostic Port;c:\windows\SYSTEM32\DRIVERS\motport.sys [3/25/2008 9:18 PM 23680] S3 NdUsbMsn;ARESCOM USB Network Adapter;c:\windows\SYSTEM32\DRIVERS\NdusbMsn.sys [12/15/2003 1:02 AM 18023] S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\SYSTEM32\DRIVERS\tj2knd5.sys [3/1/2004 3:53 PM 17616] S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\SYSTEM32\DRIVERS\tj2kunic.sys [3/1/2004 3:53 PM 69680] S4 gupdate1c9b1bf8dd0b46;Google Update Service (gupdate1c9b1bf8dd0b46);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?] . Contents of the 'Scheduled Tasks' folder 2010-05-20 c:\windows\Tasks\videopadShakeIcon.job - c:\program files\NCH Software\VideoPad\videopad.exe [2010-02-10 16:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://my.yahoo.com/ uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/ uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\program files\DAP\dapextie.htm IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\windowsupdate DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab DPF: {A31CCCB0-46A8-11D3-A726-005004B35102} - hxxp://download.actify.com/SpinFire/SFViewerWeb.cab FF - ProfilePath - c:\documents and settings\JCP\Application Data\Mozilla\Firefox\Profiles\ytcknmzy.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll FF - component: c:\program files\SpeedBit Video Downloader\SPFireFox\components\Engine.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-03 16:41 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-4219478335-2690520323-3167005626-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:dc,3e,72,cc,c8,91,64,a3,c8,f3,83,a3,22,82,f2,44,1f,f1,ba,5a,26,f6,82, 3e,b8,41,a8,99,14,6c,10,6b,a2,fa,f7,1b,85,dd,6f,0e,0d,b9,e0,9c,b8,1f,36,82,\ "??"=hex:2f,b6,6f,45,ee,e2,ec,0a,29,d5,69,d3,55,fd,2c,18 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(7420) c:\windows\system32\WININET.dll c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\program files\Logitech\MouseWare\System\LgWndHk.dll c:\windows\system32\ctagent.dll c:\windows\system32\ieframe.dll c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll c:\windows\system32\SSSensor.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\we.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Sygate\SPF\smc.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\System32\CTsvcCDA.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\program files\AVG\AVG9\avgnsx.exe c:\windows\System32\MsPMSPSv.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\windows\system32\wscntfy.exe c:\windows\system32\CTHELPER.EXE c:\program files\Logitech\MouseWare\system\em_exec.exe c:\windows\system32\RUNDLL32.EXE . ************************************************************************** . Completion time: 2010-06-03 16:50:49 - machine was rebooted ComboFix-quarantined-files.txt 2010-06-03 20:50 ComboFix2.txt 2010-06-03 19:57 Pre-Run: 7,553,261,568 bytes free Post-Run: 7,513,698,304 bytes free - - End Of File - - 40F92395F4A49D65D7C6A0BDF2B37985
  4. capthook
    WOW!! Awesome!! Ran combofix and it also installed windows recovery console. 'C' drive is now available in Device Manager and Disk Manager, and hard drive constant running has ended. Window update site is now available. And posting here is now available. (was using other computer for posting as only browsing your forum was working) Ten stars and two thumbs up! Here is the comboxfix log: ComboFix 10-06-02.04 - JCP 06/03/2010 15:41:43.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.593 [GMT -4:00] Running from: c:\documents and settings\JCP\Desktop\Combo-Fix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\JCP\DesktopAqd1B3_cfdg.exe c:\documents and settings\JCP\DesktopFvE7Si_cfdg.exe c:\documents and settings\JCP\DesktopLki3V6_cfdg.exe c:\documents and settings\JCP\DesktopLlQ7Tv_cfdg.exe c:\documents and settings\JCP\DesktopPgv3F4_cfdg.exe c:\documents and settings\JCP\DesktopXjD486_cfdg.exe c:\program files\SpeedBit Video Downloader\Toolbar\tbhelper.dll C:\Thumbs.db Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((( Files Created from 2010-05-03 to 2010-06-03 ))))))))))))))))))))))))))))))) . 2010-06-03 04:01 . 2010-06-03 04:01 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys 2010-06-03 04:01 . 2010-06-03 04:01 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-06-03 03:55 . 2010-06-03 03:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-06-03 03:55 . 2010-06-03 04:00 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-06-03 03:55 . 2010-06-03 03:55 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-06-03 03:55 . 2010-06-03 04:00 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-06-03 03:54 . 2010-06-03 14:02 -------- d-----w- c:\windows\system32\drivers\Avg 2010-06-03 03:54 . 2010-06-03 03:54 -------- d-----w- c:\program files\AVG 2010-06-03 03:54 . 2010-06-03 03:54 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-06-03 02:47 . 2010-06-03 02:47 8734 ----a-w- C:\cc_20100602_224741.reg 2010-06-03 02:14 . 2010-06-03 02:14 -------- d-----w- c:\windows\system32\wbem\Repository 2010-06-03 01:54 . 2010-06-03 02:13 -------- d-----w- c:\windows\BDOSCAN8 2010-06-03 00:38 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-03 00:13 . 2001-08-18 02:36 94720 ----a-w- c:\windows\system32\dllcache\umaxud32.dll 2010-06-03 00:12 . 2001-08-17 16:51 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys 2010-06-03 00:11 . 2001-08-17 18:05 31872 ----a-w- c:\windows\system32\dllcache\ovce.sys 2010-06-03 00:10 . 2002-08-29 11:00 34304 ----a-w- c:\windows\system32\dllcache\migisol.exe 2010-06-03 00:09 . 2002-08-29 11:00 10096640 ----a-w- c:\windows\system32\dllcache\hwxcht.dll 2010-06-03 00:08 . 2008-04-13 18:39 206976 ----a-w- c:\windows\system32\dllcache\dot4.sys 2010-06-03 00:07 . 2001-08-17 17:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys 2010-06-02 11:46 . 2010-06-02 11:46 -------- d-----w- c:\program files\Avira 2010-06-02 11:46 . 2010-06-02 11:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-06-02 07:33 . 2010-06-02 07:33 -------- d-----w- C:\$AVG 2010-05-17 07:33 . 2010-05-17 07:33 460 ----a-w- C:\cc_20100517_033336.reg 2010-05-12 02:59 . 2010-05-12 02:59 2600 ----a-w- C:\cc_20100511_225943.reg . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-03 19:38 . 2003-11-11 13:47 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat 2010-06-03 19:38 . 2003-11-11 13:47 288 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat 2010-06-03 18:03 . 2009-04-12 01:03 -------- d-----w- c:\program files\Uniblue 2010-06-03 18:02 . 2003-11-18 20:49 -------- d-----w- c:\program files\Common Files\Adobe 2010-06-03 02:46 . 2004-06-13 06:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-06-02 22:25 . 2007-10-08 15:10 -------- d-----w- c:\documents and settings\JCP\Application Data\Uniblue 2010-06-02 22:25 . 2010-01-29 05:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-01 01:39 . 2007-11-20 01:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-04-29 19:39 . 2010-01-29 05:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:39 . 2010-01-29 05:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-24 06:21 . 2010-04-24 06:21 6074 ----a-w- C:\cc_20100424_022103.reg 2010-04-24 05:35 . 2010-03-26 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit 2010-04-21 20:11 . 2009-03-29 03:01 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-04-21 20:11 . 2009-03-29 03:01 0 ----a-w- c:\windows\system32\drivers\logiflt.iad 2010-04-19 06:39 . 2010-04-19 06:39 460 ----a-w- C:\cc_20100419_023906.reg 2010-04-12 07:32 . 2010-04-12 07:32 10018 ----a-w- C:\cc_20100412_033213.reg 2010-04-08 18:36 . 2010-02-19 06:37 -------- d-----w- c:\program files\Electronic Arts 2010-04-08 08:36 . 2007-04-07 17:46 -------- d-----w- c:\documents and settings\JCP\Application Data\OpenOffice.org2 2010-04-08 05:38 . 2010-04-08 05:38 -------- d-----w- c:\program files\AGEIA Technologies 2010-04-08 05:37 . 2003-11-18 02:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-04-08 05:34 . 2009-05-26 02:07 -------- d-----w- c:\program files\SystemRequirementsLab 2010-04-04 22:42 . 2010-04-04 22:42 -------- d-----w- c:\program files\Common Files\EasyInfo 2010-04-04 21:37 . 2010-03-17 06:36 -------- d-----w- c:\program files\EA GAMES 2010-04-04 21:37 . 2003-11-11 13:38 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-03 02:06 . 2010-04-03 02:06 48870 ----a-w- C:\cc_20100402_220603.reg 2010-03-26 09:01 . 2010-03-26 09:01 95744 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll 2010-03-17 07:44 . 2008-08-22 15:59 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2009-11-04 08:08 . 2009-10-28 23:20 372805 ----a-w- c:\program files\uninstal.log 2009-10-11 07:19 . 2009-10-05 20:33 23751680 ----a-w- c:\program files\Independence Free.dll 2004-08-04 07:56 . 2005-02-16 23:13 73728 --sha-w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe 2006-05-03 09:06 . 2008-08-22 07:51 163328 --sh--r- c:\windows\SYSTEM32\flvDX.dll 2007-02-21 10:47 . 2008-08-22 07:51 31232 --sh--r- c:\windows\SYSTEM32\msfDX.dll 2008-03-16 12:30 . 2008-08-22 07:51 216064 --sh--r- c:\windows\SYSTEM32\nbDX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}] 2010-03-26 08:56 2447360 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152] "CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056] "CTHelper"="CTHELPER.EXE" [2003-02-20 28672] "AsioReg"="CTASIO.DLL" [2003-02-20 110592] "DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672] "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968] "SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-08-13 2532576] "WinFast2KLoadDefault"="wf2kcpl.dll" [2005-08-24 615424] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-17 1197648] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "nwiz"="nwiz.exe" [2008-05-16 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] c:\documents and settings\JCP\Start Menu\Programs\Startup\ PowerReg Scheduler V3.exe [2009-10-13 225280] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-06-03 03:55 12464 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^JCP^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\JCP\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^JCP^Start Menu^Programs^Startup^Logitech . Product Registration.lnk] path=c:\documents and settings\JCP\Start Menu\Programs\Startup\Logitech . Product Registration.lnk backup=c:\windows\pss\Logitech . Product Registration.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^JCP^Start Menu^Programs^Startup^MEMonitor.lnk] path=c:\documents and settings\JCP\Start Menu\Programs\Startup\MEMonitor.lnk backup=c:\windows\pss\MEMonitor.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-09-21 20:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2008-08-14 21:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ---h--w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2006-09-28 18:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard] 2003-02-13 05:01 155648 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 07:00 90112 ------w- c:\windows\Updreg.EXE [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Motorola\\Software Update\\msu.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"= "c:\\Program Files\\REAPER\\reaper.exe"= "c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"= "c:\\Program Files\\EA GAMES\\MOHAA\\moh_spearhead.exe"= "c:\\Program Files\\EA GAMES\\MOHAA\\moh_Breakthrough.exe"= "c:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault\\mohpa.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [6/2/2010 11:55 PM 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [6/2/2010 11:55 PM 242896] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/2/2010 11:54 PM 308064] R3 WFsys;WinFox Control I/O Driver;c:\windows\SYSTEM32\DRIVERS\wfsys.sys [3/15/2006 11:21 PM 13692] S3 Bulk503;Chameleon Mega Digital Camera;c:\windows\system32\Drivers\Bulk503.sys --> c:\windows\system32\Drivers\Bulk503.sys [?] S3 CEUSBAUD;DigiTech USB MIDI Driver;c:\windows\SYSTEM32\DRIVERS\ceusbaud.sys [11/2/2009 2:45 PM 17920] S3 ISO503;Chameleon Mega Video Camera;c:\windows\system32\Drivers\ISO503.SYS --> c:\windows\system32\Drivers\ISO503.SYS [?] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\SYSTEM32\DRIVERS\motccgp.sys [3/25/2008 9:18 PM 17920] S3 motccgpfl;MotCcgpFlService;c:\windows\SYSTEM32\DRIVERS\motccgpfl.sys [3/25/2008 6:02 PM 7680] S3 MotDev;Motorola Inc. USB Device;c:\windows\SYSTEM32\DRIVERS\motodrv.sys [3/25/2008 9:18 PM 42112] S3 motport;Motorola USB Diagnostic Port;c:\windows\SYSTEM32\DRIVERS\motport.sys [3/25/2008 9:18 PM 23680] S3 NdUsbMsn;ARESCOM USB Network Adapter;c:\windows\SYSTEM32\DRIVERS\NdusbMsn.sys [12/15/2003 1:02 AM 18023] S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\SYSTEM32\DRIVERS\tj2knd5.sys [3/1/2004 3:53 PM 17616] S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\SYSTEM32\DRIVERS\tj2kunic.sys [3/1/2004 3:53 PM 69680] S4 gupdate1c9b1bf8dd0b46;Google Update Service (gupdate1c9b1bf8dd0b46);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?] . Contents of the 'Scheduled Tasks' folder 2010-05-20 c:\windows\Tasks\videopadShakeIcon.job - c:\program files\NCH Software\VideoPad\videopad.exe [2010-02-10 16:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://my.yahoo.com/ uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/ uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\program files\DAP\dapextie.htm IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\windowsupdate DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab DPF: {A31CCCB0-46A8-11D3-A726-005004B35102} - hxxp://download.actify.com/SpinFire/SFViewerWeb.cab FF - ProfilePath - c:\documents and settings\JCP\Application Data\Mozilla\Firefox\Profiles\ytcknmzy.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll FF - component: c:\program files\SpeedBit Video Downloader\SPFireFox\components\Engine.dll FF - plugin: c:\documents and settings\JCP\Application Data\Move Networks\plugins\npqmp071505000010.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\windows\system32\npmirage.dll FF - plugin: c:\windows\system32\npwmsdrm.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) Notify-gebcd - gebcd.dll MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe MSConfigStartUp-Motive SmartBridge - c:\progra~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-03 15:53 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant] "ImagePath"="" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-4219478335-2690520323-3167005626-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:dc,3e,72,cc,c8,91,64,a3,c8,f3,83,a3,22,82,f2,44,1f,f1,ba,5a,26,f6,82, 3e,b8,41,a8,99,14,6c,10,6b,a2,fa,f7,1b,85,dd,6f,0e,0d,b9,e0,9c,b8,1f,36,82,\ "??"=hex:2f,b6,6f,45,ee,e2,ec,0a,29,d5,69,d3,55,fd,2c,18 . Completion time: 2010-06-03 15:57:54 ComboFix-quarantined-files.txt 2010-06-03 19:57 Pre-Run: 7,328,460,800 bytes free Post-Run: 7,545,982,976 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn - - End Of File - - DC7E5A32A34265144CF9411ACB487051 Appears all has been fixed! You have been an amazing help and your site/product is awesome!! Anything I can do for you in return? All the best and great thanks!!
  5. capthook
    Thank you so much for your help and your quick reply! Uninstalled the following applications: 1.Adobe Acrobat 5.0 2.Adobe Reader 9.2 3.Uniblue ProcessScanner - Removed ALL versions of JAVA - Ran JavaRa - JavaRa.log attached - additional Java folders deleted - Performed Quick Scan - fresh DDS log JavaRa 1.15 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Thu Jun 03 14:13:17 2010 Found and removed: C:\Program Files\Java\j2re1.4.1_02Found and removed: C:\Program Files\Java\j2re1.4.2Found and removed: C:\Program Files\Java\jre1.6.0_03Found and removed: C:\Windows\System32\jpicpl32.cplFound and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142000}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\javaw.ExeFound and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Java Web StartFound and removed: Software\JavaSoft\Java2D\1.5.0_09Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EFCE5837-FC21-11D6-9D24-00010240CE95}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142000}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D410200Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410200Found and removed: SOFTWARE\Classes\JavaPlugin.141_02Found and removed: SOFTWARE\Classes\JavaPlugin.142Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.1_02Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.1_02Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}Found and removed: Software\Classes\JavaPlugin.141_02Found and removed: Software\Classes\JavaPlugin.142Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACB9B14518A96D117A58000B0D410200Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\------------------------------------Finished reporting. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4167 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/3/2010 2:35:45 PM mbam-log-2010-06-03 (14-35-45).txt Scan type: Quick scan Objects scanned: 130988 Time elapsed: 13 minute(s), 31 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS (Ver_10-03-17.01) - NTFSx86 Run by JCP at 14:40:03.64 on Thu 06/03/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.504 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\Sygate\SPF\smc.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\Explorer.EXE svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\System32\DSentry.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\JCP\Desktop\Spybot etc\Malwarebytes tools\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://my.yahoo.com/ uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*http://www.yahoo.com uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/ uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com BHO: SBCONVERT Class: {3017fb3e-9a77-4396-88c5-0ec9548fb42f} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll BHO: SearchPredictObj Class: {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - c:\progra~1\search~1\SEARCH~1.DLL BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\speedb~1\toolbar\grabber.dll TB: {62999427-33FC-4baf-9C9C-BCE6BD127F08} - No File TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [CTSysVol] c:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe mRun: [CTDVDDet] c:\program files\creative\sbaudigy2\dvdaudio\CTDVDDet.EXE mRun: [CTHelper] CTHELPER.EXE mRun: [AsioReg] REGSVR32.EXE /S CTASIO.DLL mRun: [DVDSentry] c:\windows\system32\DSentry.exe mRun: [Logitech Utility] Logi_MwX.Exe mRun: [smcService] c:\progra~1\sygate\spf\smc.exe -startgui mRun: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe" mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe StartupFolder: c:\documents and settings\jcp\start menu\programs\startup\PowerReg Scheduler V3.exe IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm IE: &Download with &DAP - c:\program files\dap\dapextie.htm IE: Download &all with DAP - c:\program files\dap\dapextie2.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBC} IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\windowsupdate DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://ea-src-cdn.systemrequirementslab.com/curi/bin/sysreqlab_srlx.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262976849734 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260487706328 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {A31CCCB0-46A8-11D3-A726-005004B35102} - hxxp://download.actify.com/SpinFire/SFViewerWeb.cab DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: gebcd - gebcd.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\jcp\applic~1\mozilla\firefox\profiles\ytcknmzy.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll FF - component: c:\program files\speedbit video downloader\spfirefox\components\Engine.dll FF - plugin: c:\documents and settings\jcp\application data\move networks\plugins\npqmp071505000010.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\windows\system32\npmirage.dll FF - plugin: c:\windows\system32\npwmsdrm.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-6-2 216200] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-6-2 29584] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-6-2 242896] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-2 308064] R3 WFsys;WinFox Control I/O Driver;c:\windows\system32\drivers\wfsys.sys [2006-3-15 13692] R4 WINFOXIO;WINFOXIO;c:\windows\system32\drivers\WINFOXIO.sys [2006-3-15 9600] S3 Bulk503;Chameleon Mega Digital Camera;c:\windows\system32\drivers\bulk503.sys --> c:\windows\system32\drivers\Bulk503.sys [?] S3 CEUSBAUD;DigiTech USB MIDI Driver;c:\windows\system32\drivers\ceusbaud.sys [2009-11-2 17920] S3 ISO503;Chameleon Mega Video Camera;c:\windows\system32\drivers\iso503.sys --> c:\windows\system32\drivers\ISO503.SYS [?] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-3-25 17920] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-3-25 7680] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-3-25 42112] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2008-3-25 23680] S3 NdUsbMsn;ARESCOM USB Network Adapter;c:\windows\system32\drivers\NdusbMsn.sys [2003-12-15 18023] S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\system32\drivers\tj2knd5.sys [2004-3-1 17616] S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\system32\drivers\tj2kunic.sys [2004-3-1 69680] S4 gupdate1c9b1bf8dd0b46;Google Update Service (gupdate1c9b1bf8dd0b46);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?] S4 vsdatant;vsdatant; [x] =============== Created Last 30 ================ 2010-06-03 15:30:25 0 ----a-w- c:\documents and settings\jcp\defogger_reenable 2010-06-03 03:55:15 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-06-03 03:55:14 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-06-03 03:55:06 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-06-03 03:54:57 0 d-----w- c:\windows\system32\drivers\Avg 2010-06-03 03:54:39 0 d-----w- c:\program files\AVG 2010-06-03 03:54:38 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9 2010-06-03 02:47:43 8734 ----a-w- C:\cc_20100602_224741.reg 2010-06-03 02:14:06 0 d-----w- c:\windows\system32\wbem\Repository 2010-06-03 00:38:30 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-03 00:13:58 94720 ----a-w- c:\windows\system32\dllcache\umaxud32.dll 2010-06-03 00:12:59 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys 2010-06-03 00:11:59 48000 ----a-w- c:\windows\system32\dllcache\ovcam2.sys 2010-06-03 00:10:59 34304 ----a-w- c:\windows\system32\dllcache\migisol.exe 2010-06-03 00:09:57 10096640 ----a-w- c:\windows\system32\dllcache\hwxcht.dll 2010-06-03 00:08:59 206976 ----a-w- c:\windows\system32\dllcache\dot4.sys 2010-06-03 00:07:59 66082 ----a-w- c:\windows\system32\dllcache\c_10021.nls 2010-06-02 11:46:35 0 d-----w- c:\program files\Avira 2010-06-02 11:46:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira 2010-06-02 07:33:08 0 d-----w- C:\$AVG 2010-05-17 07:33:37 460 ----a-w- C:\cc_20100517_033336.reg 2010-05-12 02:59:44 2600 ----a-w- C:\cc_20100511_225943.reg ==================== Find3M ==================== 2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-24 06:21:07 6074 ----a-w- C:\cc_20100424_022103.reg 2010-04-21 20:11:55 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-04-21 20:11:53 0 ----a-w- c:\windows\system32\drivers\logiflt.iad 2010-04-19 06:39:08 460 ----a-w- C:\cc_20100419_023906.reg 2010-04-12 07:32:16 10018 ----a-w- C:\cc_20100412_033213.reg 2010-04-03 02:06:08 48870 ----a-w- C:\cc_20100402_220603.reg 2009-11-04 08:08:17 372805 ----a-w- c:\program files\uninstal.log 2009-10-11 07:19:38 23751680 ----a-w- c:\program files\Independence Free.dll 2004-08-04 07:56:57 73728 --sha-w- c:\windows\registeredpackages\{dd90d410-1823-43eb-9a16-a2331bf08799}$backup$\system\wmplayer.exe 2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll 2008-05-25 00:26:32 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052420080525\index.dat ============= FINISH: 14:42:12.21 =============== Thank you again for your help!
  6. capthook
    P.S. I also ran Defogger: it ran and said ok but didn't reboot the system
  7. capthook
    Hello Borislav - thank you!! The dds.txt was pasted in the body of my previous post. I have also now attached the file. Also attached is the attach.zip file. I tried to run gmer.exe but it froze up after a few min. of running. A couple other notes to add about windows update: - checked Hosts files, is ok - reset Internet Explorer Thanks again for you help! DDS.txt Attach.zip
  8. capthook
    DDS.txt included gmer.exe locked up DDS (Ver_10-03-17.01) - NTFSx86 Run by JCP at 11:32:19.92 on Thu 06/03/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.490 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\Sygate\SPF\smc.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\System32\DSentry.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\SYSTEM32\notepad.exe C:\Documents and Settings\JCP\Desktop\Spybot etc\Malwarebytes tools\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://my.yahoo.com/ uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*http://www.yahoo.com uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/ uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: SBCONVERT Class: {3017fb3e-9a77-4396-88c5-0ec9548fb42f} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll BHO: SearchPredictObj Class: {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - c:\progra~1\search~1\SEARCH~1.DLL BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\speedb~1\toolbar\grabber.dll TB: {62999427-33FC-4baf-9C9C-BCE6BD127F08} - No File TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [CTSysVol] c:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe mRun: [CTDVDDet] c:\program files\creative\sbaudigy2\dvdaudio\CTDVDDet.EXE mRun: [CTHelper] CTHELPER.EXE mRun: [AsioReg] REGSVR32.EXE /S CTASIO.DLL mRun: [DVDSentry] c:\windows\system32\DSentry.exe mRun: [Logitech Utility] Logi_MwX.Exe mRun: [smcService] c:\progra~1\sygate\spf\smc.exe -startgui mRun: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe" mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe StartupFolder: c:\documents and settings\jcp\start menu\programs\startup\PowerReg Scheduler V3.exe IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm IE: &Download with &DAP - c:\program files\dap\dapextie.htm IE: Download &all with DAP - c:\program files\dap\dapextie2.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\windowsupdate DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://ea-src-cdn.systemrequirementslab.com/curi/bin/sysreqlab_srlx.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262976849734 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260487706328 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {A31CCCB0-46A8-11D3-A726-005004B35102} - hxxp://download.actify.com/SpinFire/SFViewerWeb.cab DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: gebcd - gebcd.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\jcp\applic~1\mozilla\firefox\profiles\ytcknmzy.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll FF - component: c:\program files\speedbit video downloader\spfirefox\components\Engine.dll FF - plugin: c:\documents and settings\jcp\application data\move networks\plugins\npqmp071505000010.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\windows\system32\npmirage.dll FF - plugin: c:\windows\system32\npwmsdrm.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-6-2 216200] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-6-2 29584] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-6-2 242896] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-2 308064] R3 WFsys;WinFox Control I/O Driver;c:\windows\system32\drivers\wfsys.sys [2006-3-15 13692] R4 WINFOXIO;WINFOXIO;c:\windows\system32\drivers\WINFOXIO.sys [2006-3-15 9600] S3 Bulk503;Chameleon Mega Digital Camera;c:\windows\system32\drivers\bulk503.sys --> c:\windows\system32\drivers\Bulk503.sys [?] S3 CEUSBAUD;DigiTech USB MIDI Driver;c:\windows\system32\drivers\ceusbaud.sys [2009-11-2 17920] S3 ISO503;Chameleon Mega Video Camera;c:\windows\system32\drivers\iso503.sys --> c:\windows\system32\drivers\ISO503.SYS [?] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-3-25 17920] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-3-25 7680] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-3-25 42112] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2008-3-25 23680] S3 NdUsbMsn;ARESCOM USB Network Adapter;c:\windows\system32\drivers\NdusbMsn.sys [2003-12-15 18023] S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\system32\drivers\tj2knd5.sys [2004-3-1 17616] S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\system32\drivers\tj2kunic.sys [2004-3-1 69680] S4 gupdate1c9b1bf8dd0b46;Google Update Service (gupdate1c9b1bf8dd0b46);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?] S4 vsdatant;vsdatant; [x] =============== Created Last 30 ================ 2010-06-03 15:30:25 0 ----a-w- c:\documents and settings\jcp\defogger_reenable 2010-06-03 03:55:15 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-06-03 03:55:14 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-06-03 03:55:06 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-06-03 03:54:57 0 d-----w- c:\windows\system32\drivers\Avg 2010-06-03 03:54:39 0 d-----w- c:\program files\AVG 2010-06-03 03:54:38 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9 2010-06-03 02:47:43 8734 ----a-w- C:\cc_20100602_224741.reg 2010-06-03 02:14:06 0 d-----w- c:\windows\system32\wbem\Repository 2010-06-03 00:38:30 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-03 00:13:58 94720 ----a-w- c:\windows\system32\dllcache\umaxud32.dll 2010-06-03 00:12:59 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys 2010-06-03 00:11:59 48000 ----a-w- c:\windows\system32\dllcache\ovcam2.sys 2010-06-03 00:10:59 34304 ----a-w- c:\windows\system32\dllcache\migisol.exe 2010-06-03 00:09:57 10096640 ----a-w- c:\windows\system32\dllcache\hwxcht.dll 2010-06-03 00:08:59 206976 ----a-w- c:\windows\system32\dllcache\dot4.sys 2010-06-03 00:07:59 66082 ----a-w- c:\windows\system32\dllcache\c_10021.nls 2010-06-02 11:46:35 0 d-----w- c:\program files\Avira 2010-06-02 11:46:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira 2010-06-02 07:33:08 0 d-----w- C:\$AVG 2010-05-17 07:33:37 460 ----a-w- C:\cc_20100517_033336.reg 2010-05-12 02:59:44 2600 ----a-w- C:\cc_20100511_225943.reg ==================== Find3M ==================== 2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-24 06:21:07 6074 ----a-w- C:\cc_20100424_022103.reg 2010-04-21 20:11:55 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-04-21 20:11:53 0 ----a-w- c:\windows\system32\drivers\logiflt.iad 2010-04-19 06:39:08 460 ----a-w- C:\cc_20100419_023906.reg 2010-04-12 07:32:16 10018 ----a-w- C:\cc_20100412_033213.reg 2010-04-03 02:06:08 48870 ----a-w- C:\cc_20100402_220603.reg 2009-11-04 08:08:17 372805 ----a-w- c:\program files\uninstal.log 2009-10-11 07:19:38 23751680 ----a-w- c:\program files\Independence Free.dll 2004-08-04 07:56:57 73728 --sha-w- c:\windows\registeredpackages\{dd90d410-1823-43eb-9a16-a2331bf08799}$backup$\system\wmplayer.exe 2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll 2008-05-25 00:26:32 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052420080525\index.dat ============= FINISH: 11:34:44.79 ===============
  9. capthook
    Recovering from tssd.exe Removal appears to be succesful. Remaining issues: 1) unable to connect to windows update (and many sites with those in the url) 2) 'C' drive disappeared from Device Manager and Disk Management (but works fine and shows in windows explorer) 3) Most earlier 'Restore Points' won't work. Removal: A) Malwarebytes: quick scan removed several tssd.exe components and registry keys. Full scan removed 2 restore points registry keys. Malwarebytes, Spybot, AVG and a few other scanners all now show system as 'clean'. C) Registry self-checks appear ok. So trying to clean up the leftover problems: 1) windows update http://windowsupdate.microsoft.com/ : Unable to connect - similiar to no internet connection available http://www.update.microsoft.com/microsoftu...t.aspx?ln=en-us : Error number: 0x80072EFF Many searches on a fix = some sigths unable to connect as they have windowsupdate in their url? The tssd.exe didn't change my browser proxy settings - so didn't have to fix that. Cleared browser cache. Added both the windows update sites to the 'trusted sites' in security I flushed the dns cache from a Command Prompt: ipconfig /flushdns. Updated Java. Updated BITS. Checked DNS server etc. : Start > Run > cmd > ipconfig /all Changed DNS server to free google DNS: 8.8.8.8 8.8.4.4 6 hours searching/working on this with no resolution! And now - unable to post this topic from the computer at issue! Browsing/searching fine - posting just blocked?!? 2) 'C' drive disappeared Rescanned for drive information: Start/run/cmd <enter> / diskpart <enter> / rescan <enter> Checked low/high filters: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Class\{4D36E967-E325-11CE-BFC1-08002BE10318} Seems like the hard drive 'busy light' is never quite now - always a small tick-tick-tick. ?? Summary: I do believe the system has been cleaned - it's now repairing the damage left behind. Any/all help/comments/suggestions greatly appreciated. Thank you!!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.