Jump to content

New Problem - upon startup


Recommended Posts

Major infection - browser redirects, blocks downloads, and this one is new to me - it blocks the running of malwarebytes.

So I am posting my logs.

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.670 [GMT -4:00]

Running from: c:\documents and settings\Marty\Desktop\Combo-Fix.exe

AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\defender.exe

c:\documents and settings\All Users\Application Data\msad.exe

c:\documents and settings\All Users\Application Data\ngmt.exe

c:\documents and settings\All Users\Application Data\ocdy.exe

c:\documents and settings\All Users\Application Data\page

c:\documents and settings\All Users\Application Data\page\page.ico

c:\documents and settings\All Users\Application Data\page\page.URL

c:\documents and settings\All Users\Application Data\ppmd.exe

c:\documents and settings\All Users\Application Data\Tarma Installer

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico

c:\documents and settings\All Users\Desktop\Security Protection.lnk

c:\documents and settings\All Users\Documents\My Documents\~WRL0421.tmp

c:\documents and settings\All Users\Documents\My Documents\~WRL0616.tmp

c:\documents and settings\All Users\Documents\My Documents\~WRL1889.tmp

c:\documents and settings\All Users\Documents\My Documents\~WRL1947.tmp

c:\documents and settings\All Users\Documents\My Documents\~WRL2807.tmp

c:\documents and settings\All Users\Documents\My Documents\~WRL3221.tmp

c:\documents and settings\All Users\Documents\My Documents\~WRL3361.tmp

c:\documents and settings\All Users\Documents\My Documents\~WRL3395.tmp

c:\documents and settings\All Users\Documents\My Documents\~WRL3580.tmp

c:\documents and settings\All Users\Documents\My Documents\~WRL4038.tmp

c:\documents and settings\All Users\Documents\My Documents\01.asx

c:\documents and settings\All Users\Documents\My Documents\132.htm

c:\documents and settings\All Users\Documents\My Documents\1726.jpg

c:\documents and settings\All Users\Documents\My Documents\2294.pdf

c:\documents and settings\All Users\Documents\My Documents\2323.pdf

c:\documents and settings\All Users\Documents\My Documents\25.pdf

c:\documents and settings\All Users\Documents\My Documents\3aa.pdf

c:\documents and settings\All Users\Documents\My Documents\3bb.pdf

c:\documents and settings\All Users\Documents\My Documents\3cc.pdf

c:\documents and settings\All Users\Documents\My Documents\5140.png

c:\documents and settings\All Users\Documents\My Documents\780.htm

c:\documents and settings\All Users\Documents\My Documents\iexplore.exe

c:\documents and settings\All Users\Documents\My Documents\userinit.exe

c:\documents and settings\Marty\Application Data\.#

c:\documents and settings\Marty\Application Data\.#\MBX@20C@A241E8.###

c:\documents and settings\Marty\Application Data\.#\MBX@20C@A24218.###

c:\documents and settings\Marty\Application Data\.#\MBX@20C@A24248.###

c:\documents and settings\Marty\Application Data\.#\MBX@248@A241E8.###

c:\documents and settings\Marty\Application Data\.#\MBX@248@A24218.###

c:\documents and settings\Marty\Application Data\.#\MBX@248@A24248.###

c:\documents and settings\Marty\Application Data\.#\MBX@25C@A141E8.###

c:\documents and settings\Marty\Application Data\.#\MBX@25C@A14218.###

c:\documents and settings\Marty\Application Data\.#\MBX@25C@A14248.###

c:\documents and settings\Marty\Application Data\.#\MBX@27C@A241E8.###

c:\documents and settings\Marty\Application Data\.#\MBX@27C@A24218.###

c:\documents and settings\Marty\Application Data\.#\MBX@27C@A24248.###

c:\documents and settings\Marty\Application Data\.#\MBX@2B4@A141E8.###

c:\documents and settings\Marty\Application Data\.#\MBX@2B4@A14218.###

c:\documents and settings\Marty\Application Data\.#\MBX@2B4@A14248.###

c:\documents and settings\Marty\Application Data\.#\MBX@42C@A241E8.###

c:\documents and settings\Marty\Application Data\.#\MBX@42C@A24218.###

c:\documents and settings\Marty\Application Data\.#\MBX@42C@A24248.###

c:\documents and settings\Marty\Application Data\.#\MBX@4F8@A241E8.###

c:\documents and settings\Marty\Application Data\.#\MBX@4F8@A24218.###

c:\documents and settings\Marty\Application Data\.#\MBX@4F8@A24248.###

c:\documents and settings\Marty\Application Data\.#\MBX@544@A241E8.###

c:\documents and settings\Marty\Application Data\.#\MBX@544@A24218.###

c:\documents and settings\Marty\Application Data\.#\MBX@544@A24248.###

c:\documents and settings\Marty\Application Data\.#\MBX@5BC@A241E8.###

c:\documents and settings\Marty\Application Data\.#\MBX@5BC@A24218.###

c:\documents and settings\Marty\Application Data\.#\MBX@5BC@A24248.###

c:\documents and settings\Marty\Application Data\.#\MBX@5DC@A241E8.###

c:\documents and settings\Marty\Application Data\.#\MBX@5DC@A24218.###

c:\documents and settings\Marty\Application Data\.#\MBX@5DC@A24248.###

c:\documents and settings\Marty\Application Data\.#\MBX@750@A241E8.###

c:\documents and settings\Marty\Application Data\.#\MBX@750@A24218.###

c:\documents and settings\Marty\Application Data\.#\MBX@750@A24248.###

c:\documents and settings\Marty\Application Data\.#\MBX@75C@A241E8.###

c:\documents and settings\Marty\Application Data\.#\MBX@75C@A24218.###

c:\documents and settings\Marty\Application Data\.#\MBX@75C@A24248.###

c:\documents and settings\Marty\Application Data\.#\MBX@778@A241E8.###

c:\documents and settings\Marty\Application Data\.#\MBX@778@A24218.###

c:\documents and settings\Marty\Application Data\.#\MBX@778@A24248.###

c:\documents and settings\Marty\Application Data\.#\MBX@78C@A241E8.###

c:\documents and settings\Marty\Application Data\.#\MBX@78C@A24218.###

c:\documents and settings\Marty\Application Data\.#\MBX@78C@A24248.###

c:\documents and settings\Marty\Application Data\.#\MBX@D8@A241E8.###

c:\documents and settings\Marty\Application Data\.#\MBX@D8@A24218.###

c:\documents and settings\Marty\Application Data\.#\MBX@D8@A24248.###

c:\documents and settings\Marty\Application Data\Adobe\plugs

c:\documents and settings\Marty\Application Data\Adobe\plugs\KB466879828.exe

c:\documents and settings\Marty\Application Data\Adobe\shed

c:\documents and settings\Marty\g2ax_customer_downloadhelper_win32_x86.exe

c:\documents and settings\Marty\GoToAssistDownloadHelper.exe

c:\documents and settings\Marty\Local Settings\Application Data\{B08AF159-6FC6-4FBD-A8BF-FDA89B61BA88}

c:\documents and settings\Marty\Local Settings\Application Data\{B08AF159-6FC6-4FBD-A8BF-FDA89B61BA88}\chrome.manifest

c:\documents and settings\Marty\Local Settings\Application Data\{B08AF159-6FC6-4FBD-A8BF-FDA89B61BA88}\chrome\content\_cfg.js

c:\documents and settings\Marty\Local Settings\Application Data\{B08AF159-6FC6-4FBD-A8BF-FDA89B61BA88}\chrome\content\overlay.xul

c:\documents and settings\Marty\Local Settings\Application Data\{B08AF159-6FC6-4FBD-A8BF-FDA89B61BA88}\install.rdf

c:\documents and settings\Marty\Local Settings\Application Data\egox.exe

c:\documents and settings\Marty\Local Settings\Application Data\hap.exe

c:\documents and settings\Marty\Local Settings\Application Data\hgbg.exe

c:\documents and settings\Marty\Local Settings\Application Data\mua.exe

c:\documents and settings\Marty\Local Settings\Application Data\quvr.exe

c:\documents and settings\Marty\Local Settings\Application Data\rubx.exe

c:\documents and settings\Marty\Templates\erxi.exe

c:\documents and settings\Marty\Templates\ipoh.exe

c:\documents and settings\Marty\Templates\s2p7oscnpkvsk7b07omgiu2r

c:\documents and settings\Marty\Templates\vchj.exe

c:\documents and settings\Marty\Templates\vjft.exe

c:\documents and settings\Marty\WINDOWS

c:\windows\$xntuninstall643$

c:\windows\$xntuninstall643$\apUninstall.exe

c:\windows\$XNTUninstall643$\bgJHu.dll

c:\windows\$XNTUninstall643$\fbTIl.dll

c:\windows\iwuwujonaf.dll

c:\windows\system32\c_78675.nls

c:\windows\system32\config\odetmngk

c:\windows\system32\drivers\1202739917.sys

c:\windows\system32\gotomon.log

c:\windows\system32\zalojanfalbwgap.dll

.

Infected copy of c:\windows\system32\drivers\mf.sys was found and disinfected

Restored copy from - The cat found it :)

Infected copy of c:\windows\system32\DRIVERS\ipnat.sys was found and disinfected

Restored copy from - c:\windows\$hf_mig$\KB886185\SP2QFE\ipnat.sys

.

Infected copy of c:\windows\system32\Ati2evxx.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000001.lnk

.

c:\windows\system32\ati2sgag.exe . . . is infected!!

.

c:\program files\Bonjour\mDNSResponder.exe . . . is infected!!

.

c:\program files\PC Tools Security\BDT\BDTUpdateService.exe . . . is infected!!

.

c:\program files\Google\Update\GoogleUpdate.exe . . . is infected!!

.

Infected copy of c:\windows\system32\nvsvc32.exe was found and disinfected

Restored copy from - c:\i386\nvsvc32.exe

.

Infected copy of c:\windows\system32\Ati2evxx.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000001.lnk

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_1202739917

.

.

((((((((((((((((((((((((( Files Created from 2011-07-27 to 2011-08-27 )))))))))))))))))))))))))))))))

.

.

2011-09-04 15:32 . 2002-11-12 16:22 569397 ----a-w- c:\program files\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll

2011-08-27 23:27 . 2004-08-04 10:00 63744 ----a-w- c:\windows\system32\drivers\mf.sys

2011-08-27 23:27 . 2004-08-04 10:00 63744 ----a-w- c:\windows\system32\dllcache\mf.sys

2011-08-27 22:26 . 2011-08-27 23:12 -------- d-----w- c:\documents and settings\Marty\Local Settings\Application Data\AskToolbar

2011-08-27 19:36 . 2011-08-27 19:36 -------- d-----w- c:\program files\uTorrent

2011-08-27 19:35 . 2011-09-09 16:10 -------- d-----w- c:\documents and settings\Marty\Application Data\uTorrent

2011-08-27 19:35 . 2011-08-27 19:35 -------- d-----w- c:\documents and settings\Marty\Local Settings\Application Data\uTorrent

2011-08-27 19:04 . 2011-07-08 05:37 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe

2011-08-27 19:04 . 2011-07-08 05:37 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

2011-08-26 11:55 . 2011-07-01 19:36 149456 ----a-w- c:\windows\SGDetectionTool.dll

2011-08-26 11:55 . 2011-07-01 19:36 2029520 ----a-w- c:\windows\PCTBDCore.dll

2011-08-26 11:55 . 2011-07-01 19:36 1533904 ----a-w- c:\windows\PCTBDRes.dll

2011-08-26 11:55 . 2011-07-01 19:36 767952 ----a-w- c:\windows\BDTSupport.dll

2011-08-26 11:54 . 2010-07-16 18:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2011-08-26 11:54 . 2010-07-16 18:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys

2011-08-26 11:54 . 2011-07-11 13:05 253096 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2011-08-26 11:54 . 2011-07-11 16:06 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2011-08-26 11:54 . 2011-07-11 16:02 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2011-08-26 11:54 . 2011-03-10 13:08 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2011-08-26 11:54 . 2011-07-11 13:07 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2011-08-26 11:54 . 2011-08-26 11:54 -------- d-----w- c:\program files\Common Files\PC Tools

2011-08-24 12:56 . 2011-08-24 12:56 -------- d-----w- c:\documents and settings\Marty\Application Data\Malwarebytes

2011-08-24 12:56 . 2011-08-24 12:56 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-08-23 15:48 . 2011-08-23 15:48 94208 ----a-w- c:\windows\system32\srvparseacct.exe

2011-08-23 15:34 . 2011-08-23 15:34 -------- dc-h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-08-23 15:34 . 2011-08-26 12:17 -------- dc----w- c:\documents and settings\All Users\Application Data\MFAData

2011-08-23 15:08 . 2011-08-23 15:08 -------- d-----w- c:\program files\Yontoo Layers Runtime

2011-08-23 15:08 . 2011-08-23 15:08 39558 ----a-w- c:\windows\system32\nfnzxyxqynxlmqpsa.exe

2011-08-23 15:07 . 2004-08-10 17:50 121856 ----a-w- c:\windows\system32\dinputc.dll

2011-08-17 14:01 . 2011-08-17 14:01 -------- d-----w- c:\documents and settings\Marty\Local Settings\Application Data\Logitech-LS

2011-08-13 00:25 . 2003-11-10 22:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll

2011-08-13 00:25 . 2003-11-10 22:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll

2011-08-13 00:25 . 2003-11-10 22:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll

2011-08-13 00:25 . 2003-11-10 22:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll

2011-08-13 00:25 . 2003-11-10 22:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe

2011-08-13 00:25 . 2011-08-13 00:25 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll

2011-08-13 00:25 . 2011-08-13 00:25 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3EC845CC-F740-4546-9DAD-1326F83A5A2E}]

2004-08-10 17:50 121856 ----a-w- c:\windows\system32\dinputc.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2011-05-17 17:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

2011-07-15 04:46 195360 ----a-w- c:\program files\Yontoo Layers Runtime\YontooIEClient_2.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-07-02 2347216]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-11 68856]

"LightShot"="c:\documents and settings\Marty\Local Settings\Application Data\Skillbrains\lightshot\LightShot.exe" [2011-05-27 195072]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-28 8429568]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-22 16132608]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-03-20 213936]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2006-11-27 255528]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 488984]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]

"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]

"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]

"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-07-07 1600984]

"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-07-01 247760]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2008-08-30 20:25 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk

backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk

backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Marty^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk]

path=c:\documents and settings\Marty\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk

backup=c:\windows\pss\Dragon NaturallySpeaking.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]

2008-12-17 18:36 50520 ----a-w- c:\documents and settings\Marty\Application Data\mjusbsp\cdloader2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2004-08-04 10:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-06-10 16:14 136176 ----atw- c:\documents and settings\Marty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2006-03-20 21:34 213936 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-10-17 03:15 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-02-11 14:39 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Apple Mobile Device"=2 (0x2)

"PSI_SVC_2"=2 (0x2)

"ProtexisLicensing"=2 (0x2)

"Nero BackItUp Scheduler 4.0"=2 (0x2)

"mnmsrvc"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"IviRegMgr"=2 (0x2)

"iPod Service"=3 (0x3)

"ImapiService"=3 (0x3)

"idsvc"=3 (0x3)

"IDriverT"=3 (0x3)

"ICDSPTSV"=3 (0x3)

"hnmsvc"=2 (0x2)

"gusvc"=3 (0x3)

"gupdate"=2 (0x2)

"FirebirdServerMAGIXInstance"=3 (0x3)

"Fax"=2 (0x2)

"DellAMBrokerService"=3 (0x3)

"AOL ACS"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Documents and Settings\\Marty\\Application Data\\mjusbsp\\magicJack.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9000:TCP"= 9000:TCP:Squeezebox Server 9000 tcp (UI)

"9001:TCP"= 9001:TCP:Squeezebox Server 9001 tcp (UI)

"9002:TCP"= 9002:TCP:Squeezebox Server 9002 tcp (UI)

"9003:TCP"= 9003:TCP:Squeezebox Server 9003 tcp (UI)

"9004:TCP"= 9004:TCP:Squeezebox Server 9004 tcp (UI)

"9005:TCP"= 9005:TCP:Squeezebox Server 9005 tcp (UI)

"9006:TCP"= 9006:TCP:Squeezebox Server 9006 tcp (UI)

"9007:TCP"= 9007:TCP:Squeezebox Server 9007 tcp (UI)

"9008:TCP"= 9008:TCP:Squeezebox Server 9008 tcp (UI)

"9009:TCP"= 9009:TCP:Squeezebox Server 9009 tcp (UI)

"9010:TCP"= 9010:TCP:Squeezebox Server 9010 tcp (UI)

"9100:TCP"= 9100:TCP:Squeezebox Server 9100 tcp (UI)

"8000:TCP"= 8000:TCP:Squeezebox Server 8000 tcp (UI)

"10000:TCP"= 10000:TCP:Squeezebox Server 10000 tcp (UI)

"9090:TCP"= 9090:TCP:Squeezebox Server 9090 tcp (UI)

"3483:UDP"= 3483:UDP:Squeezebox Server 3483 udp

"3483:TCP"= 3483:TCP:Squeezebox Server 3483 tcp

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/26/2011 7:54 AM 263888]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [8/26/2011 7:54 AM 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [8/26/2011 7:54 AM 656320]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [8/26/2011 7:54 AM 253096]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [8/26/2011 7:54 AM 233976]

R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [1/23/2008 4:19 AM 501560]

R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [6/9/2008 4:58 AM 65536]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 8:09 PM 11032]

S2 Browser Defender Update Service;Browser Defender Update Service;"c:\program files\PC Tools Security\BDT\BDTUpdateService.exe" --> c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [8/26/2011 7:54 AM 371472]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [11/10/2008 11:31 AM 39048]

S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [8/26/2011 7:54 AM 70664]

S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys --> c:\windows\system32\DRIVERS\UltraMonMirror.sys [?]

S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [12/10/2008 10:37 AM 544768]

S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [12/6/2008 6:16 PM 1527900]

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-493594433-3681666831-3225602439-1006Core.job

- c:\documents and settings\Marty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-30 16:14]

.

2011-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-493594433-3681666831-3225602439-1006UA.job

- c:\documents and settings\Marty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-30 16:14]

.

2011-08-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-493594433-3681666831-3225602439-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

.

2011-09-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-493594433-3681666831-3225602439-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

.

2011-08-27 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2011-05-17 17:29]

.

2011-08-26 c:\windows\Tasks\update-S-1-5-21-493594433-3681666831-3225602439-1006.job

- c:\program files\Skillbrains\Updater\Updater.exe [2011-07-19 02:09]

.

2011-08-26 c:\windows\Tasks\update-sys.job

- c:\program files\Skillbrains\Updater\Updater.exe [2011-07-19 02:09]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta

IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\Superfish\Window Shopper\SuperfishIEAddon.dll

LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

TCP: DhcpNameServer = 192.168.11.1

FF - ProfilePath - c:\documents and settings\Marty\Application Data\Mozilla\Firefox\Profiles\6nfbyfrm.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Autofill Forms: autofillForms@blueimp.net - %profile%\extensions\autofillForms@blueimp.net

FF - Ext: Window Shopper - Powered by Superfish: superfish@superfish.com - %profile%\extensions\superfish@superfish.com

FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: LightShot (screenshot tool): {394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} - %profile%\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}

FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\PC Tools Security\BDT\Firefox

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-vhxsbwagqisnjkc - c:\windows\system32\zalojanfalbwgap.dll

HKLM-Run-bipro - c:\windows\$XNTUninstall643$\fbtil.dll

HKLM-Run-Apivuda - c:\windows\iwuwujonaf.dll

MSConfigStartUp-AO_Reminder - c:\program files\AO Reminder\AO_Reminder.exe

MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe

AddRemove-$XNTUninstall643$ - c:\windows\$XNTUninstall643$\apUninstall.exe

AddRemove-AOL Uninstaller - c:\program files\Common Files\AOL\uninstaller.exe

AddRemove-AP Guitar Tuner - c:\program files\Audio Phonics

AddRemove-Driver Performer_is1 - c:\program files\Driver-Soft\DriverPerformer\unins000.exe

AddRemove-EPSON Scanner - c:\program files\epson\escndv\setup\setup.exe

AddRemove-Silent Package Run-Time Sample - c:\program files\epson\guide\cx3800_e\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-27 19:54

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: ST3160815AS rev.3.ADA -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x876E331B

user & kernel MBR OK

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(780)

c:\windows\system32\Ati2evxx.dll

c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

.

- - - - - - - > 'lsass.exe'(836)

c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

.

- - - - - - - > 'explorer.exe'(1300)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\program files\PostgreSQL\8.3\bin\postgres.exe

c:\program files\PostgreSQL\8.3\bin\postgres.exe

c:\program files\PostgreSQL\8.3\bin\postgres.exe

c:\program files\PostgreSQL\8.3\bin\postgres.exe

c:\program files\PostgreSQL\8.3\bin\postgres.exe

c:\program files\PostgreSQL\8.3\bin\postgres.exe

c:\windows\RTHDCPL.EXE

c:\documents and settings\Marty\Local Settings\Application Data\Skillbrains\lightshot\1.4.0.0\LightShot.exe

.

**************************************************************************

.

Completion time: 2011-08-27 20:01:00 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-28 00:00

.

Pre-Run: 4,508,569,600 bytes free

Post-Run: 8,331,341,824 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - D9AA7406F7D020F3FF49D340B6A92BED

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:19:59 PM, on 8/27/2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17055)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\PC Tools Security\pctsGui.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Marty\Local Settings\Application Data\Skillbrains\lightshot\1.4.0.0\LightShot.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Marty\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080211

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)

O2 - BHO: (no name) - {3EC845CC-F740-4546-9DAD-1326F83A5A2E} - C:\WINDOWS\system32\dinputc.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: WindowShopper - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient_2.dll

O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI

O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [LightShot] C:\Documents and Settings\Marty\Local Settings\Application Data\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue

O4 - HKUS\S-1-5-21-493594433-3681666831-3225602439-1007\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup (User 'postgres')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta

O9 - Extra button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219435434040

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)

O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)

O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (file missing)

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\PC Tools Security\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\PC Tools Security\pctsSvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--

End of file - 10780 bytes

Link to post
Share on other sites

since I ran combo fix right now computer seems to be working. However, My spyware doctor still is not working. Cant download AVG antivirus cause it says cant find windows installer.

also, if I go to restart computer it says updates available and I swear it shows that multico;ored shield that you see on phonny "security protection" window which is a virus. What do I do?

Link to post
Share on other sites

I forgot to post my HJ log. Seems like there issome funny stuff on here. Also comouter running everything Sloooowwww. What do you think?

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 3:12:37 PM, on 8/28/2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17055)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\PC Tools Security\pctsAuxs.exe

C:\Program Files\PC Tools Security\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\PC Tools Security\pctsGui.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\PC Tools Security\BDT\FGuard.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Marty\Local Settings\Application Data\Skillbrains\lightshot\1.4.0.0\LightShot.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\PC Tools Security\TFEngine\TFService.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Marty\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080211

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: WindowShopper - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient_2.dll

O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI

O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [LightShot] C:\Documents and Settings\Marty\Local Settings\Application Data\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue

O4 - HKUS\S-1-5-21-493594433-3681666831-3225602439-1007\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup (User 'postgres')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta

O9 - Extra button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219435434040

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)

O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)

O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: ThreatFire - PC Tools - C:\Program Files\PC Tools Security\TFEngine\TFService.exe

O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--

End of file - 11041 bytes

Link to post
Share on other sites

  • 3 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.