Jump to content

Error loading dll's

TonyDee

By TonyDee
in Resolved Malware Removal Logs

 Share

Recommended Posts

TonyDee

TonyDee

Posted
Posted

When booting the computer I received two new messages, both were 'Error loading' the following:

C:\Windows\rDBdll and C:\Windows\erokarad.dll. I don't know what these are. I found them in msconfig>startup and turned them off. Then I ran the Malwarebytes which found two infections and removed them. An on-scan at ESET found 4 items. Trend Micro on-line scan found yet another item.

Is there still an infection? Thank you.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 2/2/2004 6:33:27 PM

System Uptime: 8/7/2010 1:18:23 PM (0 hours ago)

Motherboard: Dell Computer Corp. | | 0C2425

Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2791/533mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 112 GiB total, 86.254 GiB free.

D: is CDROM (CDFS)

E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: PlayLinc Adapter

Device ID: ROOT\NET\0001

Manufacturer: Super Computer Inc.

Name: PlayLinc Adapter

PNP Device ID: ROOT\NET\0001

Service: hamachi_oem

==== System Restore Points ===================

RP479: 5/10/2010 12:11:07 PM - System Checkpoint

RP480: 5/11/2010 12:30:11 PM - System Checkpoint

RP481: 5/12/2010 1:37:51 PM - System Checkpoint

RP482: 5/13/2010 3:00:35 AM - Software Distribution Service 3.0

RP483: 5/14/2010 3:30:12 AM - System Checkpoint

RP484: 5/15/2010 5:06:09 AM - System Checkpoint

RP485: 5/17/2010 11:48:43 AM - System Checkpoint

RP486: 5/18/2010 2:17:35 PM - System Checkpoint

RP487: 5/19/2010 2:30:49 PM - System Checkpoint

RP488: 6/20/2010 3:53:37 PM - System Checkpoint

RP489: 6/21/2010 4:30:48 PM - System Checkpoint

RP490: 6/22/2010 5:30:48 PM - System Checkpoint

RP491: 5/23/2010 6:42:14 PM - System Checkpoint

RP492: 5/24/2010 6:47:59 PM - System Checkpoint

RP493: 5/25/2010 6:58:09 PM - System Checkpoint

RP494: 5/26/2010 7:34:43 PM - System Checkpoint

RP495: 5/27/2010 3:00:21 AM - Software Distribution Service 3.0

RP496: 5/28/2010 3:34:44 AM - System Checkpoint

RP497: 5/29/2010 4:34:43 AM - System Checkpoint

RP498: 5/30/2010 5:34:43 AM - System Checkpoint

RP499: 5/31/2010 5:36:06 AM - System Checkpoint

RP500: 6/1/2010 6:36:03 AM - System Checkpoint

RP501: 6/2/2010 7:37:09 AM - System Checkpoint

RP502: 6/2/2010 9:12:44 AM - Avg Update

RP503: 6/3/2010 9:37:09 AM - System Checkpoint

RP504: 6/4/2010 10:36:09 AM - System Checkpoint

RP505: 6/5/2010 11:36:07 AM - System Checkpoint

RP506: 6/6/2010 12:28:02 PM - System Checkpoint

RP507: 6/7/2010 12:30:28 PM - System Checkpoint

RP508: 6/8/2010 12:53:54 PM - System Checkpoint

RP509: 6/9/2010 1:12:58 PM - System Checkpoint

RP510: 6/10/2010 3:00:35 AM - Software Distribution Service 3.0

RP511: 6/11/2010 3:51:47 AM - System Checkpoint

RP512: 6/12/2010 4:29:39 AM - System Checkpoint

RP513: 6/13/2010 5:17:32 AM - System Checkpoint

RP514: 6/14/2010 5:30:25 AM - System Checkpoint

RP515: 6/15/2010 6:30:25 AM - System Checkpoint

RP516: 6/16/2010 7:31:30 AM - System Checkpoint

RP517: 6/17/2010 8:30:29 AM - System Checkpoint

RP518: 6/18/2010 9:31:36 AM - System Checkpoint

RP519: 6/19/2010 10:31:36 AM - System Checkpoint

RP520: 6/20/2010 11:31:36 AM - System Checkpoint

RP521: 6/21/2010 12:39:38 PM - System Checkpoint

RP522: 6/22/2010 1:47:06 PM - System Checkpoint

RP523: 6/23/2010 2:32:14 PM - System Checkpoint

RP524: 6/25/2010 3:56:19 PM - System Checkpoint

RP525: 6/26/2010 8:38:06 AM - Avg Update

RP526: 6/27/2010 9:14:10 AM - System Checkpoint

RP527: 6/28/2010 9:54:38 AM - System Checkpoint

RP528: 6/29/2010 11:06:40 AM - System Checkpoint

RP529: 6/30/2010 11:54:37 AM - System Checkpoint

RP530: 7/1/2010 12:54:39 PM - System Checkpoint

RP531: 7/2/2010 1:06:48 PM - System Checkpoint

RP532: 7/3/2010 1:07:52 PM - System Checkpoint

RP533: 7/4/2010 1:22:07 PM - System Checkpoint

RP534: 7/5/2010 2:22:28 PM - System Checkpoint

RP535: 7/6/2010 3:07:54 PM - System Checkpoint

RP536: 7/7/2010 4:07:57 PM - System Checkpoint

RP537: 7/8/2010 5:33:01 PM - System Checkpoint

RP538: 7/9/2010 6:08:43 PM - System Checkpoint

RP539: 7/10/2010 6:22:51 PM - System Checkpoint

RP540: 7/11/2010 7:22:54 PM - System Checkpoint

RP541: 7/12/2010 9:03:06 PM - System Checkpoint

RP542: 7/13/2010 9:05:02 PM - System Checkpoint

RP543: 7/14/2010 9:52:28 PM - System Checkpoint

RP544: 7/15/2010 3:00:34 AM - Software Distribution Service 3.0

RP545: 7/15/2010 10:02:54 AM - Avg Update

RP546: 7/15/2010 10:05:09 AM - Avg Update

RP547: 7/16/2010 10:08:40 AM - System Checkpoint

RP548: 7/17/2010 10:57:50 AM - System Checkpoint

RP549: 7/18/2010 11:04:33 AM - System Checkpoint

RP550: 7/19/2010 1:09:41 PM - System Checkpoint

RP551: 7/20/2010 1:58:21 PM - System Checkpoint

RP552: 7/21/2010 10:04:19 AM - Avg Update

RP553: 7/22/2010 10:59:38 AM - System Checkpoint

RP554: 7/23/2010 11:21:50 AM - System Checkpoint

RP555: 7/24/2010 12:31:23 PM - System Checkpoint

RP556: 7/25/2010 6:30:46 PM - System Checkpoint

RP557: 7/26/2010 6:45:12 PM - System Checkpoint

RP558: 7/27/2010 6:46:24 PM - System Checkpoint

RP559: 7/28/2010 8:26:05 PM - System Checkpoint

RP560: 7/29/2010 9:14:45 PM - System Checkpoint

RP561: 7/30/2010 10:38:46 PM - System Checkpoint

RP562: 7/31/2010 11:29:01 PM - System Checkpoint

RP563: 8/2/2010 12:29:02 AM - System Checkpoint

RP564: 8/3/2010 1:18:54 AM - System Checkpoint

RP565: 8/4/2010 8:26:25 AM - System Checkpoint

RP566: 8/5/2010 2:32:58 PM - System Checkpoint

RP567: 8/6/2010 2:36:07 PM - System Checkpoint

RP568: 8/6/2010 3:06:53 PM - Removed Adobe Reader 7.0.9

==== Installed Programs ======================

3D Home Architect® Deluxe 3.0

Abacast Client

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

America Online (Choose which version to remove)

AOL Coach Version 1.0(Build:20030807.3)

AVG Anti-Rootkit Free

AVG Free 9.0

Banctec Service Agreement

Broadcom Management Programs

Canon Camera Access Library

Canon Camera Support Core Library

Canon Camera Window DC_DV 5 for ZoomBrowser EX

Canon Camera Window DC_DV 6 for ZoomBrowser EX

Canon Camera Window MC 6 for ZoomBrowser EX

Canon RAW Image Task for ZoomBrowser EX

Canon RemoteCapture Task for ZoomBrowser EX

Canon Utilities Digital Photo Professional 2.2

Canon Utilities EOS Utility

Canon Utilities PhotoStitch

Canon Utilities ZoomBrowser EX

Classic PhoneTools

Click'N Design 3D

Conexant SmartHSFi V.9x 56K Speakerphone PCI Modem

Creative Live! Cam Video IM Pro Driver (1.01.03.0928)

Critical Update for Windows Media Player 11 (KB959772)

Custom Info

Dell Digital Jukebox Driver

Dell Media Experience

Dell Networking Guide

Dell Solution Center

Dell Support

Digital Line Detect

DING!

DS21Patch

DVDSentry

EarthLink Common

EarthLink FastLane

EarthLink IM

EarthLink MailBox

EarthLink MDAC

EarthLink Pop-Up Blocker

EarthLink Redistributed

EarthLink Setup

EarthLink Setup Files

EarthLink TotalAccess 2004

EarthLink Update Manager

EarthLink Webspace

ESET Online Scanner

ESET Online Scanner v3

Help and Support Customization

HijackThis 2.0.2

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

hp deskjet 6122

hp deskjet 6122 series

Intel® Extreme Graphics Driver

Internet Explorer Default Page

Jasc Paint Shop Photo Album

Jasc Paint Shop Pro 8 Dell Edition

Learn2 Player (Uninstall Only)

LUMIX Simple Viewer

Malwarebytes' Anti-Malware

MetaFrame Presentation Server Web Client for Win32

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Data Access Components KB870669

Microsoft Encarta Encyclopedia Standard 2004

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Money 2004

Microsoft Money 2004 System Pack

Microsoft National Language Support Downlevel APIs

Microsoft Office Basic Edition 2003

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft XML Parser

MioTransfer

Modem Helper

Mozilla Firefox (3.6.3)

MSSoap

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MUSICMATCH

Link to post
Share on other sites
TonyDee

TonyDee

Posted
  • Author
Posted

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-08-07 16:07:43

Windows 5.1.2600 Service Pack 3

Running: ksfsb2lf.exe; Driver: C:\DOCUME~1\Wayne\LOCALS~1\Temp\kwtoapow.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEF454620]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1036] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A

.text C:\WINDOWS\System32\svchost.exe[1036] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A

.text C:\WINDOWS\System32\svchost.exe[1036] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C

.text C:\WINDOWS\System32\svchost.exe[1036] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00F8000A

.text C:\WINDOWS\System32\svchost.exe[1036] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00E0000A

.text C:\Program Files\Internet Explorer\iexplore.exe[3108] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A3000A

.text C:\Program Files\Internet Explorer\iexplore.exe[3108] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D5000A

.text C:\Program Files\Internet Explorer\iexplore.exe[3108] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A2000C

.text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3200] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A3000A

.text C:\Program Files\Internet Explorer\iexplore.exe[3200] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D5000A

.text C:\Program Files\Internet Explorer\iexplore.exe[3200] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A2000C

.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3200] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3200] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\WINDOWS\Explorer.EXE[3632] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A

.text C:\WINDOWS\Explorer.EXE[3632] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A

.text C:\WINDOWS\Explorer.EXE[3632] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites
Gammo

Gammo

Posted
Posted

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites
TonyDee

TonyDee

Posted
  • Author
Posted

ComboFix 10-08-09.02 - Wayne 08/09/2010 20:21:17.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.580 [GMT -4:00]

Running from: c:\documents and settings\Wayne\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Marie\Local Settings\Application Data\{5841BCFC-B461-4C67-9F7A-D1E5CC482307}

c:\documents and settings\Marie\Local Settings\Application Data\{5841BCFC-B461-4C67-9F7A-D1E5CC482307}\chrome.manifest

c:\documents and settings\Marie\Local Settings\Application Data\{5841BCFC-B461-4C67-9F7A-D1E5CC482307}\chrome\content\_cfg.js

c:\documents and settings\Marie\Local Settings\Application Data\{5841BCFC-B461-4C67-9F7A-D1E5CC482307}\chrome\content\overlay.xul

c:\documents and settings\Marie\Local Settings\Application Data\{5841BCFC-B461-4C67-9F7A-D1E5CC482307}\install.rdf

c:\program files\icroso~1

c:\program files\Shared

c:\temp\1cb

c:\temp\1cb\syscheck.log

c:\temp\gbRve12

c:\temp\gbRve12\csLioes.log

c:\temp\tn3

c:\windows\Debug\dcpromo.log

c:\windows\system32\c.bat

c:\windows\system32\drivers\fad.sys

c:\windows\ymbols~1

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_6TO4

-------\Legacy_TNIDRIVER

-------\Service_6to4

((((((((((((((((((((((((( Files Created from 2010-07-10 to 2010-08-10 )))))))))))))))))))))))))))))))

.

2010-08-06 20:50 . 2010-08-06 20:50 -------- d-----w- c:\program files\ESET

2010-08-06 19:26 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-06 19:25 . 2010-08-06 19:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-06 19:25 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-31 06:10 . 2010-08-02 17:18 120 ----a-w- c:\windows\Gyenivumeja.dat

2010-07-31 06:10 . 2010-08-02 13:27 0 ----a-w- c:\windows\Qpoku.bin

2010-07-31 06:09 . 2010-07-31 06:09 -------- d-----w- c:\documents and settings\Wayne\Local Settings\Application Data\{E0427491-3D18-482D-A5BD-9B8222B2C824}

2010-07-25 21:12 . 2010-07-25 21:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM

2010-07-25 21:11 . 2010-07-25 21:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-07-24 21:23 . 2010-08-07 19:42 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-07-24 21:11 . 2010-07-24 21:11 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-07-15 14:04 . 2010-07-15 14:04 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-14 12:28 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-10 00:13 . 2009-11-21 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-08-10 00:13 . 2009-03-16 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2010-08-09 22:55 . 2010-05-04 00:43 63488 ----a-w- c:\documents and settings\Wayne\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-08-09 22:55 . 2009-03-12 18:30 117760 ----a-w- c:\documents and settings\Wayne\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-08-06 19:07 . 2004-12-30 17:14 -------- d-----w- c:\program files\Common Files\Adobe

2010-07-31 01:47 . 2004-01-29 19:37 -------- d-----w- c:\program files\QuickTime

2010-07-27 14:01 . 2010-05-04 14:00 63488 ----a-w- c:\documents and settings\Marie\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-07-27 14:00 . 2009-03-17 14:00 117760 ----a-w- c:\documents and settings\Marie\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-07-22 00:54 . 2008-04-01 19:28 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-07-21 14:04 . 2010-07-21 14:04 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll

2010-07-21 14:04 . 2010-07-21 14:04 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll

2010-07-21 14:04 . 2010-07-21 14:04 1373536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll

2010-07-21 14:04 . 2010-07-21 14:04 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll

2010-07-15 14:05 . 2010-07-15 14:05 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys

2010-07-15 14:05 . 2010-07-15 14:05 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys

2010-07-15 14:04 . 2009-03-16 15:44 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-15 14:03 . 2009-03-16 15:44 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-07-15 14:02 . 2010-07-15 14:02 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll

2010-07-15 14:02 . 2010-07-15 14:02 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe

2010-07-15 14:02 . 2010-07-15 14:02 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll

2010-07-15 14:02 . 2010-07-15 14:02 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

2010-06-20 22:00 . 2010-07-29 01:30 155096 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cache\Personal_32_1033.dat

2010-06-14 14:31 . 2002-08-29 11:00 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe

2010-06-02 13:12 . 2008-04-03 20:40 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2006-12-17 17:48 . 2006-12-17 17:48 1621355 ----a-w- c:\program files\MioMap_english(U[1].S.).pdf

2006-12-17 16:52 . 2006-12-17 16:52 5833281 ----a-w- c:\program files\hard_english(U[1].S.).pdf

2005-07-25 18:50 . 2005-07-25 18:50 171008 ----a-w- c:\program files\Guest Artist List.doc

2005-05-03 18:38 . 2005-05-03 18:38 533696 ----a-w- c:\program files\AdbeRdr70_DLM_enu.exe

2005-05-03 18:15 . 2005-05-03 18:15 92720 ----a-w- c:\program files\fw4p.pdf

2005-04-25 22:06 . 2005-04-25 22:06 348254 ----a-w- c:\program files\eins_brownian.pdf

2005-04-25 22:04 . 2005-04-25 22:04 615196 ----a-w- c:\program files\eins_diss.pdf

2005-04-25 22:02 . 2005-04-25 22:02 328385 ----a-w- c:\program files\eins_lq.pdf

2005-03-31 19:40 . 2005-03-31 19:40 512605 ----a-w- c:\program files\DVD_Players.pdf

2005-03-30 04:49 . 2005-03-30 04:49 486780 ----a-w- c:\program files\Sony_thru033105.pdf

2005-02-08 18:16 . 2005-02-08 18:16 1142696 ----a-w- c:\program files\message5a.txt

2005-01-29 09:40 . 2005-01-29 09:40 7674984 ----a-w- c:\program files\6122_enu_win2k_xpinfu.exe

2004-10-17 04:35 . 2004-10-17 04:35 2924654 ----a-w- c:\program files\DMRE85H.PDF

2004-08-19 16:45 . 2004-08-19 16:45 82983 ----a-w- c:\program files\message5.txt

2004-08-15 17:36 . 2004-08-15 17:38 166175 ----a-w- c:\program files\VCR_2004_specs.pdf

2004-06-16 02:12 . 2004-06-16 02:13 61771 ----a-w- c:\program files\movies400.pdf

2004-06-14 21:09 . 2004-06-14 21:09 7619111 ----a-w- c:\program files\lifesized-laurengraham2004.pdf

2004-06-14 20:22 . 2004-03-27 21:01 429016 ----a-w- c:\program files\AdbeRdr60_DLM_enu.exe

.

<pre>
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Dell\EUSW\Support .exe
c:\program files\QuickTime\qttask .exe
c:\windows\V0230Mon .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2010-04-19 14:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-22 2403568]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-16 188416]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Microsoft Features"="ms32cfg.exe" [N/A]

c:\documents and settings\Marie\Start Menu\Programs\Startup\

DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-01-27 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-05 19:04 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-15 14:04 12536 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk

backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk

backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jhcbg]

c:\windows\?ymbols\r?ndll32.exe [?]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g]eeV

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]

c:\progra~1\ICROSO~1\scanregw.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bart Station]

2005-07-14 17:01 20480 ------w- c:\program files\PeoplePC\ISP6230\Bin\PPCOLink.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

c:\program files\Common Files\Symantec Shared\ccApp.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]

c:\program files\Common Files\Symantec Shared\ccRegVfy.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d4bdefa0]

c:\windows\System32\rrpbfffi.dll [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

2003-08-06 07:04 114741 ------w- c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dtobimimi]

c:\windows\rDB350.dll [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]

2003-08-13 16:27 28672 ------w- c:\windows\SYSTEM32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]

2003-08-15 11:49 716800 ----a-w- c:\program files\EarthLink TotalAccess\TaskPanl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g]eeV\mWhjlnspB]

c:\windows\System32\tcntqkdn.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2003-04-07 06:07 114688 ------w- c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

2002-12-16 01:47 188416 ------w- c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb07.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2003-04-07 06:19 155648 ------w- c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Features]

ms32cfg.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

2003-10-06 16:05 53248 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

2003-10-06 16:05 118784 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]

2003-06-18 18:00 200704 ----a-w- c:\program files\Microsoft Money\System\mnyexpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

2003-08-27 01:47 204800 ------w- c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

c:\program files\QuickTime\qttask.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

2004-01-29 19:37 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]

c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

c:\progra~1\SYMNET~1\SNDMon.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

2003-08-19 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]

2007-05-11 19:20 2061816 ----a-w- c:\program files\Verizon\VSP\VerizonServicepoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]

2007-06-06 23:52 936960 ----a-w- c:\program files\Verizon\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xrapoto]

c:\windows\erokarad.dll [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{DE-EF-F0-0F-DW}]

c:\windows\system32\jpwnw64p.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WANMiniportService"=2 (0x2)

"SymWSC"=2 (0x2)

"SNDSrvc"=3 (0x3)

"SLService"=2 (0x2)

"SBService"=2 (0x2)

"navapsvc"=2 (0x2)

"MDM"=2 (0x2)

"LiveUpdate"=3 (0x3)

"ccPwdSvc"=3 (0x3)

"ccEvtMgr"=2 (0x2)

"CCALib8"=2 (0x2)

"Automatic LiveUpdate Scheduler"=2 (0x2)

"AOL ACS"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [3/16/2009 11:44 AM 216400]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [3/16/2009 11:44 AM 243024]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/29/2008 5:03 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 5:03 PM 67656]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 10:04 AM 308136]

S3 hamachi_oem;PlayLinc Adapter;c:\windows\SYSTEM32\DRIVERS\gan_adapter.sys [10/19/2006 11:11 AM 10664]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 12872]

S3 USR1806;U.S. Robotics Faxmodem Driver 1806;c:\windows\SYSTEM32\DRIVERS\USR1806.SYS [8/4/2006 1:59 PM 793598]

S3 V0230Vfx;V0230Vfx;c:\windows\SYSTEM32\DRIVERS\V0230Vfx.sys [3/24/2006 1:00 AM 6272]

S3 V0230VID;Live! Cam Video IM Pro;c:\windows\SYSTEM32\DRIVERS\V0230VID.sys [9/29/2006 1:01 AM 500480]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central

uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab

FF - ProfilePath - c:\documents and settings\Wayne\Application Data\Mozilla\Firefox\Profiles\5g9ciaro.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo! Search

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - HiddenExtension: XULRunner: {E0427491-3D18-482D-A5BD-9B8222B2C824} - c:\documents and settings\Wayne\Local Settings\Application Data\{E0427491-3D18-482D-A5BD-9B8222B2C824}

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\documents and settings\Wayne\Desktop\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-09 20:34

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

@DACL=(02 0000)

"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

@DACL=(02 0000)

"Installed"="1"

"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

@DACL=(02 0000)

"Installed"="1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2944)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2010-08-09 20:39:37 - machine was rebooted

ComboFix-quarantined-files.txt 2010-08-10 00:39

Pre-Run: 91,782,688,768 bytes free

Post-Run: 92,976,181,248 bytes free

- - End Of File - - F3E0226E0DE6DE18D6175A1A5752316E

Link to post
Share on other sites
Gammo

Gammo

Posted
Posted

Hi,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

File::
c:\windows\Gyenivumeja.dat
c:\windows\Qpoku.bin

Folder::
c:\documents and settings\Wayne\Local Settings\Application Data\{E0427491-3D18-482D-A5BD-9B8222B2C824}

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Features"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jhcbg]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d4bdefa0]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dtobimimi]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Features]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xrapoto]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{DE-EF-F0-0F-DW}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g]eeV]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g]eeV\mWhjlnspB]

Firefox::
FF - ProfilePath - c:\documents and settings\Wayne\Application Data\Mozilla\Firefox\Profiles\5g9ciaro.default\
FF - HiddenExtension: XULRunner: {E0427491-3D18-482D-A5BD-9B8222B2C824} - c:\documents and settings\Wayne\Local Settings\Application Data\{E0427491-3D18-482D-A5BD-9B8222B2C824}

RenV::
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Dell\EUSW\Support .exe
c:\program files\QuickTime\qttask .exe
c:\windows\V0230Mon .exe

KillAll::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites
TonyDee

TonyDee

Posted
  • Author
Posted

Thanks, here it is.

ComboFix 10-08-09.02 - Wayne 08/10/2010 11:14:52.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.586 [GMT -4:00]

Running from: c:\documents and settings\Wayne\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Wayne\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::

"c:\windows\Gyenivumeja.dat"

"c:\windows\Qpoku.bin"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Wayne\Local Settings\Application Data\{E0427491-3D18-482D-A5BD-9B8222B2C824}

c:\documents and settings\Wayne\Local Settings\Application Data\{E0427491-3D18-482D-A5BD-9B8222B2C824}\chrome.manifest

c:\documents and settings\Wayne\Local Settings\Application Data\{E0427491-3D18-482D-A5BD-9B8222B2C824}\chrome\content\_cfg.js

c:\documents and settings\Wayne\Local Settings\Application Data\{E0427491-3D18-482D-A5BD-9B8222B2C824}\chrome\content\overlay.xul

c:\documents and settings\Wayne\Local Settings\Application Data\{E0427491-3D18-482D-A5BD-9B8222B2C824}\install.rdf

c:\windows\Gyenivumeja.dat

c:\windows\Qpoku.bin

.

((((((((((((((((((((((((( Files Created from 2010-07-10 to 2010-08-10 )))))))))))))))))))))))))))))))

.

2010-08-06 20:50 . 2010-08-06 20:50 -------- d-----w- c:\program files\ESET

2010-08-06 19:26 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-06 19:25 . 2010-08-06 19:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-06 19:25 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-25 21:12 . 2010-07-25 21:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM

2010-07-25 21:11 . 2010-07-25 21:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-07-24 21:23 . 2010-08-07 19:42 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-07-24 21:11 . 2010-07-24 21:11 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-07-15 14:04 . 2010-07-15 14:04 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-14 12:28 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-10 15:14 . 2004-01-29 19:37 -------- d-----w- c:\program files\QuickTime

2010-08-10 14:59 . 2010-05-04 00:43 63488 ----a-w- c:\documents and settings\Wayne\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-08-10 14:59 . 2009-03-12 18:30 117760 ----a-w- c:\documents and settings\Wayne\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-08-10 00:13 . 2009-11-21 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-08-10 00:13 . 2009-03-16 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2010-08-06 19:07 . 2004-12-30 17:14 -------- d-----w- c:\program files\Common Files\Adobe

2010-07-27 14:01 . 2010-05-04 14:00 63488 ----a-w- c:\documents and settings\Marie\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-07-27 14:00 . 2009-03-17 14:00 117760 ----a-w- c:\documents and settings\Marie\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-07-22 00:54 . 2008-04-01 19:28 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-07-21 14:04 . 2010-07-21 14:04 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll

2010-07-21 14:04 . 2010-07-21 14:04 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll

2010-07-21 14:04 . 2010-07-21 14:04 1373536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll

2010-07-21 14:04 . 2010-07-21 14:04 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll

2010-07-15 14:05 . 2010-07-15 14:05 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys

2010-07-15 14:05 . 2010-07-15 14:05 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys

2010-07-15 14:04 . 2009-03-16 15:44 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-15 14:03 . 2009-03-16 15:44 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-07-15 14:02 . 2010-07-15 14:02 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll

2010-07-15 14:02 . 2010-07-15 14:02 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe

2010-07-15 14:02 . 2010-07-15 14:02 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll

2010-07-15 14:02 . 2010-07-15 14:02 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

2010-06-20 22:00 . 2010-07-29 01:30 155096 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cache\Personal_32_1033.dat

2010-06-14 14:31 . 2002-08-29 11:00 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe

2010-06-02 13:12 . 2008-04-03 20:40 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2006-12-17 17:48 . 2006-12-17 17:48 1621355 ----a-w- c:\program files\MioMap_english(U[1].S.).pdf

2006-12-17 16:52 . 2006-12-17 16:52 5833281 ----a-w- c:\program files\hard_english(U[1].S.).pdf

2005-07-25 18:50 . 2005-07-25 18:50 171008 ----a-w- c:\program files\Guest Artist List.doc

2005-05-03 18:38 . 2005-05-03 18:38 533696 ----a-w- c:\program files\AdbeRdr70_DLM_enu.exe

2005-05-03 18:15 . 2005-05-03 18:15 92720 ----a-w- c:\program files\fw4p.pdf

2005-04-25 22:06 . 2005-04-25 22:06 348254 ----a-w- c:\program files\eins_brownian.pdf

2005-04-25 22:04 . 2005-04-25 22:04 615196 ----a-w- c:\program files\eins_diss.pdf

2005-04-25 22:02 . 2005-04-25 22:02 328385 ----a-w- c:\program files\eins_lq.pdf

2005-03-31 19:40 . 2005-03-31 19:40 512605 ----a-w- c:\program files\DVD_Players.pdf

2005-03-30 04:49 . 2005-03-30 04:49 486780 ----a-w- c:\program files\Sony_thru033105.pdf

2005-02-08 18:16 . 2005-02-08 18:16 1142696 ----a-w- c:\program files\message5a.txt

2005-01-29 09:40 . 2005-01-29 09:40 7674984 ----a-w- c:\program files\6122_enu_win2k_xpinfu.exe

2004-10-17 04:35 . 2004-10-17 04:35 2924654 ----a-w- c:\program files\DMRE85H.PDF

2004-08-19 16:45 . 2004-08-19 16:45 82983 ----a-w- c:\program files\message5.txt

2004-08-15 17:36 . 2004-08-15 17:38 166175 ----a-w- c:\program files\VCR_2004_specs.pdf

2004-06-16 02:12 . 2004-06-16 02:13 61771 ----a-w- c:\program files\movies400.pdf

2004-06-14 21:09 . 2004-06-14 21:09 7619111 ----a-w- c:\program files\lifesized-laurengraham2004.pdf

2004-06-14 20:22 . 2004-03-27 21:01 429016 ----a-w- c:\program files\AdbeRdr60_DLM_enu.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2010-04-19 14:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-22 2403568]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-16 188416]

c:\documents and settings\Marie\Start Menu\Programs\Startup\

DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-01-27 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-05 19:04 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-15 14:04 12536 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk

backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk

backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bart Station]

2005-07-14 17:01 20480 ------w- c:\program files\PeoplePC\ISP6230\Bin\PPCOLink.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

2003-08-06 07:04 114741 ------w- c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]

2003-08-13 16:27 28672 ------w- c:\windows\SYSTEM32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]

2003-08-15 11:49 716800 ----a-w- c:\program files\EarthLink TotalAccess\TaskPanl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2003-04-07 06:07 114688 ------w- c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

2002-12-16 01:47 188416 ------w- c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb07.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2003-04-07 06:19 155648 ------w- c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

2003-10-06 16:05 53248 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

2003-10-06 16:05 118784 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]

2003-06-18 18:00 200704 ----a-w- c:\program files\Microsoft Money\System\mnyexpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

2003-08-27 01:47 204800 ------w- c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2004-01-29 19:37 77824 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

2004-01-29 19:37 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

2003-08-19 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]

2007-05-11 19:20 2061816 ----a-w- c:\program files\Verizon\VSP\VerizonServicepoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]

2007-06-06 23:52 936960 ----a-w- c:\program files\Verizon\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WANMiniportService"=2 (0x2)

"SymWSC"=2 (0x2)

"SNDSrvc"=3 (0x3)

"SLService"=2 (0x2)

"SBService"=2 (0x2)

"navapsvc"=2 (0x2)

"MDM"=2 (0x2)

"LiveUpdate"=3 (0x3)

"ccPwdSvc"=3 (0x3)

"ccEvtMgr"=2 (0x2)

"CCALib8"=2 (0x2)

"Automatic LiveUpdate Scheduler"=2 (0x2)

"AOL ACS"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [3/16/2009 11:44 AM 216400]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [3/16/2009 11:44 AM 243024]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/29/2008 5:03 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 5:03 PM 67656]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 10:04 AM 308136]

S3 hamachi_oem;PlayLinc Adapter;c:\windows\SYSTEM32\DRIVERS\gan_adapter.sys [10/19/2006 11:11 AM 10664]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 12872]

S3 USR1806;U.S. Robotics Faxmodem Driver 1806;c:\windows\SYSTEM32\DRIVERS\USR1806.SYS [8/4/2006 1:59 PM 793598]

S3 V0230Vfx;V0230Vfx;c:\windows\SYSTEM32\DRIVERS\V0230Vfx.sys [3/24/2006 1:00 AM 6272]

S3 V0230VID;Live! Cam Video IM Pro;c:\windows\SYSTEM32\DRIVERS\V0230VID.sys [9/29/2006 1:01 AM 500480]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central

uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab

FF - ProfilePath - c:\documents and settings\Wayne\Application Data\Mozilla\Firefox\Profiles\5g9ciaro.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo! Search

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe

MSConfigStartUp-ccRegVfy - c:\program files\Common Files\Symantec Shared\ccRegVfy.exe

MSConfigStartUp-SSC_UserPrompt - c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

MSConfigStartUp-Symantec NetDriver Monitor - c:\progra~1\SYMNET~1\SNDMon.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-10 11:34

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

@DACL=(02 0000)

"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

@DACL=(02 0000)

"Installed"="1"

"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

@DACL=(02 0000)

"Installed"="1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2108)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2010-08-10 11:40:02 - machine was rebooted

ComboFix-quarantined-files.txt 2010-08-10 15:39

ComboFix2.txt 2010-08-10 00:39

Pre-Run: 92,920,680,448 bytes free

Post-Run: 92,929,400,832 bytes free

- - End Of File - - B5163C7C8C6CC4DB83AB58FF4D44C3D9

Link to post
Share on other sites
Gammo

Gammo

Posted
Posted

Hi,

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Malwarebytes' Anti-Malware

  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    2. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    3. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    4. Check esetAcceptTerms.png
    5. Click the esetStart.png button.
    6. Accept any security warnings from your browser.
    7. Check esetScanArchives.png
    8. Push the Start button.
    9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    10. When the scan completes, push esetListThreats.png
    11. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    12. Push the esetBack.png button.
    13. Push esetFinish.png

Link to post
Share on other sites
TonyDee

TonyDee

Posted
  • Author
Posted

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4413

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

8/10/2010 1:03:45 PM

mbam-log-2010-08-10 (13-03-45).txt

Scan type: Quick scan

Objects scanned: 157153

Time elapsed: 6 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites
TonyDee

TonyDee

Posted
  • Author
Posted

The ESET scan did find a few items.

C:\Qoobox\32788R22FWJFW\imapi.sys Win32/Olmarik.ZC trojan cleaned - quarantined

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP568\A0047841.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP568\A0047842.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP568\A0047843.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0053343.sys Win32/Olmarik.ZC trojan cleaned - quarantined

Link to post
Share on other sites
Gammo

Gammo

Posted
Posted

Hi,

Your logs appears to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. :thumbsup:

Remove Combofix now that we're done with it.

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files

Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall

You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated

It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.

  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?

If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,

Gammo :cool:

Link to post
Share on other sites
TonyDee

TonyDee

Posted
  • Author
Posted

Thank you very much Gammo.

I uninstaledl ComboFix and I will install the paid version of malwarebytes. Seems things got by Superantispyware.

I had run an ESET online scan before posting to this forum and it found no threats. So I guess whatever was in here was preventing ESET from seeing the threats.

One other thing I noticed is that AVG didn't show up in the notification area. I uninstalled AVG and got an access denied error message when it tried to delete a registry entry. Also - XP's Security Center is telling me that AVG Anti-Virus Free is turned off. I'll reinstall AVG and see if I can uninstall it to make sure the problem is resolved.

Does that sound like a good plan?

Link to post
Share on other sites
Gammo

Gammo

Posted
Posted

Hi,

You're welcome. :lol:

I had run an ESET online scan before posting to this forum and it found no threats. So I guess whatever was in here was preventing ESET from seeing the threats.

No, ESET found some infections in a system restore point and a file quarantined by ComboFix. Those files didn't exist when you scanned the first time.

One other thing I noticed is that AVG didn't show up in the notification area. I uninstalled AVG and got an access denied error message when it tried to delete a registry entry. Also - XP's Security Center is telling me that AVG Anti-Virus Free is turned off. I'll reinstall AVG and see if I can uninstall it to make sure the problem is resolved.

Does that sound like a good plan?

Sounds good to me. If it doesn't fix the problem, then I recommend that you consider installing another free anti-virus (eg: Avira AntiVir Personal). Avira is better than AVG anyway. :(

NOTE: I mean Avira instead of AVG. Don't use multiple AV's on one system.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.