slow computer

[brookway17]

Hi,

computer slows dn after 15 min. Minimal start up programs. MBAM, AVG & Adaware scans ok. Plz Help

Tx in advance for your valuable help

Best Regards

Pete

attach.zip

ark.txt

dds.txt

mbam-log-2011-06-11 (18-44-05).txt

[screen317]

Hi and welcome to Malwarebytes.

In the future, please post all logs directly into your reply instead of attaching them. With that said, please update MBAM, run a Quick Scan, and post its log.

Next, run DDS again and post DDS.txt in your reply.

[brookway17]

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6891

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/18/2011 9:16:58 PM

mbam-log-2011-06-18 (21-16-58).txt

Scan type: Quick scan

Objects scanned: 164874

Time elapsed: 31 minute(s), 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-06-12.02) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15

Run by PETE at 23:36:58 on 2011-06-18

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2036.862 [GMT -4:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

c:\program files\idt\dellxpm09b_6087v035\wdm\stacsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\crypserv.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe

C:\Program Files\Seagate\BlackArmorBackup\TimounterMonitor.exe

C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\BXNEWF~1\bxExpHelper.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\zabkat\xplorer2_lite\xplorer2_lite.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = hxxp://www.avg.com/ww.special-toolbar-first-run-tlbrf-v2

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll

BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: bxNewFolder: {51c8bca8-2524-4523-bf09-738c4eebfc58} - c:\progra~1\bxnewf~1\BXNEWF~1.DLL

BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [blackArmorBackupMonitor.exe] c:\program files\seagate\blackarmorbackup\BlackArmorBackupMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files\seagate\blackarmorbackup\TimounterMonitor.exe

mRun: [seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gigane~1.lnk - c:\program files\giganews accelerator\GiganewsAccelerator.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

Trusted Zone: intuit.com\ttlc

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1 71.242.0.12

TCP: Interfaces\{DBBD991C-01DA-42E8-9F3B-DBBCE17DDBA6} : NameServer = 192.168.1.1

TCP: Interfaces\{DBBD991C-01DA-42E8-9F3B-DBBCE17DDBA6} : DhcpNameServer = 192.168.1.1 71.242.0.12

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\pete\application data\mozilla\firefox\profiles\aysrdznz.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.accuweather.com/us/pa/newtown/18940/city-weather-forecast.asp|http://my.yahoo.com/p/1.html?_pdb=1|http://www.giganews.com/

FF - component: c:\documents and settings\pete\application data\mozilla\firefox\profiles\aysrdznz.default\extensions\{22119944-ed35-4ab1-910b-e619ea06a115}\components\rfproxy_31.dll

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\pete\application data\move networks\plugins\npqmp071505000010.dll

FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\siber systems\ai roboform\Firefox

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - %profile%\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}

FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\pete\application data\Move Networks

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-25 64288]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-1 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-1 29584]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-1 243152]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-16 921952]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 2151128]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-8-1 10384]

R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2009-7-23 617968]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-8-1 112128]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-8-1 244368]

S0 cerc6;cerc6; [x]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-22 15232]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

.

=============== Created Last 30 ================

.

2011-06-11 00:42:14 -------- d-----w- c:\windows\Logs

2011-06-11 00:36:17 -------- d-----w- c:\program files\Media Player Classic - Home Cinema

2011-06-08 03:03:02 -------- d-----w- c:\program files\Windows Media Connect 2

2011-06-04 04:29:35 388096 ----a-r- c:\documents and settings\pete\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-06-04 04:29:34 -------- d-----w- c:\program files\Trend Micro

2011-06-03 05:03:43 -------- d-----w- c:\windows\system32\LogFiles

.

==================== Find3M ====================

.

2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-13 12:43:48 16432 ----a-w- c:\windows\system32\lsdelete.exe

2011-05-06 01:39:42 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr

.

============= FINISH: 23:37:37.73 ===============

[screen317]

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

[brookway17]

combo fix wants avg uninstalled

get error message during uninstall:

Local machine: installation failed

Installation:

Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....

Access is denied.

plz help

[screen317]

Use AVG's removal tool here:

http://download.avg.com/filedir/util/support/avg_remover_stf_x86_2011_1322.exe

See if it will uninstall.

[brookway17]

ComboFix 11-06-23.01 - PETE 06/28/2011 0:21.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2036.1351 [GMT -4:00]

Running from: c:\documents and settings\PETE\My Documents\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

E:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-28 )))))))))))))))))))))))))))))))

.

.

2011-06-11 00:36 . 2011-06-11 00:36 -------- d-----w- c:\documents and settings\PETE\Application Data\Media Player Classic

2011-06-11 00:36 . 2011-06-11 00:36 -------- d-----w- c:\program files\Media Player Classic - Home Cinema

2011-06-09 02:56 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2011-06-08 03:03 . 2011-06-08 03:03 -------- d-----w- c:\program files\Windows Media Connect 2

2011-06-08 03:02 . 2011-06-08 03:02 -------- d-----w- c:\windows\system32\drivers\UMDF

2011-06-04 04:29 . 2011-06-04 04:29 388096 ----a-r- c:\documents and settings\PETE\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-04 04:29 . 2011-06-04 04:29 -------- d-----w- c:\program files\Trend Micro

2011-06-03 05:03 . 2011-06-08 03:02 -------- d-----w- c:\windows\system32\LogFiles

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 13:11 . 2009-08-01 21:22 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11 . 2009-08-01 21:22 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-13 12:43 . 2010-07-26 02:16 16432 ----a-w- c:\windows\system32\lsdelete.exe

2011-05-02 15:31 . 2009-08-01 17:22 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2008-04-14 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-11-18 16:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

.

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-09-25 446563]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-19 76304]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13537280]

"BlackArmorBackupMonitor.exe"="c:\program files\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe" [2009-07-23 4352960]

"AcronisTimounterMonitor"="c:\program files\Seagate\BlackArmorBackup\TimounterMonitor.exe" [2009-07-23 963784]

"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-07-23 376272]

"NvMediaCenter"="NvMCTray.dll" [2008-08-01 86016]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Giganews Accelerator.lnk - c:\program files\Giganews Accelerator\GiganewsAccelerator.exe [2011-4-20 456192]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-8-1 809488]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-02-19 04:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

backup=c:\windows\pss\Bluetooth.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^PETE^Start Menu^Programs^Startup^MagicDisc.lnk]

path=c:\documents and settings\PETE\Start Menu\Programs\Startup\MagicDisc.lnk

backup=c:\windows\pss\MagicDisc.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^PETE^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]

path=c:\documents and settings\PETE\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^PETE^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]

path=c:\documents and settings\PETE\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk

backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AESTFltr]

2008-08-27 16:37 471040 ----a-w- c:\windows\system32\AESTFltr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

2010-03-13 19:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]

2008-10-24 22:00 2220032 ----a-w- c:\windows\system32\WLTRAY.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2006-09-11 08:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-11-11 05:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2008-08-01 12:41 13537280 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]

2008-08-01 12:41 90112 ----a-w- c:\windows\system32\nvhotkey.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2008-08-01 12:41 86016 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2008-08-01 12:41 1630208 ----a-w- c:\windows\system32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]

2009-08-08 01:24 160592 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-07-25 09:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Verizon\\Verizon Media Manager\\Release\\Verizon Media Manager.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"563:TCP"= 563:TCP:news

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/25/2010 8:32 PM 64288]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [8/1/2009 10:43 PM 10384]

R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [7/23/2009 4:31 PM 617968]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [8/1/2009 2:40 PM 112128]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [8/1/2009 3:15 PM 244368]

S0 cerc6;cerc6; [x]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 4:55 AM 2151128]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/22/2010 8:48 PM 15232]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 11:25 AM 30969208]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 09:11]

.

2010-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

.

------- Supplementary Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = hxxp://www.avg.com/ww.special-toolbar-first-run-tlbrf-v2

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: intuit.com\ttlc

TCP: Interfaces\{DBBD991C-01DA-42E8-9F3B-DBBCE17DDBA6}: NameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\PETE\Application Data\Mozilla\Firefox\Profiles\aysrdznz.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.accuweather.com/us/pa/newtown/18940/city-weather-forecast.asp|http://my.yahoo.com/p/1.html?_pdb=1|http://www.giganews.com/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\Siber Systems\AI RoboForm\Firefox

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - %profile%\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}

FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\PETE\Application Data\Move Networks

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

Notify-avgrsstarter - avgrsstx.dll

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-28 00:27

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1132)

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

c:\windows\System32\BCMLogon.dll

.

Completion time: 2011-06-28 00:28:46

ComboFix-quarantined-files.txt 2011-06-28 04:28

.

Pre-Run: 39,890,182,144 bytes free

Post-Run: 41,813,438,464 bytes free

.

- - End Of File - - 9249529B6A6E983C9626698A859288E6

.

DDS (Ver_2011-06-12.02) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15

Run by PETE at 0:36:50 on 2011-06-28

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2036.1404 [GMT -4:00]

.

AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\idt\dellxpm09b_6087v035\wdm\stacsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\crypserv.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe

C:\Program Files\Seagate\BlackArmorBackup\TimounterMonitor.exe

C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\zabkat\xplorer2_lite\xplorer2_lite.exe

C:\WINDOWS\explorer.exe

C:\PROGRA~1\BXNEWF~1\bxExpHelper.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = hxxp://www.avg.com/ww.special-toolbar-first-run-tlbrf-v2

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll

BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: bxNewFolder: {51c8bca8-2524-4523-bf09-738c4eebfc58} - c:\progra~1\bxnewf~1\BXNEWF~1.DLL

BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll

TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [blackArmorBackupMonitor.exe] c:\program files\seagate\blackarmorbackup\BlackArmorBackupMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files\seagate\blackarmorbackup\TimounterMonitor.exe

mRun: [seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gigane~1.lnk - c:\program files\giganews accelerator\GiganewsAccelerator.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

Trusted Zone: intuit.com\ttlc

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

TCP: Interfaces\{DBBD991C-01DA-42E8-9F3B-DBBCE17DDBA6} : NameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\pete\application data\mozilla\firefox\profiles\aysrdznz.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.accuweather.com/us/pa/newtown/18940/city-weather-forecast.asp|http://my.yahoo.com/p/1.html?_pdb=1|http://www.giganews.com/

FF - plugin: c:\documents and settings\pete\application data\move networks\plugins\npqmp071505000010.dll

FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\siber systems\ai roboform\Firefox

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - %profile%\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}

FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\pete\application data\Move Networks

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-25 64288]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-8-1 10384]

R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2009-7-23 617968]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-8-1 112128]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-8-1 244368]

S0 cerc6;cerc6; [x]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 2151128]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-22 15232]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

.

=============== Created Last 30 ================

.

2011-06-28 04:15:52 98816 ----a-w- c:\windows\sed.exe

2011-06-28 04:15:52 518144 ----a-w- c:\windows\SWREG.exe

2011-06-28 04:15:52 256512 ----a-w- c:\windows\PEV.exe

2011-06-28 04:15:52 208896 ----a-w- c:\windows\MBR.exe

2011-06-11 00:42:14 -------- d-----w- c:\windows\Logs

2011-06-11 00:36:17 -------- d-----w- c:\program files\Media Player Classic - Home Cinema

2011-06-08 03:03:02 -------- d-----w- c:\program files\Windows Media Connect 2

2011-06-04 04:29:35 388096 ----a-r- c:\documents and settings\pete\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-06-04 04:29:34 -------- d-----w- c:\program files\Trend Micro

2011-06-03 05:03:43 -------- d-----w- c:\windows\system32\LogFiles

.

==================== Find3M ====================

.

2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-13 12:43:48 16432 ----a-w- c:\windows\system32\lsdelete.exe

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr

.

============= FINISH: 0:36:59.92 ===============

when should i reinstall avg?

[screen317]

Hi,

I'll let you know when to reinstall it.

I see the Ask Toolbar in your log.

I strongly recommend you remove Ask Toolbar from your computer because:

• It promotes its toolbars on sites targeted at kids.
  
• It promotes its toolbars through ads that appear to be part of other companies' sites.
  
• It promotes its toolbars through other companies' spyware.
  
• It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
  
• It Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  
• It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
  

You can read more about Ask.com here

To remove it:

Click Start-->Control Panel-->Programs and Features

Click on the program name AskBarDis and/or Ask Toolbar to highlight it

From the menu at the top, select Uninstall or Remove.

Please reboot the computer.

Please download this file and save it as it's originally named, next to ComboFix.exe.

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, it will ask you whether or not to continue with the malware scan. Select Yes, and post the resultant log.

-screen317

[brookway17]

removed ask

tx for your help

ComboFix 11-07-07.05 - PETE 07/07/2011 19:41:33.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2036.1341 [GMT -4:00]

Running from: c:\documents and settings\PETE\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\PETE\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

.

.

((((((((((((((((((((((((( Files Created from 2011-06-07 to 2011-07-07 )))))))))))))))))))))))))))))))

.

.

2011-07-02 02:24 . 2011-07-02 02:24 -------- d-----w- c:\documents and settings\PETE\Application Data\AVG10

2011-07-02 02:19 . 2011-07-07 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

2011-06-11 00:36 . 2011-06-11 00:36 -------- d-----w- c:\documents and settings\PETE\Application Data\Media Player Classic

2011-06-11 00:36 . 2011-06-11 00:36 -------- d-----w- c:\program files\Media Player Classic - Home Cinema

2011-06-09 02:56 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2011-06-08 03:03 . 2011-06-08 03:03 -------- d-----w- c:\program files\Windows Media Connect 2

2011-06-08 03:02 . 2011-06-08 03:02 -------- d-----w- c:\windows\system32\drivers\UMDF

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-04 04:29 . 2011-06-04 04:29 388096 ----a-r- c:\documents and settings\PETE\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-05-29 13:11 . 2009-08-01 21:22 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11 . 2009-08-01 21:22 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-13 12:43 . 2010-07-26 02:16 16432 ----a-w- c:\windows\system32\lsdelete.exe

2011-05-02 15:31 . 2009-08-01 17:22 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2008-04-14 12:00 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2008-04-14 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr

.

.

((((((((((((((((((((((((((((( SnapShot@2011-06-28_04.27.28 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-07-07 23:32 . 2011-07-07 23:32 16384 c:\windows\Temp\Perflib_Perfdata_814.dat

+ 2009-08-01 18:58 . 2011-07-07 23:29 103392 c:\windows\system32\nvModes.dat

- 2009-08-01 18:58 . 2011-06-24 02:59 103392 c:\windows\system32\nvModes.dat

+ 2008-04-14 12:00 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll

+ 2011-07-02 02:20 . 2011-07-02 02:20 3489280 c:\windows\Installer\19cab0.msi

+ 2011-07-02 02:18 . 2011-07-02 02:18 1611776 c:\windows\Installer\19caac.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-09-25 446563]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-19 76304]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13537280]

"BlackArmorBackupMonitor.exe"="c:\program files\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe" [2009-07-23 4352960]

"AcronisTimounterMonitor"="c:\program files\Seagate\BlackArmorBackup\TimounterMonitor.exe" [2009-07-23 963784]

"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-07-23 376272]

"NvMediaCenter"="NvMCTray.dll" [2008-08-01 86016]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Giganews Accelerator.lnk - c:\program files\Giganews Accelerator\GiganewsAccelerator.exe [2011-4-20 456192]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-8-1 809488]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-02-19 04:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

backup=c:\windows\pss\Bluetooth.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^PETE^Start Menu^Programs^Startup^MagicDisc.lnk]

path=c:\documents and settings\PETE\Start Menu\Programs\Startup\MagicDisc.lnk

backup=c:\windows\pss\MagicDisc.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^PETE^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]

path=c:\documents and settings\PETE\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^PETE^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]

path=c:\documents and settings\PETE\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk

backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AESTFltr]

2008-08-27 16:37 471040 ----a-w- c:\windows\system32\AESTFltr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

2010-03-13 19:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]

2008-10-24 22:00 2220032 ----a-w- c:\windows\system32\WLTRAY.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2006-09-11 08:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-11-11 05:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2008-08-01 12:41 13537280 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]

2008-08-01 12:41 90112 ----a-w- c:\windows\system32\nvhotkey.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2008-08-01 12:41 86016 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2008-08-01 12:41 1630208 ----a-w- c:\windows\system32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]

2009-08-08 01:24 160592 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-07-25 09:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Verizon\\Verizon Media Manager\\Release\\Verizon Media Manager.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"563:TCP"= 563:TCP:news

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/25/2010 8:32 PM 64288]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [8/1/2009 10:43 PM 10384]

R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [7/23/2009 4:31 PM 617968]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [8/1/2009 2:40 PM 112128]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [8/1/2009 3:15 PM 244368]

S0 cerc6;cerc6; [x]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 4:55 AM 2151128]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/22/2010 8:48 PM 15232]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 11:25 AM 30969208]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 09:11]

.

2010-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

.

------- Supplementary Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = hxxp://www.avg.com/ww.special-toolbar-first-run-tlbrf-v2

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.1.1 71.242.0.12

TCP: Interfaces\{DBBD991C-01DA-42E8-9F3B-DBBCE17DDBA6}: NameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\PETE\Application Data\Mozilla\Firefox\Profiles\aysrdznz.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.accuweather.com/us/pa/newtown/18940/city-weather-forecast.asp|http://my.yahoo.com/p/1.html?_pdb=1|http://www.giganews.com/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\Siber Systems\AI RoboForm\Firefox

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - %profile%\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}

FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\PETE\Application Data\Move Networks

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-07 19:47

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1028)

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

c:\windows\System32\BCMLogon.dll

.

- - - - - - - > 'explorer.exe'(3928)

c:\windows\system32\WININET.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf

c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-07-07 19:48:46

ComboFix-quarantined-files.txt 2011-07-07 23:48

ComboFix2.txt 2011-07-02 02:07

ComboFix3.txt 2011-06-28 04:28

.

Pre-Run: 26,670,891,008 bytes free

Post-Run: 26,690,912,256 bytes free

.

- - End Of File - - FE3B72BEF05437356C75A41C0CCB7679

[screen317]

Go ahead and reinstall your antivirus

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
   
8. Copy and paste that log as a reply to this topic
   

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

-screen317

[brookway17]

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=78a7c9030e36984db9c27cd9ffbefc98

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-07-12 02:08:33

# local_time=2011-07-11 10:08:33 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 2348461 2348461 0 0

# compatibility_mode=1032 16777173 100 95 0 53495179 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=200224

# found=2

# cleaned=2

# scan_time=4678

C:\Documents and Settings\PETE\My Documents\Downloads\freeripmp3-setup.exe Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\PETE\My Documents\Downloads\mp4tovideo_install.exe Win32/Adware.MarketScore.A application (deleted - quarantined) 00000000000000000000000000000000 C

Results of screen317's Security Check version 0.99.17

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

AVG 2011

ESET Online Scanner v3

BlackArmor Backup

Antivirus up to date! (On Access scanning disabled!)

```````````````````````````````

Anti-malware/Other Utilities Check:

Ad-Aware

Malwarebytes' Anti-Malware

Java 6 Update 15

Out of date Java installed!

Flash Player Out of Date!

Adobe Flash Player 10.2.159.1

Mozilla Firefox (3.6.18) Firefox Out of Date!

Mozilla Thunderbird (3.0.11) Thunderbird Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!

Ad-Aware AAWTray.exe is disabled!

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

``````````End of Log````````````

tx 4 all your help

will let u know how it goes

[screen317]

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Ad-Aware (uninstall if you don't update it)

ESET Online Scanner v3

Java™ 6 Update 15

Adobe Flash Player 10.2.159.1

Restart your computer.

Get the latest version of Java and Adobe Flash Player.

Also update Firefox and Thunderbird.

Let me know what issues remain.

-screen317

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!