Updates/Install blocked for MBAM and AVG

italgraniusa · March 4, 2010

I am having trouble with being able to update MBAM and install AVG. MBAM is installed, but is shut down after about 5 seconds trying to update or scan. AVG will not install. I get a message that I do not have an internet connection, although I am able to use IE to get to any site.

I do not have a MBAM log since it will not scan.

Here is the HiJack this log file:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 8:27:13 PM, on 3/3/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16981)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe

C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher...d&%language

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80229

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80229

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80229

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80229

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!

R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: PlaySushi - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll

O2 - BHO: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll

O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe

O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe

O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [screenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup

O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Desktop Notes - {035E680E-B668-472F-91F3-E850BCC5051F} - C:\Program Files\Crawler\Notes\CNotes.exe (file missing)

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Go PlaySushi! - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.msn.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1236774749546

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1236791609421

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: McAfee Application Installer Cleanup (0250301236772719) (0250301236772719mcinstcleanup) - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\025030~1.EXE (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

O23 - Service: Weemi Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Weemi\weemi127.exe (file missing)

--

End of file - 10317 bytes

italgraniusa · March 4, 2010

How does this forum work? Do people randomly offer help or is it like a call que?

screen317 · March 18, 2010

Hi and welcome to Malwarebytes.

Do you still need help?

italgraniusa · March 18, 2010

Hi and welcome to Malwarebytes.
Do you still need help?

Yes, I am still having problems

screen317 · March 18, 2010

Hi,

Download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

After you post that log, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

italgraniusa · March 18, 2010

OK.

It will have to wait until Monday. I am currently on vacation and cannot connect to the computer in question.

Thanks

screen317 · March 19, 2010

Okay thank for letting me know.

italgraniusa · March 23, 2010

Here is the DDS log:

DDS (Ver_10-03-17.01) - NTFSx86

Run by Vanessa at 7:14:22.21 on Tue 03/23/2010

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2021.1358 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe

C:\WINDOWS\SMINST\Scheduler.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Documents and Settings\Vanessa\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [setRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe

mRun: [screenPrint32] c:\program files\screenprint32 v3\ScreenPrint32.exe -startup

mRun: [scheduler] c:\windows\sminst\Scheduler.exe

mRun: [Reminder] c:\windows\creator\Remind_XP.exe

mRun: [Recguard] c:\windows\sminst\Recguard.exe

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

IE: {035E680E-B668-472F-91F3-E850BCC5051F} - c:\program files\crawler\notes\CNotes.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236774749546

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236791609421

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

==================== Find3M ====================

============= FINISH: 7:15:26.76 ===============

italgraniusa · March 23, 2010

Here is the combo fix log:

ComboFix 10-03-22.03 - Vanessa 03/23/2010 7:35.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2021.1470 [GMT -5:00]

Running from: c:\documents and settings\Vanessa\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\D.exe

c:\documents and settings\Administrator\Application Data\Starware

c:\documents and settings\Administrator\Application Data\WeatherDPA

c:\documents and settings\All Users\Application Data\Starware

c:\documents and settings\Vanessa\Application Data\Starware

c:\documents and settings\Vanessa\Application Data\WeatherDPA

c:\documents and settings\Vanessa\Local Settings\Temp\juniub.tmp

c:\windows\system32\setup2.exe

.

((((((((((((((((((((((((( Files Created from 2010-02-23 to 2010-03-23 )))))))))))))))))))))))))))))))

.

2010-03-11 14:43 . 2010-03-23 12:10 -------- d-----w- c:\program files\LogMeIn

2010-03-10 16:58 . 2010-03-10 16:58 -------- d-----w- c:\documents and settings\Vanessa\Local Settings\Application Data\IsolatedStorage

2010-03-10 14:22 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-03-08 20:20 . 2010-03-08 20:20 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-03-08 20:20 . 2010-03-08 20:20 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-03-08 20:20 . 2010-03-08 20:20 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-03-08 20:20 . 2010-03-08 21:55 -------- d-----w- c:\windows\system32\drivers\Avg

2010-03-08 20:20 . 2010-03-08 20:20 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-03-08 19:41 . 2010-03-08 20:08 -------- d-----w- c:\program files\CleanUp!

2010-03-04 02:56 . 2010-03-04 02:56 0 ----a-w- c:\documents and settings\Vanessa\settings.dat

2010-03-04 02:26 . 2010-03-04 02:26 388096 ----a-r- c:\documents and settings\Vanessa\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe

2010-03-04 02:26 . 2010-03-04 02:26 -------- d-----w- c:\program files\TrendMicro

2010-03-03 19:15 . 2010-03-03 19:15 -------- d-----w- c:\documents and settings\Vanessa\Application Data\Malwarebytes

2010-03-03 19:15 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-03 19:15 . 2010-03-04 03:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-03 19:15 . 2010-03-03 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-03-03 19:15 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-10 22:24 . 2009-01-24 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-03-08 21:54 . 2010-02-04 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-03-08 19:40 . 2009-03-11 14:05 -------- d-----w- c:\program files\Windows Desktop Search

2010-03-04 03:28 . 2009-07-15 17:31 -------- d-----w- c:\program files\ScreenPrint32 v3

2010-03-04 03:15 . 2009-04-02 14:24 -------- d-----w- c:\program files\Yahoo!

2010-03-04 03:15 . 2009-08-19 15:52 -------- d-----w- c:\documents and settings\Vanessa\Application Data\SmartDraw

2010-03-04 03:13 . 2010-01-28 16:10 -------- d-----w- c:\program files\Microsoft

2010-03-04 03:12 . 2009-04-02 14:23 -------- d-----w- c:\program files\Google

2010-02-04 15:11 . 2010-02-04 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2010-02-04 14:48 . 2009-04-15 12:47 -------- d-----w- c:\program files\AVG

2010-02-04 14:43 . 2010-02-04 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp

2010-02-01 20:14 . 2010-01-28 16:09 -------- d-----w- c:\program files\Microsoft Silverlight

2010-01-25 13:28 . 2010-02-04 14:43 3777816 ----a-w- c:\documents and settings\All Users\Application Data\Temp\AVG\setup.exe

2010-01-05 10:00 . 2006-02-28 02:00 832512 ------w- c:\windows\system32\wininet.dll

2010-01-05 10:00 . 2006-02-28 02:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-01-05 10:00 . 2006-02-28 02:00 17408 ----a-w- c:\windows\system32\corpol.dll

2009-12-31 16:50 . 2006-02-28 02:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys

.

((((((((((((((((((((((((((((( SnapShot@2010-03-05_14.25.32 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-06-22 15:13 . 2009-09-29 01:34 47416 c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll

- 2009-06-22 15:13 . 2009-10-01 14:05 47416 c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll

+ 2009-06-22 15:13 . 2009-09-29 01:34 52536 c:\windows\system32\spool\drivers\w32x86\LMIprinterui.dll

- 2009-06-22 15:13 . 2009-10-01 14:05 52536 c:\windows\system32\spool\drivers\w32x86\LMIprinterui.dll

+ 2009-06-22 15:13 . 2009-09-29 01:34 52536 c:\windows\system32\spool\drivers\w32x86\LMIprinterdat.dll

- 2009-06-22 15:13 . 2009-10-01 14:05 52536 c:\windows\system32\spool\drivers\w32x86\LMIprinterdat.dll

+ 2009-06-22 15:13 . 2009-09-29 01:34 40248 c:\windows\system32\spool\drivers\w32x86\LMIprinter.dll

- 2009-06-22 15:13 . 2009-10-01 14:05 40248 c:\windows\system32\spool\drivers\w32x86\LMIprinter.dll

+ 2006-04-25 17:43 . 2010-03-23 13:31 72642 c:\windows\system32\perfc009.dat

+ 2009-06-22 15:13 . 2009-09-29 01:34 83288 c:\windows\system32\LMIRfsClientNP.dll

- 2009-06-22 15:13 . 2009-10-01 14:05 83288 c:\windows\system32\LMIRfsClientNP.dll

- 2009-06-22 15:13 . 2009-10-01 14:05 28984 c:\windows\system32\LMIport.dll

+ 2009-06-22 15:13 . 2009-09-29 01:34 28984 c:\windows\system32\LMIport.dll

- 2008-10-17 01:35 . 2009-09-08 14:01 11552 c:\windows\system32\lmimirr2.dll

+ 2008-10-17 01:35 . 2008-08-11 18:40 11552 c:\windows\system32\lmimirr2.dll

+ 2008-10-17 01:35 . 2008-08-11 18:40 25248 c:\windows\system32\lmimirr.dll

- 2008-10-17 01:35 . 2009-09-08 14:01 25248 c:\windows\system32\lmimirr.dll

- 2009-06-22 15:13 . 2009-10-01 14:05 87352 c:\windows\system32\LMIinit.dll

+ 2009-06-22 15:13 . 2009-09-29 01:34 87352 c:\windows\system32\LMIinit.dll

- 2009-06-22 15:13 . 2008-07-24 23:46 47640 c:\windows\system32\drivers\LMIRfsDriver.sys

+ 2009-06-22 15:13 . 2008-08-11 18:41 47640 c:\windows\system32\drivers\LMIRfsDriver.sys

+ 2008-07-24 23:45 . 2008-08-11 18:40 10144 c:\windows\system32\drivers\lmimirr.sys

- 2008-07-24 23:45 . 2008-07-24 23:45 10144 c:\windows\system32\drivers\lmimirr.sys

+ 2009-01-24 17:50 . 2010-03-10 22:24 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe

- 2009-01-24 17:50 . 2010-02-10 22:52 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe

- 2009-01-24 17:50 . 2010-02-10 22:52 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe

+ 2009-01-24 17:50 . 2010-03-10 22:24 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe

+ 2009-01-24 17:50 . 2010-03-10 22:24 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe

- 2009-01-24 17:50 . 2010-02-10 22:52 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe

+ 2006-04-25 17:43 . 2010-03-23 13:31 445294 c:\windows\system32\perfh009.dat

+ 2008-11-05 18:02 . 2008-11-05 18:02 119296 c:\windows\Installer\55af1f0.msp

+ 2009-01-24 17:50 . 2010-03-10 22:24 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe

- 2009-01-24 17:50 . 2010-02-10 22:52 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe

- 2009-01-24 17:50 . 2010-02-10 22:52 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe

+ 2009-01-24 17:50 . 2010-03-10 22:24 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe

- 2009-01-24 17:50 . 2010-02-10 22:52 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe

+ 2009-01-24 17:50 . 2010-03-10 22:24 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe

- 2009-01-24 17:50 . 2010-02-10 22:52 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe

+ 2009-01-24 17:50 . 2010-03-10 22:24 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe

- 2009-01-24 17:50 . 2010-02-10 22:52 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe

+ 2009-01-24 17:50 . 2010-03-10 22:24 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe

+ 2010-03-09 22:50 . 2010-03-09 22:50 135168 c:\windows\Installer\{90A40409-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2009-08-13 20:29 . 2009-08-13 20:29 135168 c:\windows\Installer\{90A40409-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2010-03-11 14:44 . 2010-03-11 14:44 4296704 c:\windows\Installer\3863c.msi

+ 2010-02-04 23:24 . 2010-02-04 23:24 9122304 c:\windows\Installer\1bb67a3.msp

+ 2010-02-21 07:00 . 2010-02-21 07:00 8480768 c:\windows\Installer\1bb678f.msp

+ 2010-02-04 06:59 . 2010-02-04 06:59 5031936 c:\windows\Installer\1bb677b.msp

- 2009-01-24 17:50 . 2010-02-10 22:52 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe

+ 2009-01-24 17:50 . 2010-03-10 22:24 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe

+ 2009-01-24 17:50 . 2010-03-10 22:24 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe

- 2009-01-24 17:50 . 2010-02-10 22:52 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe

+ 2009-03-11 14:01 . 2010-03-02 05:30 31648712 c:\windows\system32\MRT.exe

+ 2009-11-21 05:46 . 2009-11-21 05:46 11524608 c:\windows\Installer\1bb67b7.msp

+ 2009-04-04 00:46 . 2009-04-04 00:46 17314688 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MSO.DLL

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1036288]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]

"ScreenPrint32"="c:\program files\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-16 446464]

"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]

"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-03-08 20:20 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2009-09-29 01:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"midi9"=c:\docume~1\Vanessa\LOCALS~1\Temp\juniub.tmp 1yAPFDOFNF

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\WINDOWS\\system32\\msiexec.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"5800:TCP"= 5800:TCP:vnc5800

"5900:TCP"= 5900:TCP:vnc5900

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/8/2010 3:20 PM 216200]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/8/2010 3:20 PM 242696]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/8/2010 3:20 PM 308064]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 1:41 PM 12856]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [1/23/2007 3:13 PM 36608]

S3 oxmep;OXPCI support driver;c:\windows\system32\drivers\oxmep.sys [3/11/2009 7:13 AM 6656]

S3 oxmf;OXPCI Bus enumerator;c:\windows\system32\drivers\oxmf.sys [3/11/2009 7:13 AM 23552]

S3 Oxmfuf;Filter driver for OX16PCI95x ports;c:\windows\system32\drivers\oxmfuf.sys [3/11/2009 7:13 AM 7168]

S3 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\oxser.sys [3/11/2009 7:13 AM 72704]

S4 0250301236772719mcinstcleanup;McAfee Application Installer Cleanup (0250301236772719);c:\docume~1\ADMINI~1\LOCALS~1\Temp\025030~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\025030~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

S4 JDAS AGY Auto Control Service;JDAS AGY Auto Control Service;c:\agris\packages\agy\AGYAutoCtrlService.exe [8/18/2009 4:58 PM 323584]

S4 JDAS AGY Blender Service;JDAS AGY Blender Service;c:\agris\packages\agy\AGYAutoBlendCtrlSvc.exe [8/18/2009 4:58 PM 311296]

S4 Weemi Service;Weemi Service;"c:\documents and settings\All Users\Application Data\Weemi\weemi127.exe" "c:\program files\Weemi\weemi.dll" Service --> c:\documents and settings\All Users\Application Data\Weemi\weemi127.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c

IE: {{035E680E-B668-472F-91F3-E850BCC5051F} - c:\program files\Crawler\Notes\CNotes.exe

.

**************************************************************************

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Pervasive Software\PSQL]

@Denied: ) (Everyone)

@=""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(476)

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(2896)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\LogMeIn\x86\RaMaint.exe

c:\program files\LogMeIn\x86\LogMeIn.exe

c:\program files\LogMeIn\x86\LMIGuardian.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\LogMeIn\x86\LMIGuardian.exe

.

**************************************************************************

.

Completion time: 2010-03-23 08:35:02 - machine was rebooted

ComboFix-quarantined-files.txt 2010-03-23 13:35

ComboFix2.txt 2010-03-05 14:27

Pre-Run: 49,345,024,000 bytes free

Post-Run: 49,539,301,376 bytes free

- - End Of File - - 859E8AAF01E24479773C6E110495A5F8

italgraniusa · March 23, 2010

Here is the new Hijack this log:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 8:49:50 AM, on 3/23/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16981)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe

C:\WINDOWS\SMINST\Scheduler.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ctfmon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll