Jump to content

kjoamo

Honorary Members
  • Posts

    25
  • Joined

  • Last visited

Everything posted by kjoamo

  1. I think I have it under control now. I will run a full scan to verify nothing was missed. Do I need to run/download any other antivirus/spyware software? Thanks for the help.
  2. ran rkill from bleepingcomputer.com and was able to finally install malwarebytes. ran a quick scan. here is the log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4383 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 8/2/2010 11:38:19 PM mbam-log-2010-08-02 (23-38-19).txt Scan type: Quick scan Objects scanned: 175306 Time elapsed: 26 minute(s), 15 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) As a side note I do have 19 files in quarantine. Do I need to remove these? Here is an updated hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:42:00 PM, on 8/2/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\winlogon.exe C:\Program Files\Citrix\GoToAssist\514\G2AProcessFactory.exe C:\WINDOWS\explorer.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-2364654632-3736382536-4217415392-1012\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Michele') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://mt202.centra.com/SiteRoots/main/Ins...raUpdaterAx.cab O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145755096125 O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53083.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} (cGameControl Class) - http://zone.msn.com/bingame/rmcb/default/RumbleCube.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...128/mcfscan.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O16 - DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} (SiteBuilderEditor Class) - http://store01.prostores.com/storeadmin/ut...es/pssbedit.cab O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Defender Pro Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 11030 bytes
  3. My system ran the update to service pack 3. So hopefully that won't mess anything up. I did a serach for REGSVR32.EXE and found several on my computer. How many copies should I have? I have a copy attached showing the search results. Thanks my_desktop.bmp
  4. I have the REGSVR32.EXE file in my c:\windows\system32 folder. I do no have access to another computer and I only have a restore windows cd. I downloaded the REGSVR32.EXE file from Microsoft and followed the instructions. When it was installing it asked if I wanted to replace the existing file and I said yes. I receive the same error 0 and 440 when I try to run Malwarebytes after installing REGSVR32.EXE from Microsoft. I am not able to reformat my hard drive. I have several program, which came preinstalled on my computer, and I can not loose. Any other suggestions?
  5. added the files as an exception in Avira - still receive run-time 0 and 440 errors.
  6. ok - fixed the files. Still receive the same run-time errors when I try to load Malwarebytes. I have always had a applesync error pop up when I restart my computer should I redownload iTunes and see if that fixes that error. The applesync error is not related to me not being able to run Maywarebytes is it? Thanks
  7. new HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:32:30 AM, on 7/31/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\winlogon.exe C:\Program Files\Citrix\GoToAssist\514\G2AProcessFactory.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file) O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-2364654632-3736382536-4217415392-1012\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Michele') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://mt202.centra.com/SiteRoots/main/Ins...raUpdaterAx.cab O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145755096125 O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53083.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} (cGameControl Class) - http://zone.msn.com/bingame/rmcb/default/RumbleCube.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...128/mcfscan.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O16 - DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} (SiteBuilderEditor Class) - http://store01.prostores.com/storeadmin/ut...es/pssbedit.cab O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Defender Pro Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 11030 bytes
  8. I ran the scan and here is the log file: C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM\lrulld.bak2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined Does it matter which user I used to run the scan? I had created a new user and ran the scan through the new user; instead of the old user. Thanks
  9. no - now I get: vbAccelerator SGrid II Control Run-time error '0' and then the next pop up window says: Malwarebytes' Anti-Malware Run-time error '440' Automation Error Thanks
  10. Ran the SFC scan still receive the error 0 and error 440. Now what?
  11. Followed all of the instructions. Receiving the same run-time error 0 and 440.
  12. ok - i will create a new account, then do I reinstall MBAM and try to run it? Thanks
  13. I uninstalled the previous versions of Malwarebytes; installed the one from your last link and still receive the following errors: vbAccelerator SGrid II Control - Run-time error '0' then when I close that pop up window I receive: Malwarebytes' Anti Malware Run-time error '440': Automation Error then when I close that pop up window I receive them both again. Now what?
  14. I still receive the run time 0 and run time 440 errors. I had a version of mbam-setup.exe already (from the last time we installed) on my computer. I downloaded the file again and I assume it saved over the last version?
  15. Here is the new log. Thanks ComboFix 10-07-19.01 - Main 07/19/2010 17:58:15.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1279.844 [GMT -4:00] Running from: c:\documents and settings\Main\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Main\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BDVEDISK -------\Service_BDVEDISK ((((((((((((((((((((((((( Files Created from 2010-06-19 to 2010-07-19 ))))))))))))))))))))))))))))))) . 2010-07-14 22:02 . 2010-04-29 16:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-07 01:44 . 2010-07-07 01:44 -------- d-----w- c:\program files\Trend Micro 2010-07-06 22:30 . 2010-07-06 22:30 -------- d-----w- c:\documents and settings\Main\Application Data\Avira 2010-07-06 22:23 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-07-06 22:23 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-07-06 22:23 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-07-06 22:23 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-07-06 22:23 . 2010-07-06 22:23 -------- d-----w- c:\program files\Avira 2010-07-06 22:23 . 2010-07-06 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-07-06 21:52 . 2010-07-06 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2010-07-06 21:52 . 2010-07-06 21:52 -------- d-----w- c:\documents and settings\Main\Application Data\Yahoo! 2010-07-02 18:46 . 2010-07-12 19:13 -------- d-----w- c:\windows\system32\NtmsData 2010-06-30 16:32 . 2010-07-06 21:13 -------- d-----w- c:\windows\BDOSCAN8 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-14 22:00 . 2009-03-30 23:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-12 04:44 . 2009-03-18 02:37 -------- d-----w- c:\documents and settings\Main\Application Data\Temp 2010-07-02 17:35 . 2009-04-13 19:13 81984 ----a-w- c:\windows\system32\bdod.bin 2010-07-01 15:16 . 2010-03-21 15:31 -------- d-----w- c:\program files\Defender Pro 2010-07-01 15:14 . 2010-03-21 16:18 132 ----a-w- c:\windows\system32\rezumatenoi.dat 2010-06-30 16:12 . 2009-09-12 20:02 -------- d-----w- c:\documents and settings\Main\Application Data\Move Networks 2010-06-29 04:04 . 2003-07-20 16:14 -------- d-----w- c:\program files\QUICKENW 2010-06-06 15:31 . 2008-12-15 01:55 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-02 18:11 . 2007-01-12 23:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-05-22 18:10 . 2003-07-20 16:10 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:56 . 2009-04-02 03:15 1850880 ----a-w- c:\windows\system32\win32k.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Conime"="c:\windows\system32\conime.exe" [2004-08-04 27648] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-17 177472] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2009-03-31 22:23 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sprecovr \SystemRoot\sprecovr.txt [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk backup=c:\windows\pss\America Online 8.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] 2002-12-17 17:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime] 2004-08-04 12:00 27648 ----a-w- c:\windows\SYSTEM32\conime.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-04 12:00 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] 2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent] 2002-04-03 06:01 135264 ----a-w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry] 2002-08-14 23:22 28672 ----a-r- c:\windows\SYSTEM32\DSentry.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor] 2008-10-22 10:54 1310720 ----a-w- c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\EKIJ5000MUI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2004-06-16 11:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-03-26 05:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-09-05 03:50 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 06:00 90112 ----a-w- c:\windows\Updreg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "VSSERV"=2 (0x2) "QBFCService"=3 (0x3) "ose"=3 (0x3) "NVSvc"=2 (0x2) "NetSvc"=3 (0x3) "LIVESRV"=2 (0x2) "KodakSvc"=2 (0x2) "Kodak AiO Network Discovery Service"=2 (0x2) "JavaQuickStarterService"=2 (0x2) "iPod Service"=3 (0x3) "IDriverT"=3 (0x3) "DSBrokerService"=3 (0x3) "Creative Service for CDROM Access"=2 (0x2) "Bonjour Service"=2 (0x2) "Arrakis3"=3 (0x3) "Apple Mobile Device"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\CentraOne\\bin\\launcher.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9322:TCP"= 9322:TCP:EKDiscovery R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/6/2010 6:23 PM 135336] S3 Arrakis3;Defender Pro Arrakis Server;"c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe" --> c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [?] S3 bdfm;BDFM;c:\windows\SYSTEM32\DRIVERS\bdfm.sys [9/16/2008 10:10 AM 108864] S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\SYSTEM32\DRIVERS\pixmcvc.sys [12/11/2004 2:37 PM 32000] S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:\windows\SYSTEM32\DRIVERS\pixmcva.sys [12/11/2004 2:39 PM 28057] S3 PIXMCVV;JVC PIX-MCV Video Capture;c:\windows\SYSTEM32\DRIVERS\pixmcvv.sys [12/11/2004 2:38 PM 21081] S4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKDiscovery.exe [1/19/2009 5:01 PM 279960] S4 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\AiO\Center\KodakSvc.exe [1/19/2009 5:02 PM 38296] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . Contents of the 'Scheduled Tasks' folder 2010-07-12 c:\windows\Tasks\AiO Home Center Registration Remind Task.job - c:\documents and settings\All Users\Application Data\Kodak\Installer\Registration.exe [2009-03-18 21:47] 2010-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxp://mt202.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - hxxp://mediaplayer.walmart.com/installer/install.cab DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} - hxxp://store01.prostores.com/storeadmin/utilities/pssbedit.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-19 18:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(660) c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll - - - - - - - > 'explorer.exe'(2936) c:\windows\system32\WININET.dll c:\program files\iTunes\iTunesMiniPlayer.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2010-07-19 18:29:54 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-19 22:29 ComboFix2.txt 2010-07-18 15:48 Pre-Run: 3,636,031,488 bytes free Post-Run: 3,648,503,808 bytes free - - End Of File - - 77A7CDCE87D2F87E034D9592FA52E1CB
  16. Here is the log from running Combo Fix. ComboFix 10-07-16.02 - Main 07/18/2010 11:11:53.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1279.868 [GMT -4:00] Running from: c:\documents and settings\Main\Desktop\Combo-Fix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator.FAMILY\GoToAssistDownloadHelper.exe c:\documents and settings\Main\GoToAssistDownloadHelper.exe c:\program files\Search Toolbar c:\program files\Search Toolbar\Cursors\cursors.xml c:\program files\Search Toolbar\rw.wzg c:\program files\Search Toolbar\xlmurin.wzg c:\program files\Search Toolbar\xzxsv.wzg c:\windows\desktop c:\windows\Downloaded Program Files\popcaploader.inf c:\windows\SET4C0.tmp c:\windows\SET565.tmp c:\windows\SET658.tmp c:\windows\SET73E.tmp c:\windows\SET821.tmp c:\windows\SET902.tmp c:\windows\SET9E7.tmp c:\windows\SETACA.tmp c:\windows\SETBAD.tmp c:\windows\SETC94.tmp c:\windows\SETD76.tmp c:\windows\SETE5A.tmp c:\windows\SETF3F.tmp c:\windows\SYSTEM\lrulld.bak2 c:\windows\system\oeminfo.ini c:\windows\system32\_000220_.tmp.dll c:\windows\system32\_002747_.tmp.dll c:\windows\system32\_002748_.tmp.dll c:\windows\system32\_002749_.tmp.dll c:\windows\system32\_002750_.tmp.dll c:\windows\system32\_002754_.tmp.dll c:\windows\system32\_002755_.tmp.dll c:\windows\system32\_002756_.tmp.dll c:\windows\system32\_002757_.tmp.dll c:\windows\system32\_002764_.tmp.dll c:\windows\system32\_002765_.tmp.dll c:\windows\system32\_002766_.tmp.dll c:\windows\system32\_002768_.tmp.dll c:\windows\system32\_002769_.tmp.dll c:\windows\system32\_002772_.tmp.dll c:\windows\system32\_002773_.tmp.dll c:\windows\system32\_002775_.tmp.dll c:\windows\system32\_002776_.tmp.dll c:\windows\system32\_002777_.tmp.dll c:\windows\system32\_002778_.tmp.dll c:\windows\system32\_002779_.tmp.dll c:\windows\system32\_002780_.tmp.dll c:\windows\system32\_002781_.tmp.dll c:\windows\system32\_002782_.tmp.dll c:\windows\system32\_002783_.tmp.dll c:\windows\system32\_002784_.tmp.dll c:\windows\system32\_002791_.tmp.dll c:\windows\system32\_002792_.tmp.dll c:\windows\system32\_002793_.tmp.dll c:\windows\system32\_002795_.tmp.dll c:\windows\system32\_002796_.tmp.dll c:\windows\system32\_002799_.tmp.dll c:\windows\system32\_002800_.tmp.dll c:\windows\system32\_002802_.tmp.dll c:\windows\system32\_002803_.tmp.dll c:\windows\system32\_002804_.tmp.dll c:\windows\system32\_002806_.tmp.dll c:\windows\system32\_002807_.tmp.dll c:\windows\system32\_002809_.tmp.dll c:\windows\system32\_002813_.tmp.dll c:\windows\system32\_002814_.tmp.dll c:\windows\system32\_002816_.tmp.dll c:\windows\system32\_002817_.tmp.dll c:\windows\system32\_002819_.tmp.dll c:\windows\system32\_002821_.tmp.dll c:\windows\system32\_002822_.tmp.dll c:\windows\system32\_002823_.tmp.dll c:\windows\system32\_002824_.tmp.dll c:\windows\system32\_002827_.tmp.dll c:\windows\system32\_002829_.tmp.dll c:\windows\system32\_002830_.tmp.dll c:\windows\system32\_002831_.tmp.dll c:\windows\system32\_002835_.tmp.dll c:\windows\system32\_002837_.tmp.dll c:\windows\system32\_003561_.tmp.dll c:\windows\system32\_003569_.tmp.dll c:\windows\system32\_003577_.tmp.dll c:\windows\system32\_003585_.tmp.dll c:\windows\system32\_003593_.tmp.dll c:\windows\system32\_003601_.tmp.dll c:\windows\system32\_003731_.tmp.dll c:\windows\system32\_003732_.tmp.dll c:\windows\system32\_003733_.tmp.dll c:\windows\system32\_003734_.tmp.dll c:\windows\system32\_003739_.tmp.dll c:\windows\system32\_003740_.tmp.dll c:\windows\system32\_003741_.tmp.dll c:\windows\system32\_003742_.tmp.dll c:\windows\system32\_003747_.tmp.dll c:\windows\system32\_003748_.tmp.dll c:\windows\system32\_003749_.tmp.dll c:\windows\system32\_003750_.tmp.dll c:\windows\system32\_003755_.tmp.dll c:\windows\system32\_003756_.tmp.dll c:\windows\system32\_003757_.tmp.dll c:\windows\system32\_003758_.tmp.dll c:\windows\system32\_003763_.tmp.dll c:\windows\system32\_003764_.tmp.dll c:\windows\system32\_003765_.tmp.dll c:\windows\system32\_003766_.tmp.dll c:\windows\system32\_003771_.tmp.dll c:\windows\system32\_003772_.tmp.dll c:\windows\system32\_003773_.tmp.dll c:\windows\system32\_003774_.tmp.dll c:\windows\system32\_003779_.tmp.dll c:\windows\system32\_003780_.tmp.dll c:\windows\system32\_003781_.tmp.dll c:\windows\system32\_003782_.tmp.dll c:\windows\system32\_003787_.tmp.dll c:\windows\system32\_003788_.tmp.dll c:\windows\system32\_003789_.tmp.dll c:\windows\system32\_003790_.tmp.dll c:\windows\system32\_003795_.tmp.dll c:\windows\system32\_003796_.tmp.dll c:\windows\system32\_003797_.tmp.dll c:\windows\system32\_003798_.tmp.dll c:\windows\system32\_003803_.tmp.dll c:\windows\system32\_003804_.tmp.dll c:\windows\system32\_003805_.tmp.dll c:\windows\system32\_003806_.tmp.dll c:\windows\system32\_003813_.tmp.dll c:\windows\system32\_003814_.tmp.dll c:\windows\system32\_003815_.tmp.dll c:\windows\system32\_003817_.tmp.dll c:\windows\system32\_003818_.tmp.dll c:\windows\system32\_003821_.tmp.dll c:\windows\system32\_003822_.tmp.dll c:\windows\system32\_003824_.tmp.dll c:\windows\system32\_003825_.tmp.dll c:\windows\system32\_003826_.tmp.dll c:\windows\system32\_003828_.tmp.dll c:\windows\system32\_003829_.tmp.dll c:\windows\system32\_003831_.tmp.dll c:\windows\system32\_003835_.tmp.dll c:\windows\system32\_003836_.tmp.dll c:\windows\system32\_003838_.tmp.dll c:\windows\system32\_003839_.tmp.dll c:\windows\system32\_003841_.tmp.dll c:\windows\system32\_003843_.tmp.dll c:\windows\system32\_003844_.tmp.dll c:\windows\system32\_003845_.tmp.dll c:\windows\system32\_003846_.tmp.dll c:\windows\system32\_003849_.tmp.dll c:\windows\system32\_003851_.tmp.dll c:\windows\system32\_003852_.tmp.dll c:\windows\system32\_003853_.tmp.dll c:\windows\system32\_003857_.tmp.dll c:\windows\system32\_004288_.tmp.dll c:\windows\system32\_004296_.tmp.dll c:\windows\system32\_004458_.tmp.dll c:\windows\system32\_004459_.tmp.dll c:\windows\system32\_004460_.tmp.dll c:\windows\system32\_004461_.tmp.dll c:\windows\system32\_004467_.tmp.dll c:\windows\system32\_004468_.tmp.dll c:\windows\system32\_004469_.tmp.dll c:\windows\system32\_004470_.tmp.dll c:\windows\system32\_004471_.tmp.dll c:\windows\system32\_004472_.tmp.dll c:\windows\system32\_004473_.tmp.dll c:\windows\system32\_004474_.tmp.dll c:\windows\system32\_004475_.tmp.dll c:\windows\system32\_004476_.tmp.dll c:\windows\system32\_004477_.tmp.dll c:\windows\system32\_004478_.tmp.dll c:\windows\system32\_004479_.tmp.dll c:\windows\system32\_004480_.tmp.dll c:\windows\system32\_004481_.tmp.dll c:\windows\system32\_004482_.tmp.dll c:\windows\system32\_004483_.tmp.dll c:\windows\system32\_004484_.tmp.dll c:\windows\system32\_004485_.tmp.dll c:\windows\system32\_004486_.tmp.dll c:\windows\system32\_004487_.tmp.dll c:\windows\system32\_004488_.tmp.dll c:\windows\system32\_004489_.tmp.dll c:\windows\system32\_004490_.tmp.dll c:\windows\system32\_004491_.tmp.dll c:\windows\system32\_004492_.tmp.dll c:\windows\system32\_004493_.tmp.dll c:\windows\system32\_004494_.tmp.dll c:\windows\system32\_004495_.tmp.dll c:\windows\system32\_004496_.tmp.dll c:\windows\system32\_004497_.tmp.dll c:\windows\system32\_004498_.tmp.dll c:\windows\system32\_004499_.tmp.dll c:\windows\system32\_004500_.tmp.dll c:\windows\system32\_004501_.tmp.dll c:\windows\system32\_004502_.tmp.dll c:\windows\system32\_004503_.tmp.dll c:\windows\system32\_004504_.tmp.dll c:\windows\system32\_004505_.tmp.dll c:\windows\system32\_004506_.tmp.dll c:\windows\system32\_004507_.tmp.dll c:\windows\system32\_004508_.tmp.dll c:\windows\system32\_004509_.tmp.dll c:\windows\system32\_004510_.tmp.dll c:\windows\system32\_004511_.tmp.dll c:\windows\system32\_004512_.tmp.dll c:\windows\system32\_004513_.tmp.dll c:\windows\system32\_004514_.tmp.dll c:\windows\system32\_004515_.tmp.dll c:\windows\system32\_004516_.tmp.dll c:\windows\system32\_004517_.tmp.dll c:\windows\system32\_004518_.tmp.dll c:\windows\system32\_004519_.tmp.dll c:\windows\system32\_004520_.tmp.dll c:\windows\system32\_004521_.tmp.dll c:\windows\system32\_004522_.tmp.dll c:\windows\system32\_004523_.tmp.dll c:\windows\system32\_004524_.tmp.dll c:\windows\system32\_004525_.tmp.dll c:\windows\system32\_004526_.tmp.dll c:\windows\system32\_004527_.tmp.dll c:\windows\system32\_004528_.tmp.dll c:\windows\system32\_004529_.tmp.dll c:\windows\system32\_004530_.tmp.dll c:\windows\system32\_004531_.tmp.dll c:\windows\system32\_004532_.tmp.dll c:\windows\system32\_004533_.tmp.dll c:\windows\system32\_004534_.tmp.dll c:\windows\system32\_004535_.tmp.dll c:\windows\system32\_004536_.tmp.dll c:\windows\system32\_004537_.tmp.dll c:\windows\system32\_004538_.tmp.dll c:\windows\system32\_004539_.tmp.dll c:\windows\system32\_004540_.tmp.dll c:\windows\system32\_004541_.tmp.dll c:\windows\system32\_004542_.tmp.dll c:\windows\system32\_004543_.tmp.dll c:\windows\system32\_004544_.tmp.dll c:\windows\system32\_004545_.tmp.dll c:\windows\system32\_004546_.tmp.dll c:\windows\system32\_004547_.tmp.dll c:\windows\system32\_004548_.tmp.dll c:\windows\system32\_004549_.tmp.dll c:\windows\system32\_004550_.tmp.dll c:\windows\system32\_004551_.tmp.dll c:\windows\system32\_004552_.tmp.dll c:\windows\system32\_004553_.tmp.dll c:\windows\system32\_004554_.tmp.dll c:\windows\system32\_004555_.tmp.dll c:\windows\system32\_004556_.tmp.dll c:\windows\system32\_004557_.tmp.dll c:\windows\system32\_004558_.tmp.dll c:\windows\system32\_004559_.tmp.dll c:\windows\system32\_004560_.tmp.dll c:\windows\system32\_004561_.tmp.dll c:\windows\system32\_004562_.tmp.dll c:\windows\system32\_004563_.tmp.dll c:\windows\system32\_004564_.tmp.dll c:\windows\system32\_004565_.tmp.dll c:\windows\system32\_004566_.tmp.dll c:\windows\system32\_004567_.tmp.dll c:\windows\system32\_004568_.tmp.dll c:\windows\system32\_004570_.tmp.dll c:\windows\system32\_004571_.tmp.dll c:\windows\system32\_004572_.tmp.dll c:\windows\system32\_004573_.tmp.dll c:\windows\system32\_004574_.tmp.dll c:\windows\system32\_004575_.tmp.dll c:\windows\system32\_004576_.tmp.dll c:\windows\system32\_004578_.tmp.dll c:\windows\system32\_004579_.tmp.dll c:\windows\system32\_004580_.tmp.dll c:\windows\system32\_004581_.tmp.dll c:\windows\system32\_004582_.tmp.dll c:\windows\system32\_004583_.tmp.dll c:\windows\system32\_004584_.tmp.dll c:\windows\system32\_004585_.tmp.dll c:\windows\system32\_004586_.tmp.dll c:\windows\system32\_004587_.tmp.dll c:\windows\system32\_004588_.tmp.dll c:\windows\system32\_004589_.tmp.dll c:\windows\system32\_004590_.tmp.dll c:\windows\system32\_004591_.tmp.dll c:\windows\system32\_004592_.tmp.dll c:\windows\system32\_004593_.tmp.dll c:\windows\system32\_004594_.tmp.dll c:\windows\system32\_004596_.tmp.dll c:\windows\system32\_004597_.tmp.dll c:\windows\system32\_004598_.tmp.dll c:\windows\system32\_004599_.tmp.dll c:\windows\system32\_004601_.tmp.dll c:\windows\system32\_004603_.tmp.dll c:\windows\system32\_004604_.tmp.dll c:\windows\system32\_004605_.tmp.dll c:\windows\system32\_004606_.tmp.dll c:\windows\system32\_004607_.tmp.dll c:\windows\system32\_004608_.tmp.dll c:\windows\system32\_004609_.tmp.dll c:\windows\system32\_004611_.tmp.dll c:\windows\system32\_004612_.tmp.dll c:\windows\system32\_004613_.tmp.dll c:\windows\system32\_004614_.tmp.dll c:\windows\system32\_004615_.tmp.dll c:\windows\system32\_004616_.tmp.dll c:\windows\system32\_004617_.tmp.dll c:\windows\system32\_004618_.tmp.dll c:\windows\system32\_004619_.tmp.dll c:\windows\system32\_004620_.tmp.dll c:\windows\system32\_004621_.tmp.dll c:\windows\system32\_004622_.tmp.dll c:\windows\system32\_004623_.tmp.dll c:\windows\system32\_004624_.tmp.dll c:\windows\system32\_004625_.tmp.dll c:\windows\system32\_004626_.tmp.dll c:\windows\system32\_004627_.tmp.dll c:\windows\system32\_004629_.tmp.dll c:\windows\system32\_004630_.tmp.dll c:\windows\system32\_004631_.tmp.dll c:\windows\system32\_004632_.tmp.dll c:\windows\system32\_004634_.tmp.dll c:\windows\system32\_004636_.tmp.dll c:\windows\system32\_004637_.tmp.dll c:\windows\system32\_004638_.tmp.dll c:\windows\system32\_004639_.tmp.dll c:\windows\system32\_004640_.tmp.dll c:\windows\system32\_004641_.tmp.dll c:\windows\system32\_004642_.tmp.dll c:\windows\system32\_004644_.tmp.dll c:\windows\system32\_004645_.tmp.dll c:\windows\system32\_004646_.tmp.dll c:\windows\system32\_004647_.tmp.dll c:\windows\system32\_004648_.tmp.dll c:\windows\system32\_004649_.tmp.dll c:\windows\system32\_004650_.tmp.dll c:\windows\system32\_004651_.tmp.dll c:\windows\system32\_004653_.tmp.dll c:\windows\system32\_004654_.tmp.dll c:\windows\system32\_004655_.tmp.dll c:\windows\system32\_004656_.tmp.dll c:\windows\system32\_004657_.tmp.dll c:\windows\system32\_004659_.tmp.dll c:\windows\system32\_004660_.tmp.dll c:\windows\system32\_004664_.tmp.dll c:\windows\system32\_004665_.tmp.dll c:\windows\system32\_004667_.tmp.dll c:\windows\system32\_004670_.tmp.dll c:\windows\system32\_004672_.tmp.dll c:\windows\system32\_004673_.tmp.dll c:\windows\system32\_004674_.tmp.dll c:\windows\system32\_004675_.tmp.dll c:\windows\system32\_004678_.tmp.dll c:\windows\system32\_004679_.tmp.dll c:\windows\system32\_004680_.tmp.dll c:\windows\system32\_004681_.tmp.dll c:\windows\system32\_004682_.tmp.dll c:\windows\system32\_004687_.tmp.dll c:\windows\system32\_004689_.tmp.dll c:\windows\system32\_004690_.tmp.dll c:\windows\system32\_004835_.tmp.dll c:\windows\system32\_004836_.tmp.dll c:\windows\system32\_004837_.tmp.dll c:\windows\system32\_004838_.tmp.dll c:\windows\system32\_004839_.tmp.dll c:\windows\system32\_004840_.tmp.dll c:\windows\system32\_004841_.tmp.dll c:\windows\system32\_004842_.tmp.dll c:\windows\system32\_004845_.tmp.dll c:\windows\system32\_004846_.tmp.dll c:\windows\system32\_004847_.tmp.dll c:\windows\system32\_004849_.tmp.dll c:\windows\system32\_004850_.tmp.dll c:\windows\system32\_004853_.tmp.dll c:\windows\system32\_004854_.tmp.dll c:\windows\system32\_004856_.tmp.dll c:\windows\system32\_004857_.tmp.dll c:\windows\system32\_004858_.tmp.dll c:\windows\system32\_004859_.tmp.dll c:\windows\system32\_004860_.tmp.dll c:\windows\system32\_004861_.tmp.dll c:\windows\system32\_004862_.tmp.dll c:\windows\system32\_004863_.tmp.dll c:\windows\system32\_004864_.tmp.dll c:\windows\system32\_004866_.tmp.dll c:\windows\system32\_004867_.tmp.dll c:\windows\system32\_004868_.tmp.dll c:\windows\system32\_004869_.tmp.dll c:\windows\system32\_004871_.tmp.dll c:\windows\system32\_004873_.tmp.dll c:\windows\system32\_004874_.tmp.dll c:\windows\system32\_004875_.tmp.dll c:\windows\system32\_004876_.tmp.dll c:\windows\system32\_004877_.tmp.dll c:\windows\system32\_004878_.tmp.dll c:\windows\system32\_004879_.tmp.dll c:\windows\system32\_004881_.tmp.dll c:\windows\system32\_004882_.tmp.dll c:\windows\system32\_004883_.tmp.dll c:\windows\system32\_004884_.tmp.dll c:\windows\system32\_004885_.tmp.dll c:\windows\system32\_004886_.tmp.dll c:\windows\system32\_004887_.tmp.dll c:\windows\system32\_004888_.tmp.dll c:\windows\system32\_004890_.tmp.dll c:\windows\system32\_004891_.tmp.dll c:\windows\system32\_004892_.tmp.dll c:\windows\system32\_004893_.tmp.dll c:\windows\system32\_004894_.tmp.dll c:\windows\system32\_004896_.tmp.dll c:\windows\system32\_004897_.tmp.dll c:\windows\system32\_004901_.tmp.dll c:\windows\system32\_004902_.tmp.dll c:\windows\system32\_004904_.tmp.dll c:\windows\system32\_004907_.tmp.dll c:\windows\system32\_004909_.tmp.dll c:\windows\system32\_004910_.tmp.dll c:\windows\system32\_004911_.tmp.dll c:\windows\system32\_004912_.tmp.dll c:\windows\system32\_004915_.tmp.dll c:\windows\system32\_004916_.tmp.dll c:\windows\system32\_004917_.tmp.dll c:\windows\system32\_004918_.tmp.dll c:\windows\system32\_004919_.tmp.dll c:\windows\system32\_004924_.tmp.dll c:\windows\system32\_004926_.tmp.dll c:\windows\system32\_004927_.tmp.dll c:\windows\system32\Data c:\windows\system32\fonts c:\windows\system32\fonts\ACADEMY_.PFB c:\windows\system32\fonts\ACADEMY_.PFM c:\windows\system32\fonts\ACADEMY_.TTF c:\windows\system32\logs c:\windows\system32\Temp c:\windows\system32\uacinit.dll.vir . ((((((((((((((((((((((((( Files Created from 2010-06-18 to 2010-07-18 ))))))))))))))))))))))))))))))) . 2010-07-14 22:02 . 2010-04-29 16:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-07 01:44 . 2010-07-07 01:44 -------- d-----w- c:\program files\Trend Micro 2010-07-06 22:30 . 2010-07-06 22:30 -------- d-----w- c:\documents and settings\Main\Application Data\Avira 2010-07-06 22:23 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-07-06 22:23 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-07-06 22:23 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-07-06 22:23 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-07-06 22:23 . 2010-07-06 22:23 -------- d-----w- c:\program files\Avira 2010-07-06 22:23 . 2010-07-06 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-07-06 21:52 . 2010-07-06 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2010-07-06 21:52 . 2010-07-06 21:52 -------- d-----w- c:\documents and settings\Main\Application Data\Yahoo! 2010-07-02 18:46 . 2010-07-12 19:13 -------- d-----w- c:\windows\system32\NtmsData 2010-06-30 16:32 . 2010-07-06 21:13 -------- d-----w- c:\windows\BDOSCAN8 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-14 22:00 . 2009-03-30 23:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-12 04:44 . 2009-03-18 02:37 -------- d-----w- c:\documents and settings\Main\Application Data\Temp 2010-07-02 17:35 . 2009-04-13 19:13 81984 ----a-w- c:\windows\system32\bdod.bin 2010-07-01 15:16 . 2010-03-21 15:31 -------- d-----w- c:\program files\Defender Pro 2010-07-01 15:14 . 2010-03-21 16:18 132 ----a-w- c:\windows\system32\rezumatenoi.dat 2010-06-30 16:12 . 2009-09-12 20:02 -------- d-----w- c:\documents and settings\Main\Application Data\Move Networks 2010-06-29 04:04 . 2003-07-20 16:14 -------- d-----w- c:\program files\QUICKENW 2010-06-06 15:31 . 2008-12-15 01:55 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-02 18:11 . 2007-01-12 23:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-05-22 18:10 . 2003-07-20 16:10 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:56 . 2009-04-02 03:15 1850880 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:51 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Conime"="c:\windows\system32\conime.exe" [2004-08-04 27648] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-17 177472] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2009-03-31 22:23 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sprecovr \SystemRoot\sprecovr.txt [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk backup=c:\windows\pss\America Online 8.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] 2002-12-17 17:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime] 2004-08-04 12:00 27648 ----a-w- c:\windows\SYSTEM32\conime.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-04 12:00 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] 2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent] 2002-04-03 06:01 135264 ----a-w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry] 2002-08-14 23:22 28672 ----a-r- c:\windows\SYSTEM32\DSentry.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor] 2008-10-22 10:54 1310720 ----a-w- c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\EKIJ5000MUI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2004-06-16 11:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-03-26 05:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-09-05 03:50 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 06:00 90112 ----a-w- c:\windows\Updreg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "VSSERV"=2 (0x2) "QBFCService"=3 (0x3) "ose"=3 (0x3) "NVSvc"=2 (0x2) "NetSvc"=3 (0x3) "LIVESRV"=2 (0x2) "KodakSvc"=2 (0x2) "Kodak AiO Network Discovery Service"=2 (0x2) "JavaQuickStarterService"=2 (0x2) "iPod Service"=3 (0x3) "IDriverT"=3 (0x3) "DSBrokerService"=3 (0x3) "Creative Service for CDROM Access"=2 (0x2) "Bonjour Service"=2 (0x2) "Arrakis3"=3 (0x3) "Apple Mobile Device"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\CentraOne\\bin\\launcher.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9322:TCP"= 9322:TCP:EKDiscovery R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/6/2010 6:23 PM 135336] S2 BDVEDISK;BDVEDISK;\??\c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys --> c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [?] S3 Arrakis3;Defender Pro Arrakis Server;"c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe" --> c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [?] S3 bdfm;BDFM;c:\windows\SYSTEM32\DRIVERS\bdfm.sys [9/16/2008 10:10 AM 108864] S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\SYSTEM32\DRIVERS\pixmcvc.sys [12/11/2004 2:37 PM 32000] S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:\windows\SYSTEM32\DRIVERS\pixmcva.sys [12/11/2004 2:39 PM 28057] S3 PIXMCVV;JVC PIX-MCV Video Capture;c:\windows\SYSTEM32\DRIVERS\pixmcvv.sys [12/11/2004 2:38 PM 21081] S4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKDiscovery.exe [1/19/2009 5:01 PM 279960] S4 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\AiO\Center\KodakSvc.exe [1/19/2009 5:02 PM 38296] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs fcqwhxik . Contents of the 'Scheduled Tasks' folder 2010-07-12 c:\windows\Tasks\AiO Home Center Registration Remind Task.job - c:\documents and settings\All Users\Application Data\Kodak\Installer\Registration.exe [2009-03-18 21:47] 2010-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxp://mt202.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - hxxp://mediaplayer.walmart.com/installer/install.cab DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} - hxxp://store01.prostores.com/storeadmin/utilities/pssbedit.cab . - - - - ORPHANS REMOVED - - - - HKCU-Run-uvpwyrox - c:\documents and settings\Main\Local Settings\Application Data\rfxapa\vgltsftav.exe HKLM-Run-uvpwyrox - c:\documents and settings\Main\Local Settings\Application Data\rfxapa\vgltsftav.exe MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe MSConfigStartUp-BDAgent - c:\program files\BitDefender\BitDefender 2009\bdagent.exe MSConfigStartUp-BitDefender Antiphishing Helper - c:\program files\BitDefender\BitDefender 2009\IEShow.exe MSConfigStartUp-oylkojwt - c:\documents and settings\Main\Local Settings\Application Data\nbrbml\ggrjsysguard.exe MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe MSConfigStartUp-TrojanScanner - c:\program files\Trojan Remover\Trjscan.exe AddRemove-Easy-WebPrint - c:\program files\Canon\Easy-WebPrint\Uninst.isu ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-18 11:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(660) c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll - - - - - - - > 'explorer.exe'(2868) c:\windows\system32\WININET.dll c:\program files\iTunes\iTunesMiniPlayer.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2010-07-18 11:48:36 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-18 15:48 Pre-Run: 3,817,230,336 bytes free Post-Run: 3,649,658,880 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - EB1FFB543EDA423693524CA9F4D0CFE4
  17. Should I run the malicious removal tool through windows? Or the online scan available through Microsoft? Thanks
  18. Honestly, I am not sure what else I can do. I assume you wanted me to try #17 not #15; but I did both. Under #15, I did not see any topic which pertained exactly to my situation, but #17 was my exact situation. When I install and run the .bat file i get the following error "REGSVR32 "is not recognized as an internal or external command, operable program or batch file". The instructions want me to copy from another computer, I don't have any other computer. I did downloand and install the Microsoft Visual Basic Controls. I still receive the error 0 and error 440 when I try to run and install Malwarebytes. Now what? Thanks
  19. ok - I found the application data files and deleted the java folders. I deleted the random generated malwarebytes and saved a new random generated on on my desktop. It still does not load. I still get the run time error 0 and run time error 440. I renamed the filed EXPLORER.EXE and still receive the run time errors. Now what? Thanks
  20. ok - I uninstalled Adobe Reader 8.1.2, but I did not have either of the security updates listed in the Control Panel. I removed all versions of Java. I did not have folders under documents and settings\all users (or any user name)\application data. I did not have a folder called application data. The JavaRa log: JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Tue Jul 13 20:06:49 2010 Found and removed: C:\Program Files\Java\j2re1.4.2_06 Found and removed: C:\Program Files\Java\jre1.5.0_06 Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142060} Found and removed: Software\JavaSoft\Java2D\1.5.0_06 Found and removed: SOFTWARE\Classes\JavaPlugin.150_06 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\JavaPlugin.142_06 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500} ------------------------------------ Finished reporting. I downloaded the version of malwarebytes you linked me to, but when I doubleclick, I still get run time error 0 and run time error 440. What now? Thanks
  21. ok here is the attach.txt. thanks UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 3/9/2006 7:45:09 PM System Uptime: 7/7/2010 6:00:10 PM (0 hours ago) Motherboard: Dell Computer Corp. | | 02Y832 Processor: Intel® Pentium® 4 CPU 2.40GHz | Microprocessor | 2394/533mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 56 GiB total, 4.081 GiB free. E: is CDROM () F: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Device ID: ROOT\SW_BDFNDISFMP\0002 Manufacturer: BitDefender Name: BitDefender Firewall NDIS Filter Miniport #3 PNP Device ID: ROOT\SW_BDFNDISFMP\0002 Service: ==== System Restore Points =================== RP1: 7/6/2010 6:11:47 PM - System Checkpoint ==== Installed Programs ====================== Acey Deucy Backgammon Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Flash Player 10 ActiveX Adobe Reader 8.1.2 Adobe Reader 8.1.2 Security Update 1 (KB403742) aiofw aioprnt aioscnnr America Online AOL Coach Version 1.0(Build:20020823.1) Apple Application Support Apple Mobile Device Support Apple Software Update Avira AntiVir Personal - Free Antivirus Banctec Service Agreement Bonjour C4USelfUpdater CardRd81 CCleaner CCScore center Centra Client CentraOne Compatibility Pack for the 2007 Office system Conexant SmartHSFi V92 56K DF PCI Modem CR2 Critical Update for Windows Media Player 11 (KB959772) DAO Dell Networking Guide Dell Picture Studio - Dell Image Expert Dell Solution Center DellSupport Digital Line Detect DVDSentry Earthlink Installer - uninstall 'Earthlink 5.0' entry first if present Easy-WebPrint Easy CD Creator 5 Basic ELNKInst ESSBrwr ESSCDBK ESScore ESSgui ESSini ESSPCD ESSPDock ESSTOOLS essvatgt Facebook Plug-In Google Toolbar for Internet Explorer GoToAssist 8.0.0.514 H&R Block Basic + Efile 2009 H&R Block West Virginia 2009 Help and Support Customization HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Hotfix for Windows XP (KB932716-v2) Hotfix for Windows XP (KB945060-v3) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) ImageMixer Intel® PRO Network Adapters and Drivers Intel® PROSet InterActual Player iPod for Windows 2005-09-23 iTunes J2SE Runtime Environment 5.0 Update 6 Java 2 Runtime Environment, SE v1.4.2_06 Java 6 Update 11 KODAK All-in-One Printer Software Kodak EasyShare software ksDIP Macromedia Shockwave Player Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Access 2003 Microsoft Office Standard Edition 2003 Microsoft Office XP Media Content Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Works 6-9 Converter MicroStaff WINASPI MobileMe Control Panel MSN Music Assistant MSN Toolbar MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML 6 Service Pack 2 (KB973686) MyDVD netbrdg NVIDIA Windows 2000/XP Display Drivers OfotoXMI Paint Shop Pro 7 Pdf995 PreReq QuickBooks Pro 2007 QuickBooks Product Listing Service Quicken 2005 QuickTime QuickTime for Windows (32-bit) Quik 21 Secure Game Player Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958470) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) SFR SHASTA Shipping Assistant 3.6 skin0001 SKINXSDK Sound Blaster Live! Stalla Exam Review and PassMaster for Level I 2010 Edition Stalla Mock Exam and Review - Level I 2010 Edition staticcr SupportSoft Assisted Service TaxCut 2003 TaxCut Premium 2007 tooltips UC Wage Reporter 3.0 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB894391) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB925720) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB932823-v3) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB951072-v2) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VPRINTOL WD Diagnostics WebFldrs XP WexTech AnswerWorks Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 WIRELESS Yahoo! Toolbar ==== Event Viewer Messages From Past Week ======== 7/7/2010 6:01:00 PM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer4. 7/7/2010 5:41:16 PM, error: Dhcp [1002] - The IP address lease 192.168.254.1 for the Network Card with network address 0007E97471CA has been denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message). 7/2/2010 4:40:00 PM, error: Schedule [7901] - The At1.job command failed to start due to the following error: General access denied error 7/2/2010 3:43:12 PM, error: VolSnap [24] - There was insufficient disk space on volume C: to persist the shadow copy of volume C:. Diff area file growth failed. 7/2/2010 3:03:26 PM, error: PlugPlayManager [12] - The device 'SAMSUNG CD-ROM SC-148C' (IDE\CdRomSAMSUNG_CD-ROM_SC-148C__________________B105____\5&a20f9fe&0&0.0.0) disappeared from the system without first being prepared for removal. 7/2/2010 3:03:26 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1. 7/2/2010 3:02:57 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period. 7/2/2010 2:36:34 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 7/2/2010 2:36:34 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\Main\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. . 7/2/2010 2:36:34 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 7/2/2010 1:39:15 PM, error: Service Control Manager [7000] - The BDVEDISK service failed to start due to the following error: The system cannot find the path specified. 7/2/2010 1:35:44 PM, error: Service Control Manager [7034] - The Defender Pro Desktop Update Service service terminated unexpectedly. It has done this 1 time(s). 7/1/2010 11:33:22 AM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process. 7/1/2010 11:28:58 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer DAN that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C4D5642F-5688-435B-8569. The master browser is stopping or an election is being forced. 7/1/2010 11:20:02 AM, error: Service Control Manager [7000] - The BDVEDISK service failed to start due to the following error: The system cannot find the file specified. 7/1/2010 11:17:35 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found. 6/30/2010 9:16:31 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C4D5642F-5688-435B-85. The master browser is stopping or an election is being forced. 6/30/2010 11:59:36 AM, error: Print [19] - Sharing printer failed + 1722, Printer KODAK ESP-3 AiO share name KODAKESP. ==== End Of File ===========================
  22. Thanks, I followed the steps in the instructions. I still can not run the mbam file. I receive the run time error code 0 and run time error code 440. Installed the Avira and did not have any infections. Ran the DeFogger Disable - I was not prompted to restart my computer, but I did restart. Ran the DDS have have the 2 logs. Ran the GMER Scanner and have the log. My computer does not have an option to zip/archive the attach.txt file or the ark.txt file. Do you want me to send them as an unzipped attachment? When I right click on the file (saved on my desktop) Compressed is not an option. I have pasted the contents below for the DDS.txt and the ark.txt, the attach.txt states not to upload unless requested or to zip and since I can not zip, I didn't know what to do. Thanks for the help. Let me know what to do next. ----------------------- DDS.txt DDS (Ver_10-03-17.01) - NTFSx86 Run by Main at 18:04:25.14 on Wed 07/07/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1279.799 [GMT -4:00] AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Main\Desktop\dds.scr ============== Pseudo HJT Report =============== uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No File TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [uvpwyrox] c:\documents and settings\main\local settings\application data\rfxapa\vgltsftav.exe mRun: [Conime] %windir%\system32\conime.exe mRun: [uvpwyrox] c:\documents and settings\main\local settings\application data\rfxapa\vgltsftav.exe mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) uPolicies-system: Wallpaper = mPolicies-explorer: <NO NAME> = IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: Yahoo! Gin - hxxp://download.games.yahoo.com/games/clients/y/nt1_x.cab DPF: Yahoo! Klondike Solitaire - hxxp://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab DPF: Yahoo! Pyramids - hxxp://download.games.yahoo.com/games/clients/y/pyt1_x.cab DPF: Yahoo! Word Racer - hxxp://download.games.yahoo.com/games/clients/y/wt0_x.cab DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxp://mt202.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} - hxxp://download.mcafee.com/molbin/Shared/MGBrwFld.cab DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} - hxxps://support.microsoft.com/OAS/ActiveX/odc.cab DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://spaces.msn.com//PhotoUpload/MsnPUpld.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - hxxp://mediaplayer.walmart.com/installer/install.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145755096125 DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1232595064_0fe862ac42ad18762b4ec930f2d4e4c0&GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab&BHost=javadl.sun.com DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://zone.msn.com/binGame/ZAxRcMgr.cab DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} - hxxp://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/gold/default/gf.cab DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab53083.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} - hxxp://zone.msn.com/bingame/rmcb/default/RumbleCube.cab DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5128/mcfscan.cab DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} - hxxp://store01.prostores.com/storeadmin/utilities/pssbedit.cab Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll LSA: Notification Packages = :\windows\system32\srrstr.dll cecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli Hosts: 91.212.65.122 browser-security.microsoft.com Hosts: 91.212.65.122 spyware-protector-2009.com Hosts: 91.212.65.122 www.spyware-protector-2009.com Hosts: 91.212.65.122 secure.spyware-protector-2009.com Hosts: 91.212.65.122 knocker ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-7-6 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-7-6 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-7-6 267432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-6 60936] S2 BDVEDISK;BDVEDISK;\??\c:\program files\bitdefender\bitdefender 2009\bdvedisk.sys --> c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [?] S3 Arrakis3;Defender Pro Arrakis Server;"c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe" --> c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [?] S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-16 108864] S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\system32\drivers\pixmcvc.sys [2004-12-11 32000] S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:\windows\system32\drivers\pixmcva.sys [2004-12-11 28057] S3 PIXMCVV;JVC PIX-MCV Video Capture;c:\windows\system32\drivers\pixmcvv.sys [2004-12-11 21081] S4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKDiscovery.exe [2009-1-19 279960] S4 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\aio\center\KodakSvc.exe [2009-1-19 38296] =============== Created Last 30 ================ 2010-07-07 21:58:22 0 ----a-w- c:\documents and settings\main\defogger_reenable 2010-07-07 01:44:01 0 d-----w- c:\program files\Trend Micro 2010-07-07 01:43:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-07 01:43:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-06 22:30:20 0 d-----w- c:\docume~1\main\applic~1\Avira 2010-07-06 22:23:01 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-07-06 22:23:00 0 d-----w- c:\program files\Avira 2010-07-06 22:23:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira 2010-07-02 18:46:04 0 d-----w- c:\windows\system32\NtmsData 2010-07-02 15:46:19 850 ----a-w- c:\windows\system32\ProductTweaks.xml 2010-06-30 18:18:11 385 ----a-w- c:\windows\system32\user_gensett.xml 2010-06-16 01:48:41 3246 ----a-w- c:\windows\system32\wbem\Outlook_01cb0cf60c06963c.mof 2010-06-11 18:11:35 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll ==================== Find3M ==================== 2010-07-02 17:35:17 81984 ----a-w- c:\windows\system32\bdod.bin 2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll 2004-11-19 12:20:57 45495 -csha-w- c:\windows\system\lrulld.bak2 ============= FINISH: 18:06:01.92 =============== ARK.TXT GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-07-07 22:44:01 Windows 5.1.2600 Service Pack 2 Running: 4jejil7d.exe; Driver: C:\DOCUME~1\Main\LOCALS~1\Temp\pxtdypod.sys ---- System - GMER 1.0.15 ---- SSDT F7A9E13E ZwCreateKey SSDT F7A9E134 ZwCreateThread SSDT F7A9E143 ZwDeleteKey SSDT F7A9E14D ZwDeleteValueKey SSDT F7A9E152 ZwLoadKey SSDT F7A9E120 ZwOpenProcess SSDT F7A9E125 ZwOpenThread SSDT F7A9E15C ZwReplaceKey SSDT F7A9E157 ZwRestoreKey SSDT F7A9E148 ZwSetValueKey ---- Kernel code sections - GMER 1.0.15 ---- LOCKcode desktop.doc
  23. I can not install Malware. Help is greatly appreciated. I ran the hijackthis and below is the log. Thanks!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:44:17 PM, on 7/6/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Yahoo!\Companion\Installs\cpn0\ytbb.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O1 - Hosts: ::1 localhost O1 - Hosts: 91.212.65.122 browser-security.microsoft.com O1 - Hosts: 91.212.65.122 spyware-protector-2009.com O1 - Hosts: 91.212.65.122 www.spyware-protector-2009.com O1 - Hosts: 91.212.65.122 secure.spyware-protector-2009.com O1 - Hosts: 91.212.65.122 knocker O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe O4 - HKLM\..\Run: [uvpwyrox] C:\Documents and Settings\Main\Local Settings\Application Data\rfxapa\vgltsftav.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uvpwyrox] C:\Documents and Settings\Main\Local Settings\Application Data\rfxapa\vgltsftav.exe O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://mt202.centra.com/SiteRoots/main/Ins...raUpdaterAx.cab O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145755096125 O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u1...=javadl.sun.com O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53083.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} (cGameControl Class) - http://zone.msn.com/bingame/rmcb/default/RumbleCube.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...128/mcfscan.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O16 - DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} (SiteBuilderEditor Class) - http://store01.prostores.com/storeadmin/ut...es/pssbedit.cab O18 - Filter hijack: text/html - {8f07f059-10f6-4e4a-9387-6b1cb42be028} - (no file) O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Defender Pro Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 12567 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.