wrolyat

Members
  • Content Count

    33
  • Joined

  • Last visited

Community Reputation

0 Neutral

About wrolyat

  • Rank
    Advanced Member
  1. I turned on my computer just like any other time, except this time every Word or Excel document now has an orange icon and will not open because the file has been corrupted. Any chance there is a virus holding these files "hostage," or so to speak and that once the virus is removed, the files will be functional again? Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 2:37:35 PM, on 9/12/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16686) FIREFOX: 15.0.1 (en-US) Boot mode: Normal Running processes: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\ProgramData\Search Protection\SearchProtection.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Users\Taylor\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\ffHelper.exe C:\PROGRA~2\AD-AWA~1\AdAware.exe C:\Users\Taylor\AppData\Roaming\Spotify\spotify.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Taylor\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_0&ent=hp&u=F735632C70CA21ED19248451B9FA680F R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing) O2 - BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) O3 - Toolbar: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [search Protection] C:\ProgramData\Search Protection\SearchProtection.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe O4 - HKLM\..\RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" O4 - HKLM\..\RunOnce: [sTToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Taylor\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user') O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe O4 - Startup: Dropbox.lnk = Taylor\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files (x86)\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {4AEF8AEE-3DE8-4B69-8B6E-6353B6C59B50} (RealPage Web Objects) - http://onesite.realpage.com/coreglobal/RealpageCab/Realpage.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing) O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: dleaCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe O23 - Service: dlea_device - Unknown owner - C:\Windows\system32\dleacoms.exe (file missing) O23 - Service: Dock Login Service (DockLoginService) - Unknown owner - C:\Program Files\Dell\DellDock\DockLogin.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater15.5.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 17611 bytes DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.25.2 Run by Taylor at 14:34:01 on 2013-09-12 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7991.5013 [GMT -4:00] . AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A} SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC} FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\dleacoms.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Common Files\Motive\McciCMService.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe C:\Windows\System32\rundll32.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE C:\Program Files\Windstream_BCUC\McciTrayApp.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\ProgramData\Search Protection\SearchProtection.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Users\Taylor\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\system32\svchost.exe -k HPService C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe C:\Program Files (x86)\AVG\AVG2013\avgemca.exe C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\ffHelper.exe C:\Windows\explorer.exe C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe C:\PROGRA~2\AD-AWA~1\AdAware.exe C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe C:\Users\Taylor\AppData\Roaming\Spotify\spotify.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned> BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll uRun: [Facebook Update] "C:\Users\Taylor\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [search Protection] C:\ProgramData\Search Protection\SearchProtection.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" mRunOnce: [sTToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe StartupFolder: C:\Users\Taylor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe StartupFolder: C:\Users\Taylor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Taylor\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Taylor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CLEANA~1.LNK - C:\Program Files (x86)\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: NameServer = 136.165.253.65 136.165.253.89 TCP: Interfaces\{D2D07D58-25C3-4204-AC88-B0EA6D01016D} : DHCPNameServer = 136.165.253.65 136.165.253.89 TCP: Interfaces\{D2D07D58-25C3-4204-AC88-B0EA6D01016D}\0527F66796E6365602F466669636560223E243 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{D2D07D58-25C3-4204-AC88-B0EA6D01016D}\14962777166756 : DHCPNameServer = 8.8.8.8 8.8.4.4 TCP: Interfaces\{D2D07D58-25C3-4204-AC88-B0EA6D01016D}\259636B6023516D6D6963686 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{D2D07D58-25C3-4204-AC88-B0EA6D01016D}\354514E4D20534F5E4564777F627B6 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 TCP: Interfaces\{D2D07D58-25C3-4204-AC88-B0EA6D01016D}\4425B413032353 : DHCPNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{D2D07D58-25C3-4204-AC88-B0EA6D01016D}\75F6F646 : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{D2D07D58-25C3-4204-AC88-B0EA6D01016D}\B4348454A51383 : DHCPNameServer = 192.168.2.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices x64-Run: [Windstream_BCUC_McciTrayApp] "C:\Program Files\Windstream_BCUC\McciTrayApp.exe" x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\8icul41s.default\ FF - prefs.js: browser.search.selectedEngine - Project Playlist Music Search FF - prefs.js: browser.search.selectedEngine - SecureSearch FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll FF - component: C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\8icul41s.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Taylor\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-5 45880] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-8-6 55280] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952] R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-12-20 45856] R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-6-13 1236336] R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2010-8-6 89600] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] R2 dlea_device;dlea_device;C:\Windows\System32\dleacoms.exe -service --> C:\Windows\System32\dleacoms.exe -service [?] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-6 13336] R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-8-6 673088] R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2011-5-15 1832072] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-6 2320920] R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [2013-8-15 1643184] R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2010-8-6 20984] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-8-6 172704] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-8-26 140376] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-8-6 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-8-6 158976] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-8-6 271872] S0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2012-12-7 14456] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312] S2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\dleaserv.exe [2009-7-1 33448] S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe --> C:\Program Files\Dell\DellDock\DockLogin.exe [?] S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-9-20 30192] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-8-6 325152] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-12 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-18 1255736] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120] . =============== Created Last 30 ================ . 2013-09-12 18:09:04 -------- d-----w- C:\Users\Taylor\AppData\Local\adawarebp 2013-09-12 17:27:09 -------- d-----w- C:\Program Files (x86)\Lavasoft 2013-09-12 13:55:00 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys 2013-09-05 05:43:42 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys 2013-08-27 14:27:10 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-08-27 14:27:09 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-08-27 14:27:08 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-08-27 14:27:07 1732032 ----a-w- C:\Windows\System32\ntdll.dll 2013-08-27 14:27:05 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll 2013-08-27 14:27:04 243712 ----a-w- C:\Windows\System32\wow64.dll 2013-08-27 14:27:02 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-08-27 14:27:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-08-27 14:26:59 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-08-27 14:26:59 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-08-27 14:26:59 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-08-18 16:12:47 -------- d-----w- C:\Windows\System32\MRT 2013-08-15 21:56:43 1472512 ----a-w- C:\Windows\System32\crypt32.dll 2013-08-15 21:56:42 224256 ----a-w- C:\Windows\System32\wintrust.dll 2013-08-15 21:56:42 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll 2013-08-15 21:56:42 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-08-15 21:56:41 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-08-15 21:56:41 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-08-15 21:56:40 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-08-15 21:56:40 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-08-15 21:55:17 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2013-08-15 21:55:17 2048 ----a-w- C:\Windows\System32\tzres.dll 2013-08-15 21:54:49 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-08-15 21:54:48 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2013-08-15 21:54:46 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll 2013-08-15 21:54:46 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll 2013-08-15 21:54:21 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys 2013-08-15 21:54:19 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ==================== Find3M ==================== . 2013-09-12 17:25:52 47496 ----a-w- C:\Windows\System32\sbbd.exe 2013-09-12 17:25:52 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys 2013-09-12 17:19:06 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-09-12 17:19:05 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-15 21:27:05 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys 2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll 2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-07-20 05:51:00 311608 ----a-w- C:\Windows\System32\drivers\avgloga.sys 2013-07-20 05:50:56 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys 2013-07-20 05:50:56 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys 2013-07-20 05:50:50 206648 ----a-w- C:\Windows\System32\drivers\avgldx64.sys 2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2013-07-01 05:45:28 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys 2013-06-24 21:09:08 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-24 21:09:06 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2013-06-24 21:09:06 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll . ============= FINISH: 14:34:45.51 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 8/16/2010 3:39:27 PM System Uptime: 9/12/2013 1:05:17 PM (1 hours ago) . Motherboard: Dell Inc. | | Processor: Intel® Core i3 CPU M 350 @ 2.27GHz | CPU 1 | 2261/533mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 283 GiB total, 120.944 GiB free. D: is CDROM (CDFS) E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: Deskjet F4500 series Device ID: ROOT\IMAGE\0000 Manufacturer: HP Name: Deskjet F4500 series PNP Device ID: ROOT\IMAGE\0000 Service: StillCam . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Deskjet F4500 series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Deskjet F4500 series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . Class GUID: Description: Deskjet 3050A J611 series Device ID: ROOT\MULTIFUNCTION\0001 Manufacturer: Name: Deskjet 3050A J611 series PNP Device ID: ROOT\MULTIFUNCTION\0001 Service: . Class GUID: Description: HP LaserJet 600 M602 Device ID: ROOT\MULTIFUNCTION\0002 Manufacturer: Name: HP LaserJet 600 M602 PNP Device ID: ROOT\MULTIFUNCTION\0002 Service: . ==== System Restore Points =================== . RP212: 8/27/2013 10:46:37 AM - Windows Update RP213: 8/27/2013 2:30:02 PM - Windows Update RP214: 8/28/2013 5:24:19 PM - Windows Update RP215: 9/5/2013 10:39:02 AM - Windows Update RP216: 9/12/2013 10:46:48 AM - Windows Update . ==== Installed Programs ====================== . 64 Bit HP CIO Components Installer Ad-Aware Antivirus Ad-Aware Browsing Protection Ad-Aware Security Add-on Adobe AIR Adobe Connect Add-in Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.7) Adobe Shockwave Player 11.6 Advanced Audio FX Engine Apple Application Support Apple Mobile Device Support Apple Software Update AVG 2013 AVG Security Toolbar Banctec Service Agreement Bonjour Cisco Clean Access Agent Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Consumer In-Home Service Agreement D3DX10 Definition update for Microsoft Office 2010 (KB982726) Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Edoc Viewer Dell Getting Started Guide Dell Support Center Dell V310-V510 Series Dell Webcam Central DJ_AIO_06_F4500_SW_MIN Dropbox DW WLAN Card Utility Facebook Video Calling 1.2.0.287 Google Chrome Google Desktop Google Update Helper GoToAssist Corporate HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6 Intel® Control Center Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® Rapid Storage Technology Internet TV for Windows Media Center iTunes Java 7 Update 25 Java Auto Updater Java 6 Update 20 (64-bit) Java 6 Update 37 Junk Mail filter update Live! Cam Avatar Creator LiveUpdate 3.3 (Symantec Corporation) Maple 14 McAfee Security Scan Plus Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Excel 2010 Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 32-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 32-bit MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Outlook 2010 Microsoft Rise Of Nations Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Firefox 19.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML4 Parser Network64 Paint.NET v3.5.10 Pando Media Booster PCSX2 - Playstation 2 Emulator PeerBlock 1.1 (r518) Pinnacle Video Driver PowerDVD DX Quickset64 QuickTime Roxio Burn Scan Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft InfoPath 2010 (KB2510065) Security Update for Microsoft InfoPath 2010 (KB2553431) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition Security Update for Microsoft Publisher 2010 (KB2409055) Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597981) 64-Bit Edition Security Update for Microsoft Word 2010 (KB2345000) Spotify swMSM Symantec Endpoint Protection Synaptics Pointing Device Driver TI Connect 1.6 Toolbox Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft Office 2010 (KB2202188) Update for Microsoft Office 2010 (KB2413186) Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition Update for Microsoft Outlook Social Connector (KB2289116) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition Visual Studio 2008 x64 Redistributables Visual Studio 2010 x64 Redistributables VLC media player 1.1.9 Vuze Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Center Add-in for Flash Windows Media Player Firefox Plugin Windstream Broadband Check-up Center WinRAR 4.00 beta 2 (64-bit) . ==== Event Viewer Messages From Past Week ======== . 9/9/2013 3:30:08 PM, Error: Service Control Manager [7022] - The HP Network Devices Support service hung on starting. 9/8/2013 11:20:30 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SHOAIB that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D2D07D58-25C3-4204-AC88-B0EA6D01016D}. The master browser is stopping or an election is being forced. 9/5/2013 1:47:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 9/12/2013 12:56:28 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: [email protected] 9/12/2013 10:49:55 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Windows 7 for x64-based Systems (KB2872339). 9/12/2013 10:49:02 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Windows 7 for x64-based Systems (KB2876315). 9/12/2013 10:48:29 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Update for Windows 7 for x64-based Systems (KB2868116). 9/12/2013 1:07:47 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: [email protected] 9/12/2013 1:06:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the dleaCATSCustConnectService service to connect. 9/12/2013 1:06:54 PM, Error: Service Control Manager [7000] - The dleaCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/12/2013 1:06:35 PM, Error: Service Control Manager [7000] - The Dock Login Service service failed to start due to the following error: The system cannot find the file specified. 9/12/2013 1:04:53 PM, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control. 9/12/2013 1:04:18 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. . ==== End Of File =========================== Thanks in advance for the help!
  2. [b]Thanks so much! No issues and no redirect web pages! You found them all. I am very thankful for your relentless help![/b]
  3. Null for the Kaspersky Online Scanner... -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, February 16, 2010 Operating system: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 2 (build 6002) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, February 16, 2010 14:44:05 Records in database: 3518612 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ G:\ Scan statistics: Objects scanned: 153431 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 01:53:57 No threats found. Scanned area is clean. Selected area has been scanned. DDS (Ver_09-12-01.01) - NTFSx86 Run by Stan at 15:30:19.42 on Tue 02/16/2010 Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_18 Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6002.2.1252.1.1033.18.1782.793 [GMT -5:00] AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} SP: Norton Internet Security *disabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A} FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\RtHDVCpl.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Lexmark 5400 Series\lxctmon.exe C:\Program Files\Lexmark 5400 Series\ezprint.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Windows\system32\igfxsrvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Flip Video\FlipShare\FlipShareService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\lxctcoms.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Mail\WinMail.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe C:\Program Files\Java\jre6\bin\java.exe C:\Users\Stan\AppData\Local\temp\jkos-Stan\binaries\ScanningProcess.exe C:\Users\Stan\AppData\Local\temp\jkos-Stan\binaries\ScanningProcess.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Stan\Downloads\dds(2).scr ============== Pseudo HJT Report =============== uStart Page = hxxp://espn.go.com/broadband/espn360/index mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Presario&pf=desktop uInternet Settings,ProxyOverride = *.local BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe" mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe" mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [DPService] "c:\program files\hp\dvdplay\DPService.exe" mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s mRun: [lxctmon.exe] "c:\program files\lexmark 5400 series\lxctmon.exe" mRun: [Lexmark 5400 Series Fax Server] "c:\program files\lexmark 5400 series\fm3032.exe" /s mRun: [EzPrint] "c:\program files\lexmark 5400 series\ezprint.exe" mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [LXCTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCTtime.dll,[email protected] mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\3572475\program\Compaq Connections.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL Trusted Zone: real.com\rhap-app-4-0 Trusted Zone: real.com\rhapreg DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab Notify: igfxcui - igfxdev.dll Hosts: 127.0.0.1 www.spywareinfoforum.com ================= FIREFOX =================== FF - ProfilePath - c:\users\stan\appdata\roaming\mozilla\firefox\profiles\qbcp5lt7.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/|http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p= FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll FF - plugin: c:\users\stan\appdata\roaming\move networks\plugins\npqmp071701000002.dll FF - plugin: c:\users\stan\appdata\roaming\move networks\plugins\npqmp071705000014.dll FF - plugin: c:\users\stan\appdata\roaming\mozilla\firefox\profiles\qbcp5lt7.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll FF - plugin: c:\users\stan\appdata\roaming\mozilla\firefox\profiles\qbcp5lt7.default\extensions\[email protected]\plugins\npTVUAx.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2006-11-2 311808] S2 GoogleUpdateBeta;Google Update Service;c:\users\stan\appdata\local\google\update\googleupdatebeta.exe /svc --> c:\users\stan\appdata\local\google\update\GoogleUpdateBeta.exe [?] S2 gupdate1c987f1bcfda6d5;Google Update Service (gupdate1c987f1bcfda6d5);c:\program files\google\update\GoogleUpdate.exe [2009-2-5 133104] S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-24 21504] =============== Created Last 30 ================ 2010-02-16 14:58:03 0 d-----w- c:\programdata\NOS 2010-02-14 21:35:08 0 d-sh--w- C:\$RECYCLE.BIN 2010-02-14 21:18:31 98816 ----a-w- c:\windows\sed.exe 2010-02-14 21:18:31 77312 ----a-w- c:\windows\MBR.exe 2010-02-14 21:18:31 261632 ----a-w- c:\windows\PEV.exe 2010-02-14 21:18:31 161792 ----a-w- c:\windows\SWREG.exe 2010-02-14 18:06:25 228581443 ----a-w- c:\windows\MEMORY.DMP 2010-02-11 18:02:01 0 d-----w- c:\program files\iTunes 2010-02-06 19:58:45 0 d-----w- c:\program files\Trend Micro 2010-02-05 22:59:07 0 d-----w- c:\users\stan\appdata\roaming\EMCO 2010-02-05 22:58:45 0 d-----w- c:\program files\EMCO 2010-02-02 01:10:02 0 d---a-w- c:\programdata\TEMP 2010-01-28 00:53:47 0 d-----w- C:\My Music 2010-01-27 22:35:19 0 d-----w- c:\programdata\Sun 2010-01-21 19:02:51 834048 ----a-w- c:\windows\system32\wininet.dll 2010-01-21 19:02:47 78336 ----a-w- c:\windows\system32\ieencode.dll ==================== Find3M ==================== 2010-02-16 02:22:06 51200 ----a-w- c:\windows\inf\infpub.dat 2010-02-16 02:22:06 143360 ----a-w- c:\windows\inf\infstrng.dat 2010-01-14 16:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-11 17:33:38 68096 --sha-r- c:\windows\system32\KBDLV5.dll 2009-12-30 20:03:45 86016 ----a-w- c:\windows\inf\infstor.dat 2009-12-30 20:03:20 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2009-12-30 20:03:20 47360 ----a-w- c:\users\stan\appdata\roaming\pcouffin.sys 2009-12-17 22:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-08 20:01:02 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-08 20:01:02 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-04 18:30:05 12288 ----a-w- c:\windows\system32\tsbyuv.dll 2009-12-04 18:29:41 1314816 ----a-w- c:\windows\system32\quartz.dll 2009-12-04 18:28:52 22528 ----a-w- c:\windows\system32\msyuv.dll 2009-12-04 18:28:51 31744 ----a-w- c:\windows\system32\msvidc32.dll 2009-12-04 18:28:51 123904 ----a-w- c:\windows\system32\msvfw32.dll 2009-12-04 18:28:49 13312 ----a-w- c:\windows\system32\msrle32.dll 2009-12-04 18:28:27 82944 ----a-w- c:\windows\system32\mciavi32.dll 2009-12-04 18:28:21 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2009-12-04 18:27:12 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-11-17 22:18:12 665600 ----a-w- c:\windows\inf\drvindex.dat 2008-05-24 20:49:24 174 --sha-w- c:\program files\desktop.ini 2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib409\perfd.dat 2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib409\perfc.dat 2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib409\perfi.dat 2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib409\perfh.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib00\perfi.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib00\perfh.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib00\perfd.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib00\perfc.dat 2007-09-03 20:35:12 22 --sha-w- c:\windows\sminst\HPCD.sys ============= FINISH: 15:31:35.29 ===============
  4. Thanks for your help. Here is the latest DDS. DDS (Ver_09-12-01.01) - NTFSx86 Run by Stan at 17:37:26.36 on Mon 02/15/2010 Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_18 Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6002.2.1252.1.1033.18.1782.898 [GMT -5:00] AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} SP: Norton Internet Security *disabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A} FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\RtHDVCpl.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Lexmark 5400 Series\lxctmon.exe C:\Program Files\Lexmark 5400 Series\ezprint.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\taskeng.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Windows\system32\igfxsrvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Flip Video\FlipShare\FlipShareService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\lxctcoms.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Mail\WinMail.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Stan\Downloads\dds(2).scr ============== Pseudo HJT Report =============== uStart Page = hxxp://espn.go.com/broadband/espn360/index mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Presario&pf=desktop uInternet Settings,ProxyOverride = *.local BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe" mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe" mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [DPService] "c:\program files\hp\dvdplay\DPService.exe" mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s mRun: [lxctmon.exe] "c:\program files\lexmark 5400 series\lxctmon.exe" mRun: [Lexmark 5400 Series Fax Server] "c:\program files\lexmark 5400 series\fm3032.exe" /s mRun: [EzPrint] "c:\program files\lexmark 5400 series\ezprint.exe" mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [LXCTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCTtime.dll,[email protected] mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\3572475\program\Compaq Connections.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL Trusted Zone: real.com\rhap-app-4-0 Trusted Zone: real.com\rhapreg DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab Notify: igfxcui - igfxdev.dll Hosts: 127.0.0.1 www.spywareinfoforum.com ================= FIREFOX =================== FF - ProfilePath - c:\users\stan\appdata\roaming\mozilla\firefox\profiles\qbcp5lt7.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/|http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p= FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll FF - plugin: c:\users\stan\appdata\roaming\move networks\plugins\npqmp071701000002.dll FF - plugin: c:\users\stan\appdata\roaming\move networks\plugins\npqmp071705000014.dll FF - plugin: c:\users\stan\appdata\roaming\mozilla\firefox\profiles\qbcp5lt7.default\extensions\[email protected]\plugins\npTVUAx.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2006-11-2 311808] S2 GoogleUpdateBeta;Google Update Service;c:\users\stan\appdata\local\google\update\googleupdatebeta.exe /svc --> c:\users\stan\appdata\local\google\update\GoogleUpdateBeta.exe [?] S2 gupdate1c987f1bcfda6d5;Google Update Service (gupdate1c987f1bcfda6d5);c:\program files\google\update\GoogleUpdate.exe [2009-2-5 133104] S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-24 21504] =============== Created Last 30 ================ 2010-02-14 21:35:08 0 d-sh--w- C:\$RECYCLE.BIN 2010-02-14 21:18:31 98816 ----a-w- c:\windows\sed.exe 2010-02-14 21:18:31 77312 ----a-w- c:\windows\MBR.exe 2010-02-14 21:18:31 261632 ----a-w- c:\windows\PEV.exe 2010-02-14 21:18:31 161792 ----a-w- c:\windows\SWREG.exe 2010-02-14 18:06:25 228581443 ----a-w- c:\windows\MEMORY.DMP 2010-02-11 18:02:01 0 d-----w- c:\program files\iTunes 2010-02-06 19:58:45 0 d-----w- c:\program files\Trend Micro 2010-02-05 22:59:07 0 d-----w- c:\users\stan\appdata\roaming\EMCO 2010-02-05 22:58:45 0 d-----w- c:\program files\EMCO 2010-02-02 01:10:02 0 d---a-w- c:\programdata\TEMP 2010-01-28 00:53:47 0 d-----w- C:\My Music 2010-01-27 22:35:19 0 d-----w- c:\programdata\Sun 2010-01-21 19:02:51 834048 ----a-w- c:\windows\system32\wininet.dll 2010-01-21 19:02:47 78336 ----a-w- c:\windows\system32\ieencode.dll ==================== Find3M ==================== 2010-01-14 16:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-11 17:33:38 68096 --sha-r- c:\windows\system32\KBDLV5.dll 2009-12-30 20:03:54 51200 ----a-w- c:\windows\inf\infpub.dat 2009-12-30 20:03:54 143360 ----a-w- c:\windows\inf\infstrng.dat 2009-12-30 20:03:45 86016 ----a-w- c:\windows\inf\infstor.dat 2009-12-30 20:03:20 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2009-12-30 20:03:20 47360 ----a-w- c:\users\stan\appdata\roaming\pcouffin.sys 2009-12-17 22:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-08 20:01:02 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-08 20:01:02 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-04 18:30:05 12288 ----a-w- c:\windows\system32\tsbyuv.dll 2009-12-04 18:29:41 1314816 ----a-w- c:\windows\system32\quartz.dll 2009-12-04 18:28:52 22528 ----a-w- c:\windows\system32\msyuv.dll 2009-12-04 18:28:51 31744 ----a-w- c:\windows\system32\msvidc32.dll 2009-12-04 18:28:51 123904 ----a-w- c:\windows\system32\msvfw32.dll 2009-12-04 18:28:49 13312 ----a-w- c:\windows\system32\msrle32.dll 2009-12-04 18:28:27 82944 ----a-w- c:\windows\system32\mciavi32.dll 2009-12-04 18:28:21 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2009-12-04 18:27:12 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-11-17 22:18:12 665600 ----a-w- c:\windows\inf\drvindex.dat 2008-05-24 20:49:24 174 --sha-w- c:\program files\desktop.ini 2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib409\perfd.dat 2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib409\perfc.dat 2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib409\perfi.dat 2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib409\perfh.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib00\perfi.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib00\perfh.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib00\perfd.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib00\perfc.dat 2007-09-03 20:35:12 22 --sha-w- c:\windows\sminst\HPCD.sys ============= FINISH: 17:38:37.84 ===============
  5. ComboFix 10-02-12.01 - Stan 02/14/2010 16:21:19.1.2 - x86 Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6002.2.1252.1.1033.18.1782.973 [GMT -5:00] Running from: c:\users\Stan\Downloads\ComboFix.exe AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} SP: Norton Internet Security *disabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . [i] ADS - Windows: deleted 24 bytes in 1 streams. [/i] ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-1025212237-3949569177-26359371-1001 c:\$recycle.bin\S-1-5-21-1025212237-3949569177-26359371-500 c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500 c:\$recycle.bin\S-1-5-21-3686596484-2988191526-3248958795-500 c:\programdata\Microsoft\Network\Downloader\qmgr0.dat c:\programdata\Microsoft\Network\Downloader\qmgr1.dat c:\users\Stan\AppData\Roaming\inst.exe c:\users\Stan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.lnk c:\windows\winhelp.ini ----- BITS: Possible infected sites ----- hxxp://armmf.adobe.com . ((((((((((((((((((((((((( Files Created from 2010-01-14 to 2010-02-14 ))))))))))))))))))))))))))))))) . 2010-02-14 21:28 . 2010-02-14 21:30 -------- d-----w- c:\users\Stan\AppData\Local\temp 2010-02-14 21:28 . 2010-02-14 21:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-02-11 18:02 . 2010-02-11 18:02 -------- d-----w- c:\program files\iTunes 2010-02-11 17:55 . 2010-02-11 17:55 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-02-06 19:58 . 2010-02-06 19:58 -------- d-----w- c:\program files\Trend Micro 2010-02-05 22:59 . 2010-02-05 22:59 -------- d-----w- c:\users\Stan\AppData\Roaming\EMCO 2010-02-05 22:58 . 2010-02-05 22:58 -------- d-----w- c:\program files\EMCO 2010-01-28 00:53 . 2010-02-01 19:57 -------- d-----w- C:\My Music 2010-01-26 23:19 . 2010-01-18 16:51 1260800 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe 2010-01-26 23:19 . 2010-01-18 16:51 3777280 ----a-w- c:\programdata\avg9\update\backup\setup.exe 2010-01-21 19:02 . 2009-12-16 11:44 834048 ----a-w- c:\windows\system32\wininet.dll 2010-01-21 19:02 . 2009-12-18 13:01 78336 ----a-w- c:\windows\system32\ieencode.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-14 21:15 . 2007-07-18 19:26 -------- d-----w- c:\program files\Lx_cats 2010-02-14 21:11 . 2009-11-01 23:23 -------- d-----w- c:\programdata\avg9 2010-02-14 21:10 . 2007-06-19 20:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-02-14 21:10 . 2007-06-19 20:21 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-02-11 18:02 . 2008-09-11 23:07 -------- d-----w- c:\program files\iPod 2010-02-11 18:02 . 2008-06-02 23:32 -------- d-----w- c:\program files\Common Files\Apple 2010-02-11 17:59 . 2008-11-27 17:55 -------- d-----w- c:\program files\QuickTime 2010-02-11 15:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-02-10 21:24 . 2008-03-07 17:43 -------- d-----w- c:\program files\Google 2010-01-27 22:35 . 2007-12-18 22:42 -------- d-----w- c:\program files\Common Files\Java 2010-01-27 22:34 . 2007-12-18 22:44 -------- d-----w- c:\program files\Java 2010-01-21 03:14 . 2008-02-13 02:59 -------- d-----w- c:\program files\Common Files\Adobe 2010-01-21 00:13 . 2008-06-26 22:47 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-11 17:37 . 2010-01-11 17:36 -------- d-----w- c:\programdata\WinZip 2010-01-11 17:33 . 2010-01-11 17:33 68096 --sha-r- c:\windows\system32\KBDLV5.dll 2010-01-11 17:18 . 2010-01-11 17:18 -------- d-----w- c:\program files\uTorrent 2010-01-01 18:55 . 2009-12-31 04:55 -------- d-----w- c:\program files\Top DVD Clone 2009-12-31 16:59 . 2009-12-31 16:59 -------- d-----w- c:\programdata\DVD Shrink 2009-12-31 16:59 . 2009-12-31 16:59 -------- d-----w- c:\program files\DVD Shrink 2009-12-31 04:30 . 2009-12-31 04:30 -------- d-----w- c:\programdata\vsosdk 2009-12-30 20:04 . 2007-06-13 17:44 -------- d-----w- c:\users\Stan\AppData\Roaming\Vso 2009-12-30 20:03 . 2007-06-13 17:44 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2009-12-30 20:03 . 2007-06-13 17:44 47360 ----a-w- c:\users\Stan\AppData\Roaming\pcouffin.sys 2009-12-30 20:03 . 2007-06-13 17:44 47360 ----a-w- c:\users\Stan\AppData\Roaming\pcouffin.sys 2009-12-30 20:02 . 2009-12-30 20:02 -------- d-----w- c:\program files\LG Software Innovations 2009-12-24 16:05 . 2009-10-31 16:40 -------- d-----w- c:\users\Stan\AppData\Roaming\Move Networks 2009-12-23 01:37 . 2009-10-31 16:40 144160 ----a-w- c:\users\Stan\AppData\Roaming\Move Networks\uninstall.exe 2009-12-23 01:37 . 2009-12-07 01:22 5603776 ----a-w- c:\users\Stan\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll 2009-12-17 22:25 . 2009-12-17 22:25 26024 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys 2009-12-17 22:14 . 2008-11-23 01:31 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-11 11:43 . 2010-02-10 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-11 11:43 . 2010-02-10 15:04 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys 2009-12-08 20:01 . 2010-02-10 15:04 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-12-08 20:01 . 2010-02-10 15:04 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-08 20:01 . 2010-02-10 15:04 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-08 17:26 . 2010-02-10 15:04 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2009-12-04 18:30 . 2010-02-10 15:04 12288 ----a-w- c:\windows\system32\tsbyuv.dll 2009-12-04 18:29 . 2010-02-10 15:04 1314816 ----a-w- c:\windows\system32\quartz.dll 2009-12-04 18:28 . 2010-02-10 15:04 22528 ----a-w- c:\windows\system32\msyuv.dll 2009-12-04 18:28 . 2010-02-10 15:04 31744 ----a-w- c:\windows\system32\msvidc32.dll 2009-12-04 18:28 . 2010-02-10 15:04 123904 ----a-w- c:\windows\system32\msvfw32.dll 2009-12-04 18:28 . 2010-02-10 15:04 13312 ----a-w- c:\windows\system32\msrle32.dll 2009-12-04 18:28 . 2010-02-10 15:04 82944 ----a-w- c:\windows\system32\mciavi32.dll 2009-12-04 18:28 . 2010-02-10 15:04 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2009-12-04 18:27 . 2010-02-10 15:04 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-12-04 15:56 . 2010-02-10 15:04 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2009-12-04 15:56 . 2010-02-10 15:04 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-11-21 01:08 . 2009-11-21 01:08 439816 ----a-w- c:\users\Stan\AppData\Roaming\Real\Update\recsetup\setup.exe 2009-11-21 01:08 . 2009-11-21 01:08 118784 ----a-w- c:\users\Stan\AppData\Roaming\Real\Update\recsetup\install.dll 2009-11-17 22:18 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2007-09-03 20:35 . 2007-09-03 20:35 22 --sha-w- c:\windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536] "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 155648] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552] "RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952] "DPService"="c:\program files\HP\DVDPlay\DPService.exe" [2006-12-06 81920] "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344] "lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2007-03-19 291760] "Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2007-03-19 304048] "EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2007-03-19 82864] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-25 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-25 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-25 133656] "LXCTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-26 198160] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-24 44136] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Compaq Connections.lnk - c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe [2007-3-12 34520] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Compaq Connections.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Compaq Connections.lnk backup=c:\windows\pss\Compaq Connections.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2009-08-13 19:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-02-17 06:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2009-11-26 13:56 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "VistaSp2"=hex(:56,28,f0,38,d1,38,ca,01 R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\System32\drivers\RTL85n86.sys [11/2/2006 5:25 AM 311808] S2 GoogleUpdateBeta;Google Update Service;c:\users\Stan\AppData\Local\Google\Update\GoogleUpdateBeta.exe /svc --> c:\users\Stan\AppData\Local\Google\Update\GoogleUpdateBeta.exe [?] S2 gupdate1c987f1bcfda6d5;Google Update Service (gupdate1c987f1bcfda6d5);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2009 7:27 PM 133104] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder 2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 00:27] 2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 00:27] . . ------- Supplementary Scan ------- . uStart Page = hxxp://my.yahoo.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Presario&pf=desktop uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 Trusted Zone: real.com\rhap-app-4-0 Trusted Zone: real.com\rhapreg FF - ProfilePath - c:\users\Stan\AppData\Roaming\Mozilla\Firefox\Profiles\qbcp5lt7.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/|http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p= FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll FF - plugin: c:\users\Stan\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll FF - plugin: c:\users\Stan\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll FF - plugin: c:\users\Stan\AppData\Roaming\Mozilla\Firefox\Profiles\qbcp5lt7.default\extensions\[email protected]\plugins\npTVUAx.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. - - - - ORPHANS REMOVED - - - - BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) MSConfigStartUp-FaxCenterServer - c:\program files\Dell PC Fax\fm3032.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-02-14 16:30 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCTCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,[email protected]??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... c:\windows\TEMP\TMP00000066394946F1BA80F3D6 524288 bytes executable scan completed successfully hidden files: 1 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}00\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000001 "MSCurrentCountry"=dword:000000b5 . Completion time: 2010-02-14 16:35:02 ComboFix-quarantined-files.txt 2010-02-14 21:34 Pre-Run: 84,523,675,648 bytes free Post-Run: 84,535,672,832 bytes free - - End Of File - - A3F5C6926F77E2026E89DF03730DA909
  6. Here's what I got from that: GMER 1.0.15.15281 - [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-02-14 14:16:25 Windows 6.0.6002 Service Pack 2 Running: qdjpmvjs.exe; Driver: C:\Users\Stan\AppData\Local\Temp\kwldypog.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73E07817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73E5A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73E0BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73DFF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73E075E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73DFE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73E38395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73E0DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73DFFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73DFFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73DF71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73E8CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73E2C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73DFD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73DF6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73DF687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73E02AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----
  7. DDS: DDS (Ver_09-12-01.01) - NTFSx86 Run by Stan at 23:04:16.48 on Sat 02/13/2010 Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_18 Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6002.2.1252.1.1033.18.1782.773 [GMT -5:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} SP: SpywareBot *enabled* (Updated) {3F5AA1AF-ECD2-4300-8F83-4D1D7D3ED048} SP: Norton Internet Security *disabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A} FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\rundll32.exe C:\Windows\system32\taskeng.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\RtHDVCpl.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Lexmark 5400 Series\lxctmon.exe C:\Program Files\Lexmark 5400 Series\ezprint.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Flip Video\FlipShare\FlipShareService.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\lxctcoms.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Users\Stan\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://my.yahoo.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Presario&pf=desktop mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Presario&pf=desktop uInternet Settings,ProxyOverride = *.local uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe" mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe" mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [DPService] "c:\program files\hp\dvdplay\DPService.exe" mRun: [<NO NAME>] mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s mRun: [lxctmon.exe] "c:\program files\lexmark 5400 series\lxctmon.exe" mRun: [Lexmark 5400 Series Fax Server] "c:\program files\lexmark 5400 series\fm3032.exe" /s mRun: [EzPrint] "c:\program files\lexmark 5400 series\ezprint.exe" mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [LXCTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCTtime.dll,[email protected] mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [92086126] c:\programdata\92086126\92086126.exe mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\3572475\program\Compaq Connections.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL Trusted Zone: real.com\rhap-app-4-0 Trusted Zone: real.com\rhapreg DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Notify: igfxcui - igfxdev.dll AppInit_DLLs: avgrsstx.dll Hosts: 127.0.0.1 www.spywareinfoforum.com ================= FIREFOX =================== FF - ProfilePath - c:\users\stan\appdata\roaming\mozilla\firefox\profiles\qbcp5lt7.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/|http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p= FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\xpavgtbapi.dll FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll FF - plugin: c:\users\stan\appdata\roaming\move networks\plugins\npqmp071701000002.dll FF - plugin: c:\users\stan\appdata\roaming\move networks\plugins\npqmp071705000014.dll FF - plugin: c:\users\stan\appdata\roaming\mozilla\firefox\profiles\qbcp5lt7.default\extensions\[email protected]\plugins\npTVUAx.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-28 333192] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-28 28424] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-2 360584] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-11-1 906520] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-1 285392] R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2006-11-2 311808] S2 GoogleUpdateBeta;Google Update Service;c:\users\stan\appdata\local\google\update\googleupdatebeta.exe /svc --> c:\users\stan\appdata\local\google\update\GoogleUpdateBeta.exe [?] S2 gupdate1c987f1bcfda6d5;Google Update Service (gupdate1c987f1bcfda6d5);c:\program files\google\update\GoogleUpdate.exe [2009-2-5 133104] S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-24 21504] =============== Created Last 30 ================ 2010-02-11 18:02:01 0 d-----w- c:\program files\iTunes 2010-02-06 19:58:45 0 d-----w- c:\program files\Trend Micro 2010-02-05 22:59:07 0 d-----w- c:\users\stan\appdata\roaming\EMCO 2010-02-05 22:58:45 0 d-----w- c:\program files\EMCO 2010-02-02 01:10:02 0 d---a-w- c:\programdata\TEMP 2010-01-28 00:53:47 0 d-----w- C:\My Music 2010-01-27 22:35:19 0 d-----w- c:\programdata\Sun 2010-01-21 19:02:51 834048 ----a-w- c:\windows\system32\wininet.dll 2010-01-21 19:02:47 78336 ----a-w- c:\windows\system32\ieencode.dll ==================== Find3M ==================== 2010-01-11 17:33:38 68096 --sha-r- c:\windows\system32\KBDLV5.dll 2009-12-30 20:03:54 51200 ----a-w- c:\windows\inf\infpub.dat 2009-12-30 20:03:54 143360 ----a-w- c:\windows\inf\infstrng.dat 2009-12-30 20:03:45 86016 ----a-w- c:\windows\inf\infstor.dat 2009-12-30 20:03:20 87608 ----a-w- c:\users\stan\appdata\roaming\inst.exe 2009-12-30 20:03:20 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2009-12-30 20:03:20 47360 ----a-w- c:\users\stan\appdata\roaming\pcouffin.sys 2009-12-17 22:25:12 26024 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys 2009-12-17 22:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-08 20:01:02 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-08 20:01:02 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-04 18:30:05 12288 ----a-w- c:\windows\system32\tsbyuv.dll 2009-12-04 18:29:41 1314816 ----a-w- c:\windows\system32\quartz.dll 2009-12-04 18:28:52 22528 ----a-w- c:\windows\system32\msyuv.dll 2009-12-04 18:28:51 31744 ----a-w- c:\windows\system32\msvidc32.dll 2009-12-04 18:28:51 123904 ----a-w- c:\windows\system32\msvfw32.dll 2009-12-04 18:28:49 13312 ----a-w- c:\windows\system32\msrle32.dll 2009-12-04 18:28:27 82944 ----a-w- c:\windows\system32\mciavi32.dll 2009-12-04 18:28:21 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2009-12-04 18:27:12 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-11-17 22:18:12 665600 ----a-w- c:\windows\inf\drvindex.dat 2008-05-24 20:49:24 174 --sha-w- c:\program files\desktop.ini 2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib409\perfd.dat 2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib409\perfc.dat 2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib409\perfi.dat 2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib409\perfh.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib00\perfi.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib00\perfh.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib00\perfd.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib00\perfc.dat 2007-09-03 20:35:12 22 --sha-w- c:\windows\sminst\HPCD.sys ============= FINISH: 23:08:28.84 =============== Attach: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-12-01.01) Microsoft® Windows Vistaâ„¢ Home Basic Boot Device: \Device\HarddiskVolume1 Install Date: 3/18/2007 9:00:11 PM System Uptime: 2/13/2010 3:21:34 PM (8 hours ago) Motherboard: ASUSTek Computer INC. | | LEONITE Processor: Intel® Pentium® 4 CPU 3.20GHz | Socket 775 | 2800/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 143 GiB total, 79.271 GiB free. D: is FIXED (NTFS) - 6 GiB total, 0.871 GiB free. E: is CDROM () F: is Removable G: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== ==== Installed Programs ====================== 1Click DVD Copy 5.7.1.0 3ivx MPEG-4 5.0.3 (remove only) ABBYY FineReader 6.0 Sprint Acoustica Effects Pack Adobe Flash Player 10 ActiveX Adobe Reader 8.2.0 Adobe Shockwave Player 11.5 Amazon MP3 Downloader 1.0.3 Apple Application Support Apple Mobile Device Support Apple Software Update Are You Smarter Than A 5th Grader? AVG Free 9.0 Bonjour CCleaner (remove only) CloneCD CloneDVD2 Compaq Connections (remove only) Compatibility Pack for the 2007 Office system DivX Content Uploader DivX Web Player DVD Decrypter (Remove Only) DVD Play EMCO MoveOnBoot v2.1 FlipShare Google Earth Google Update Helper Hardware Diagnostic Tools HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Customer Experience Enhancements HP Customer Feedback HP Easy Setup - Core HP Easy Setup - Frontend HP On-Screen Caps/Num/Scroll Lock Indicator HP Total Care Advisor HP Update Intel® Graphics Media Accelerator Driver Intel® Matrix Storage Manager iPod for Windows 2005-09-23 iTunes Java Auto Updater Java(tm) 6 Update 18 Java(tm) 6 Update 3 Java(tm) 6 Update 5 Java(tm) 6 Update 6 Java(tm) 6 Update 7 Lexmark 5400 Series LightScribe 1.4.136.1 Microsoft .NET Framework 3.5 SP1 Microsoft IntelliPoint 6.1 Microsoft Office Professional Edition 2003 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 MobileMe Control Panel Move Media Player Mozilla Firefox (3.5.7) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) My HP Games Octoshape add-in for Adobe Flash Player OGA Notifier 2.0.0048.0 OneTouch Software OneTouch USB Driver Photo Story 3 for Windows Python 2.4.3 QuickTime RealPlayer Realtek High Definition Audio Driver Rhapsody Rhapsody MP3 Download Manager Rhapsody Player Engine Soft Data Fax Modem with SmartCP SopCast 3.0.3 Spin It Again Spybot - Search & Destroy TBS WMP Plug-in Update for Microsoft .NET Framework 3.5 SP1 (KB963707) VideoLAN VLC media player 0.8.6d VirtualCloneDrive Windows Media Player Firefox Plugin Windows Movie Maker 2.6 WinZip 14.0 Yahtzee ==== End Of File =========================== GMER causes a blue screen every time I try to use it..
  8. This started about 3 weeks ago when downloading real player. Same day I was at a site to download a dvd recorder. Every time I search in Google or Yahoo, my browser redirects to other sites that I do not wish to go to. This redirect comes up even when I try to open with a new tab on firefox. I did some investigation, and in my temporary folder, an exe named "setuper" was located there. I could not delete this file manually, so I used the program moveonboot to delete it, which it did. I haven't been having redirects after deleting that file, but I just want to make sure nothing else is lurking. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:00:37 PM, on 2/6/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\RtHDVCpl.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Lexmark 5400 Series\lxctmon.exe C:\Program Files\Lexmark 5400 Series\ezprint.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Windows\System32\mobsync.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Presario&pf=desktop"]http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Presario&pf=desktop"]http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe" O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,[email protected] O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [92086126] C:\ProgramData\92086126\92086126.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing) O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe O23 - Service: Google Update Service (GoogleUpdateBeta) - Unknown owner - C:\Users\Stan\AppData\Local\Google\Update\GoogleUpdateBeta.exe (file missing) O23 - Service: Google Update Service (gupdate1c987f1bcfda6d5) (gupdate1c987f1bcfda6d5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing) O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8987 bytes
  9. Alright thanks I really appreciate it. I guess that rootkit avg is detecting is just a false alarm or something. Thanks again for your help.
  10. When I first ran it, it said something about write access denied to the host file or something so I right-clicked run as administrator and got this: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:26:17 PM, on 8/8/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18294) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe C:\Program Files\Dell Photo AIO Printer 926\memcard.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Minefield\firefox.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe C:\Program Files\Azureus\Azureus.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,[email protected] O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1BCF7629-66C8-4639-8DAD-1C17AA460696}: NameServer = 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{1BCF7629-66C8-4639-8DAD-1C17AA460696}: NameServer = 192.168.0.1 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9510 bytes I did a rootkit scan with avg and it found one now at: C:\Windows\System32\Drivers\aag83uzu.SYS
  11. The online scan picked up 6 things, but this scan only picked up four: Detected -------- Status Object ------ ------ deleted: Trojan program Trojan-Downloader.WMA.Wimad.u File: C:\Users\Taylor\Documents\FrostWire\Incomplete\T-1418695-14 - Staind - Nutshell (Alice in Chains cover).wma deleted: Trojan program Trojan-Downloader.WMA.GetCodec.ac File: C:\Users\Taylor\Documents\FrostWire\Incomplete\T-3406532-i aint no nice guy.mp3 deleted: Trojan program Trojan-Downloader.WMA.GetCodec.c File: C:\Users\Taylor\Documents\FrostWire\Incomplete\T-3545425-100 in 55 acoustic.mp3 deleted: Trojan program Trojan-Downloader.WMA.GetCodec.u File: C:\Users\Taylor\Documents\FrostWire\Incomplete\T-6472385-9th symphony new world.mp3
  12. OTM froze the first time I ran it, so I had to reboot my computer and run it again, that's why it says that it could not find those files. OTM: All processes killed ========== PROCESSES ========== ========== SERVICES/DRIVERS ========== Service\Driver JZGTPPEIXO not found. Service\Driver JZGTPPEIXO not found. ========== REGISTRY ========== ========== FILES ========== File/Folder C:\Users\Taylor\AppData\Roaming\Azureus\restart.bat not found. File/Folder C:\Users\Taylor\AppData\Local\Temp\JZGTPPEIXO.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Taylor ->Temp folder emptied: 672425 bytes ->Temporary Internet Files folder emptied: 9941995 bytes ->Java cache emptied: 8938768 bytes ->FireFox cache emptied: 40939083 bytes ->Apple Safari cache emptied: 2019490 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 12382 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 59.63 mb OTM by OldTimer - Version 3.0.0.5 log created on 08052009_225051 Files moved on Reboot... Registry entries deleted on Reboot... MBAM: Malwarebytes' Anti-Malware 1.40 Database version: 2568 Windows 6.0.6001 Service Pack 1 8/5/2009 11:14:13 PM mbam-log-2009-08-05 (23-14-13).txt Scan type: Quick Scan Objects scanned: 83344 Time elapsed: 7 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 5 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 2 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\HDQuality (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDQuality (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSIVXserv.sys (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDQuality (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Program Files\HDQuality (Trojan.DNSChanger) -> Quarantined and deleted successfully. Files Infected: C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDQuality\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Program Files\HDQuality\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. I've tried 3 different times to get a logfile from kaspersky, but it will not produce one. It prompts me to save, but when I do it is nowhere to be found. I've tried 3 different runs to get that log file working, it takes about 4 hours to run through the scan so I can't try it again until about saturday due to work/school schedules. This is all I can produce for now, if you can use what's above then awesome, if not, just wait until saturday and hopefully the 4th time's a charm.
  13. ComboFix 09-08-01.09 - Taylor 08/05/2009 0:42:54.1.2 - NTFSx86 MINIMAL Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6001.1.1252.1.1033.18.3070.2572 [GMT -4:00] Running from: C:\Users\Taylor\Desktop\Combo-Fix.exe AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66} SP: AVG Internet Security *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . /wow section not completed ((((((((((((((((((((((((( Files Created from 2009-07-05 to 2009-08-05 ))))))))))))))))))))))))))))))) . 2009-07-26 02:37:25 . 2009-07-26 02:37:25 0 d-----w- C:\Program Files\iPod . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-05 04:40:15 . 2008-10-24 00:26:07 0 d-----w- C:\Program Files\Minefield 2009-08-05 04:21:36 . 2007-11-26 07:21:25 12 ----a-w- C:\Windows\bthservsdp.dat 2009-08-04 05:23:11 . 2008-04-18 21:29:35 0 d-----w- C:\PROGRA~2\Google Updater 2009-08-03 17:31:44 . 2007-12-27 19:35:46 0 d-----w- C:\Users\Taylor\AppData\Roaming\Azureus 2009-08-02 06:11:23 . 2007-11-26 07:31:11 0 d-----w- C:\Program Files\Trend Micro 2009-08-02 06:05:46 . 2008-09-03 19:57:49 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware 2009-08-01 06:08:12 . 2009-01-04 03:10:45 0 d-----w- C:\Users\Taylor\AppData\Roaming\FrostWire 2009-07-28 20:53:33 . 2007-12-27 19:36:37 182 ----a-w- C:\Users\Taylor\AppData\Roaming\Azureus\restart.bat 2009-07-28 20:52:43 . 2007-12-27 19:32:33 0 d-----w- C:\Program Files\Azureus 2009-07-26 02:38:07 . 2008-08-02 01:00:53 0 d-----w- C:\Program Files\iTunes 2009-07-26 02:37:24 . 2007-12-26 20:05:12 0 d-----w- C:\Program Files\Common Files\Apple 2009-07-14 03:02:27 . 2008-10-21 01:10:33 0 d-----w- C:\PROGRA~2\Avg8 2009-06-29 17:57:13 . 2009-06-29 17:57:13 0 d-----w- C:\Program Files\HDQuality 2009-06-28 18:14:36 . 2009-06-28 18:14:16 0 d-----w- C:\Users\Taylor\AppData\Roaming\MozillaControl 2009-06-28 18:13:14 . 2009-06-28 18:11:54 0 d-----w- C:\Program Files\Graboid 2009-06-28 18:13:05 . 2009-06-28 18:13:02 0 d-----w- C:\Program Files\Mozilla ActiveX Control v1.7.12 2009-06-17 15:27:56 . 2008-09-03 19:57:50 38160 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys 2009-06-17 15:27:44 . 2008-09-03 19:57:50 19096 ----a-w- C:\Windows\system32\drivers\mbam.sys 2009-06-16 19:25:18 . 2008-10-21 02:09:39 27784 ----a-w- C:\Windows\system32\drivers\avgmfx86.sys 2009-06-15 04:15:20 . 2007-12-25 23:51:30 0 d-----w- C:\Program Files\AIM6 2009-06-15 04:15:16 . 2009-06-15 04:15:15 0 d-----w- C:\Program Files\AIMTunes 2009-06-15 04:14:31 . 2007-12-25 23:52:33 0 d-----w- C:\PROGRA~2\Viewpoint 2009-06-15 04:12:55 . 2008-05-15 23:53:31 0 d-----w- C:\PROGRA~2\AOL Downloads 2009-06-10 17:21:35 . 2008-10-21 02:09:41 327688 ----a-w- C:\Windows\system32\drivers\avgldx86.sys 2009-06-10 17:17:27 . 2008-02-25 20:46:14 0 d-----w- C:\PROGRA~2\NVIDIA 2009-06-07 02:39:58 . 2008-03-19 23:03:25 0 d-----w- C:\Users\Taylor\AppData\Roaming\DivX 2009-06-06 17:36:17 . 2007-12-25 22:22:26 97840 ----a-w- C:\Users\Taylor\AppData\Local\GDIPFONTCACHEV1.DAT 2009-05-29 17:36:16 . 2009-05-29 17:36:16 39424 ----a-w- C:\Windows\system32\drivers\usbaapl.sys 2009-05-29 17:36:16 . 2009-05-29 17:36:16 2060288 ----a-w- C:\Windows\system32\usbaaplrc.dll 2009-05-14 21:55:38 . 2009-05-14 21:55:38 245408 ----a-w- C:\Windows\system32\unicows.dll 2008-12-29 04:44:55 . 2008-05-18 00:42:45 134656 ----a-w- C:\Program Files\mozilla firefox\components\brwsrcmp.dll 2008-08-08 19:35:29 . 2008-08-08 19:35:31 122880 ----a-w- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll 2009-05-01 21:02:48 . 2009-05-01 21:02:48 1044480 ----a-w- C:\Program Files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02:48 . 2009-05-01 21:02:48 200704 ----a-w- C:\Program Files\mozilla firefox\plugins\ssldivx.dll 2007-11-26 15:06:33 . 2007-11-26 14:55:26 8192 --sha-w- C:\Windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 22:32:40 206064] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33:40 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 03:38:40 1008184] "Windows Mobile Device Center"="C:\Windows\WindowsMobile\wmdc.exe" [2007-05-31 15:21:28 648072] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 17:37:04 81920] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-08 19:35:29 29744] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 00:57:14 16384] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 17:35:42 221184] "dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 16:57:28 292336] "MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 22:04:46 304008] "DLCXCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 06:31:56 106496] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 22:32:40 206064] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 00:58:04 177472] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2009-06-10 17:21:29 1948440] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 06:04:34 39792] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-05-26 21:18:30 413696] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2009-03-28 04:03:00 13687328] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2009-03-28 04:03:00 92704] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-07-13 18:03:10 292128] "RtHDVCpl"="RtHDVCpl.exe" - C:\Windows\RtHDVCpl.exe [2008-01-17 11:22:20 4907008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-11-26 50688] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux3"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] SetupExecute REG_MULTI_SZ [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Users^Taylor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk] path=C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk backup=C:\Windows\pss\MagicDisc.lnk.Startup backupExtension=.Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{3D218756-9ADD-422F-B93E-8B0D106B2211}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox "{D5E401BB-17F2-4FB6-AEAA-ACD3A5300AF6}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox "{C1944503-7173-43FB-8512-E6CC22A4ED46}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{B7416332-A0FC-49F2-B9BA-545471C8F71C}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader "TCP Query User{6F1469E6-6C41-4507-9BBA-70717548F488}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{903AAA3A-7241-40B7-B834-ADEDB6A1935C}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "{87EA62BF-A5B6-4971-9040-3C9E6E1D967E}"= UDP:C:\Windows\System32\dlcxcoms.exe:Lexmark Communications System "{4DD95A47-03CB-4135-AE33-01300FAAB84C}"= TCP:C:\Windows\System32\dlcxcoms.exe:Lexmark Communications System "{2C992900-91DC-4CF4-A93A-FB6089327C95}"= UDP:C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor "{05FE3D30-767C-47CE-8EE4-9811FF4883EE}"= TCP:C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor "{F4492335-8D5B-4368-A39E-914F733303D6}"= UDP:C:\Program Files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center "{A0B7ADAF-F987-4F77-A94A-DB9D01849979}"= TCP:C:\Program Files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center "{FCB20782-78F5-4222-AFCB-AFB78FAEA78A}"= UDP:443:AIM1 "{11D932A9-26B4-4C00-8F45-DD3C585AE639}"= TCP:443:AIM2 "{16AA50F4-A07B-4B68-BDE2-CF485696F0FD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{D7B8FD2A-1173-4A70-B6EA-5047984306F3}C:\\games\\paintball2\\paintball2.exe"= UDP:C:\games\paintball2\paintball2.exe:paintball2 "UDP Query User{16B525A2-52A5-4B64-8E96-00987B7832FD}C:\\games\\paintball2\\paintball2.exe"= TCP:C:\games\paintball2\paintball2.exe:paintball2 "TCP Query User{E098B7DF-9199-4952-8EF4-EECBD66292B3}C:\\program files\\world of warcraft\\wow-2.3.0-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.3.0-enus-downloader.exe:Blizzard Downloader "UDP Query User{EDF070C0-8683-4B43-8EF0-C00F9B53C9AF}C:\\program files\\world of warcraft\\wow-2.3.0-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.3.0-enus-downloader.exe:Blizzard Downloader "TCP Query User{D956003D-0CD5-493B-A6F3-FDB7799824F7}C:\\program files\\world of warcraft\\wow-2.4.0-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.4.0-enus-downloader.exe:Blizzard Downloader "UDP Query User{A2EC3A39-1BE4-4869-B94E-DFCFA84AD024}C:\\program files\\world of warcraft\\wow-2.4.0-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.4.0-enus-downloader.exe:Blizzard Downloader "{AEFDD787-544E-4E07-B646-3CF7703DC728}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3 "{01CE8C8B-15BF-4ECA-885A-2B8DBBA290F9}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3 "TCP Query User{DB54FCFD-E8A5-45F2-85AB-9B59B9352AC2}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{943CD335-2B2D-40C5-8DC1-95299F06CFA6}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{4A063C38-8F7D-4168-8B26-03154AAD9E11}"= UDP:C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:VoipStunt "{7DDAC501-6EA2-4EAA-AD4F-80E8883047BF}"= TCP:C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:VoipStunt "{7133024F-C027-44A6-A9C5-FAFE3D9DB017}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe "{618C6FF6-B1EB-4074-BD97-05B93E740FE1}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe "{E35128A5-C44F-4DAC-A305-50F5A6EE09A8}"= C:\Program Files\AVG\AVG8\avgnsx.exe:avgnsx.exe "{CAD7BFA1-B858-4883-B084-09B47458F1C3}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{4F126907-C50D-47A5-8A2F-D6EED846B3C5}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{07E5F75E-1602-46A6-9896-37E699023D0C}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM "{D836F5AE-3A5C-469F-B8CF-73188DC158F3}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM "{C3219416-6085-487A-90D2-CAF0A07F8335}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{D2C13626-11CB-4EB2-BA98-912DC55CA32F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 AvgRkx86;avgrkx86.sys;C:\Windows\System32\drivers\avgrkx86.sys [10/20/2008 10:09:47 PM 12552] S1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6x.sys [10/23/2008 3:51:23 PM 23832] S1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\System32\drivers\avgldx86.sys [10/20/2008 10:09:41 PM 327688] S1 AvgTdiX;AVG8 Network Redirector;C:\Windows\System32\drivers\avgtdix.sys [10/23/2008 3:51:23 PM 108552] S2 AERTFilters;Andrea RT Filters Service;C:\Windows\System32\AERTSrv.exe [12/5/2007 6:17:24 AM 77824] S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [4/29/2009 3:13:11 PM 906520] S2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [1/7/2009 4:36:43 PM 298776] S2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [4/29/2009 3:12:44 PM 1368952] S2 dlcx_device;dlcx_device;C:\Windows\system32\dlcxcoms.exe -service --> C:\Windows\system32\dlcxcoms.exe -service [?] S2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [12/25/2007 7:53:06 PM 24652] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [11/26/2007 3:40:15 AM 29744] S3 JZGTPPEIXO;JZGTPPEIXO;C:\Users\Taylor\AppData\Local\Temp\JZGTPPEIXO.exe --> C:\Users\Taylor\AppData\Local\Temp\JZGTPPEIXO.exe [?] S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [8/21/2008 7:49:22 PM 18688] S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [8/21/2008 7:49:56 PM 8320] S3 motport;Motorola USB Diagnostic Port;C:\Windows\System32\drivers\motport.sys [6/18/2007 2:18:26 PM 23680] --- Other Services/Drivers In Memory --- *NewlyCreated* - ECACHE [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . - - - - ORPHANS REMOVED - - - - HKCU-Run-Vidalia - C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe HKCU-Run-VoipStunt - C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe HKCU-Run-Aim6 - (no file) HKLM-Run-<NO NAME> - (no file) HKLM-RunOnce-<NO NAME> - (no file) . ------- Supplementary Scan ------- . uSearch Page = hxxp://www.google.com uStart Page = hxxp://www.windstream.net/ uWindow Title = Internet Explorer provided by Dell uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6071126 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab FF - ProfilePath - C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\hcriw13c.default\ FF - prefs.js: browser.search.selectedEngine - Project Playlist Music Search FF - prefs.js: browser.startup.homepage - hxxp://uoflsports.cstv.com/ FF - component: C:\Program Files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\Program Files\Java\jre1.6.0\bin\npjava11.dll FF - plugin: c:\Program Files\Java\jre1.6.0\bin\npjava12.dll FF - plugin: c:\Program Files\Java\jre1.6.0\bin\npjava13.dll FF - plugin: c:\Program Files\Java\jre1.6.0\bin\npjava14.dll FF - plugin: c:\Program Files\Java\jre1.6.0\bin\npjava32.dll FF - plugin: c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll FF - plugin: c:\Program Files\Java\jre1.6.0\bin\npoji610.dll FF - plugin: C:\Program Files\Minefield\plugins\npViewpoint.dll FF - plugin: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - plugin: C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\hcriw13c.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll ---- FIREFOX POLICIES ---- C:\Program Files\Minefield\greprefs\all.js - pref("media.enforce_same_site_origin", false); C:\Program Files\Minefield\greprefs\all.js - pref("media.cache_size", 51200); C:\Program Files\Minefield\greprefs\all.js - pref("media.ogg.enabled", true); C:\Program Files\Minefield\greprefs\all.js - pref("media.wave.enabled", true); C:\Program Files\Minefield\greprefs\all.js - pref("media.autoplay.enabled", true); C:\Program Files\Minefield\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); C:\Program Files\Minefield\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); C:\Program Files\Minefield\greprefs\all.js - pref("dom.storage.default_quota", 5120); C:\Program Files\Minefield\greprefs\all.js - pref("content.sink.event_probe_rate", 3); C:\Program Files\Minefield\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); C:\Program Files\Minefield\greprefs\all.js - pref("layout.css.dpi", -1); C:\Program Files\Minefield\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); C:\Program Files\Minefield\greprefs\all.js - pref("gestures.enable_single_finger_input", true); C:\Program Files\Minefield\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); C:\Program Files\Minefield\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); C:\Program Files\Minefield\greprefs\all.js - pref("geo.enabled", true); C:\Program Files\Minefield\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); C:\Program Files\Minefield\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", ""); C:\Program Files\Minefield\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", ""); C:\Program Files\Minefield\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-f-CN", ""); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.cpd.history", true); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . . ------- File Associations ------- . regedit=regedit.exe "%1" regfile=regedit.exe "%1" %* scrfile="%1" %* . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-05 00:52:03 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCXCATS = rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,[email protected]??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiserver] "ImagePath"="%systemroot%\system32\msiexec /V" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}00\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}01\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}02\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}03\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(1456) C:\Program Files\Adobe\Reader 8.0\Reader\viewerps.dll . Completion time: 2009-08-05 0:55:15 ComboFix-quarantined-files.txt 2009-08-05 04:54:50 Pre-Run: 137,229,918,208 bytes free Post-Run: 137,412,472,832 bytes free 348 --- E O F --- 2009-06-25 17:41:05
  14. When I ran Combo-Fix in safe mode the same pop-up seemed to come up telling me that avg was still running, but it exited out automatically within half a second to continue on with the scan so I didn't have a choice. Some of the stages of the scan could not be completed because for some reason they didn't have administrative privileges. For some reason when I rebooted my computer my desktop wallpaper was reset, and my internet connection settings were all screwed up and I had to go back and set them all again. Here is my logfile: ComboFix 09-08-01.09 - Taylor 08/05/2009 0:42:54.1.2 - NTFSx86 MINIMAL Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6001.1.1252.1.1033.18.3070.2572 [GMT -4:00] Running from: C:\Users\Taylor\Desktop\Combo-Fix.exe AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66} SP: AVG Internet Security *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . /wow section not completed ((((((((((((((((((((((((( Files Created from 2009-07-05 to 2009-08-05 ))))))))))))))))))))))))))))))) . 2009-07-26 02:37:25 . 2009-07-26 02:37:25 0 d-----w- C:\Program Files\iPod . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-05 04:40:15 . 2008-10-24 00:26:07 0 d-----w- C:\Program Files\Minefield 2009-08-05 04:21:36 . 2007-11-26 07:21:25 12 ----a-w- C:\Windows\bthservsdp.dat 2009-08-04 05:23:11 . 2008-04-18 21:29:35 0 d-----w- C:\PROGRA~2\Google Updater 2009-08-03 17:31:44 . 2007-12-27 19:35:46 0 d-----w- C:\Users\Taylor\AppData\Roaming\Azureus 2009-08-02 06:11:23 . 2007-11-26 07:31:11 0 d-----w- C:\Program Files\Trend Micro 2009-08-02 06:05:46 . 2008-09-03 19:57:49 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware 2009-08-01 06:08:12 . 2009-01-04 03:10:45 0 d-----w- C:\Users\Taylor\AppData\Roaming\FrostWire 2009-07-28 20:53:33 . 2007-12-27 19:36:37 182 ----a-w- C:\Users\Taylor\AppData\Roaming\Azureus\restart.bat 2009-07-28 20:52:43 . 2007-12-27 19:32:33 0 d-----w- C:\Program Files\Azureus 2009-07-26 02:38:07 . 2008-08-02 01:00:53 0 d-----w- C:\Program Files\iTunes 2009-07-26 02:37:24 . 2007-12-26 20:05:12 0 d-----w- C:\Program Files\Common Files\Apple 2009-07-14 03:02:27 . 2008-10-21 01:10:33 0 d-----w- C:\PROGRA~2\Avg8 2009-06-29 17:57:13 . 2009-06-29 17:57:13 0 d-----w- C:\Program Files\HDQuality 2009-06-28 18:14:36 . 2009-06-28 18:14:16 0 d-----w- C:\Users\Taylor\AppData\Roaming\MozillaControl 2009-06-28 18:13:14 . 2009-06-28 18:11:54 0 d-----w- C:\Program Files\Graboid 2009-06-28 18:13:05 . 2009-06-28 18:13:02 0 d-----w- C:\Program Files\Mozilla ActiveX Control v1.7.12 2009-06-17 15:27:56 . 2008-09-03 19:57:50 38160 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys 2009-06-17 15:27:44 . 2008-09-03 19:57:50 19096 ----a-w- C:\Windows\system32\drivers\mbam.sys 2009-06-16 19:25:18 . 2008-10-21 02:09:39 27784 ----a-w- C:\Windows\system32\drivers\avgmfx86.sys 2009-06-15 04:15:20 . 2007-12-25 23:51:30 0 d-----w- C:\Program Files\AIM6 2009-06-15 04:15:16 . 2009-06-15 04:15:15 0 d-----w- C:\Program Files\AIMTunes 2009-06-15 04:14:31 . 2007-12-25 23:52:33 0 d-----w- C:\PROGRA~2\Viewpoint 2009-06-15 04:12:55 . 2008-05-15 23:53:31 0 d-----w- C:\PROGRA~2\AOL Downloads 2009-06-10 17:21:35 . 2008-10-21 02:09:41 327688 ----a-w- C:\Windows\system32\drivers\avgldx86.sys 2009-06-10 17:17:27 . 2008-02-25 20:46:14 0 d-----w- C:\PROGRA~2\NVIDIA 2009-06-07 02:39:58 . 2008-03-19 23:03:25 0 d-----w- C:\Users\Taylor\AppData\Roaming\DivX 2009-06-06 17:36:17 . 2007-12-25 22:22:26 97840 ----a-w- C:\Users\Taylor\AppData\Local\GDIPFONTCACHEV1.DAT 2009-05-29 17:36:16 . 2009-05-29 17:36:16 39424 ----a-w- C:\Windows\system32\drivers\usbaapl.sys 2009-05-29 17:36:16 . 2009-05-29 17:36:16 2060288 ----a-w- C:\Windows\system32\usbaaplrc.dll 2009-05-14 21:55:38 . 2009-05-14 21:55:38 245408 ----a-w- C:\Windows\system32\unicows.dll 2008-12-29 04:44:55 . 2008-05-18 00:42:45 134656 ----a-w- C:\Program Files\mozilla firefox\components\brwsrcmp.dll 2008-08-08 19:35:29 . 2008-08-08 19:35:31 122880 ----a-w- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll 2009-05-01 21:02:48 . 2009-05-01 21:02:48 1044480 ----a-w- C:\Program Files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02:48 . 2009-05-01 21:02:48 200704 ----a-w- C:\Program Files\mozilla firefox\plugins\ssldivx.dll 2007-11-26 15:06:33 . 2007-11-26 14:55:26 8192 --sha-w- C:\Windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 22:32:40 206064] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33:40 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 03:38:40 1008184] "Windows Mobile Device Center"="C:\Windows\WindowsMobile\wmdc.exe" [2007-05-31 15:21:28 648072] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 17:37:04 81920] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-08 19:35:29 29744] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 00:57:14 16384] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 17:35:42 221184] "dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 16:57:28 292336] "MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 22:04:46 304008] "DLCXCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 06:31:56 106496] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 22:32:40 206064] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 00:58:04 177472] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2009-06-10 17:21:29 1948440] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 06:04:34 39792] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-05-26 21:18:30 413696] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2009-03-28 04:03:00 13687328] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2009-03-28 04:03:00 92704] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-07-13 18:03:10 292128] "RtHDVCpl"="RtHDVCpl.exe" - C:\Windows\RtHDVCpl.exe [2008-01-17 11:22:20 4907008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-11-26 50688] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux3"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] SetupExecute REG_MULTI_SZ [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Users^Taylor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk] path=C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk backup=C:\Windows\pss\MagicDisc.lnk.Startup backupExtension=.Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{3D218756-9ADD-422F-B93E-8B0D106B2211}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox "{D5E401BB-17F2-4FB6-AEAA-ACD3A5300AF6}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox "{C1944503-7173-43FB-8512-E6CC22A4ED46}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{B7416332-A0FC-49F2-B9BA-545471C8F71C}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader "TCP Query User{6F1469E6-6C41-4507-9BBA-70717548F488}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{903AAA3A-7241-40B7-B834-ADEDB6A1935C}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "{87EA62BF-A5B6-4971-9040-3C9E6E1D967E}"= UDP:C:\Windows\System32\dlcxcoms.exe:Lexmark Communications System "{4DD95A47-03CB-4135-AE33-01300FAAB84C}"= TCP:C:\Windows\System32\dlcxcoms.exe:Lexmark Communications System "{2C992900-91DC-4CF4-A93A-FB6089327C95}"= UDP:C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor "{05FE3D30-767C-47CE-8EE4-9811FF4883EE}"= TCP:C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor "{F4492335-8D5B-4368-A39E-914F733303D6}"= UDP:C:\Program Files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center "{A0B7ADAF-F987-4F77-A94A-DB9D01849979}"= TCP:C:\Program Files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center "{FCB20782-78F5-4222-AFCB-AFB78FAEA78A}"= UDP:443:AIM1 "{11D932A9-26B4-4C00-8F45-DD3C585AE639}"= TCP:443:AIM2 "{16AA50F4-A07B-4B68-BDE2-CF485696F0FD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{D7B8FD2A-1173-4A70-B6EA-5047984306F3}C:\\games\\paintball2\\paintball2.exe"= UDP:C:\games\paintball2\paintball2.exe:paintball2 "UDP Query User{16B525A2-52A5-4B64-8E96-00987B7832FD}C:\\games\\paintball2\\paintball2.exe"= TCP:C:\games\paintball2\paintball2.exe:paintball2 "TCP Query User{E098B7DF-9199-4952-8EF4-EECBD66292B3}C:\\program files\\world of warcraft\\wow-2.3.0-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.3.0-enus-downloader.exe:Blizzard Downloader "UDP Query User{EDF070C0-8683-4B43-8EF0-C00F9B53C9AF}C:\\program files\\world of warcraft\\wow-2.3.0-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.3.0-enus-downloader.exe:Blizzard Downloader "TCP Query User{D956003D-0CD5-493B-A6F3-FDB7799824F7}C:\\program files\\world of warcraft\\wow-2.4.0-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.4.0-enus-downloader.exe:Blizzard Downloader "UDP Query User{A2EC3A39-1BE4-4869-B94E-DFCFA84AD024}C:\\program files\\world of warcraft\\wow-2.4.0-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.4.0-enus-downloader.exe:Blizzard Downloader "{AEFDD787-544E-4E07-B646-3CF7703DC728}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3 "{01CE8C8B-15BF-4ECA-885A-2B8DBBA290F9}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3 "TCP Query User{DB54FCFD-E8A5-45F2-85AB-9B59B9352AC2}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{943CD335-2B2D-40C5-8DC1-95299F06CFA6}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{4A063C38-8F7D-4168-8B26-03154AAD9E11}"= UDP:C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:VoipStunt "{7DDAC501-6EA2-4EAA-AD4F-80E8883047BF}"= TCP:C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:VoipStunt "{7133024F-C027-44A6-A9C5-FAFE3D9DB017}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe "{618C6FF6-B1EB-4074-BD97-05B93E740FE1}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe "{E35128A5-C44F-4DAC-A305-50F5A6EE09A8}"= C:\Program Files\AVG\AVG8\avgnsx.exe:avgnsx.exe "{CAD7BFA1-B858-4883-B084-09B47458F1C3}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{4F126907-C50D-47A5-8A2F-D6EED846B3C5}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{07E5F75E-1602-46A6-9896-37E699023D0C}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM "{D836F5AE-3A5C-469F-B8CF-73188DC158F3}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM "{C3219416-6085-487A-90D2-CAF0A07F8335}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{D2C13626-11CB-4EB2-BA98-912DC55CA32F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 AvgRkx86;avgrkx86.sys;C:\Windows\System32\drivers\avgrkx86.sys [10/20/2008 10:09:47 PM 12552] S1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6x.sys [10/23/2008 3:51:23 PM 23832] S1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\System32\drivers\avgldx86.sys [10/20/2008 10:09:41 PM 327688] S1 AvgTdiX;AVG8 Network Redirector;C:\Windows\System32\drivers\avgtdix.sys [10/23/2008 3:51:23 PM 108552] S2 AERTFilters;Andrea RT Filters Service;C:\Windows\System32\AERTSrv.exe [12/5/2007 6:17:24 AM 77824] S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [4/29/2009 3:13:11 PM 906520] S2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [1/7/2009 4:36:43 PM 298776] S2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [4/29/2009 3:12:44 PM 1368952] S2 dlcx_device;dlcx_device;C:\Windows\system32\dlcxcoms.exe -service --> C:\Windows\system32\dlcxcoms.exe -service [?] S2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [12/25/2007 7:53:06 PM 24652] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [11/26/2007 3:40:15 AM 29744] S3 JZGTPPEIXO;JZGTPPEIXO;C:\Users\Taylor\AppData\Local\Temp\JZGTPPEIXO.exe --> C:\Users\Taylor\AppData\Local\Temp\JZGTPPEIXO.exe [?] S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [8/21/2008 7:49:22 PM 18688] S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [8/21/2008 7:49:56 PM 8320] S3 motport;Motorola USB Diagnostic Port;C:\Windows\System32\drivers\motport.sys [6/18/2007 2:18:26 PM 23680] --- Other Services/Drivers In Memory --- *NewlyCreated* - ECACHE [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . - - - - ORPHANS REMOVED - - - - HKCU-Run-Vidalia - C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe HKCU-Run-VoipStunt - C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe HKCU-Run-Aim6 - (no file) HKLM-Run-<NO NAME> - (no file) HKLM-RunOnce-<NO NAME> - (no file) . ------- Supplementary Scan ------- . uSearch Page = hxxp://www.google.com uStart Page = hxxp://www.windstream.net/ uWindow Title = Internet Explorer provided by Dell uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6071126 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab FF - ProfilePath - C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\hcriw13c.default\ FF - prefs.js: browser.search.selectedEngine - Project Playlist Music Search FF - prefs.js: browser.startup.homepage - hxxp://uoflsports.cstv.com/ FF - component: C:\Program Files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\Program Files\Java\jre1.6.0\bin\npjava11.dll FF - plugin: c:\Program Files\Java\jre1.6.0\bin\npjava12.dll FF - plugin: c:\Program Files\Java\jre1.6.0\bin\npjava13.dll FF - plugin: c:\Program Files\Java\jre1.6.0\bin\npjava14.dll FF - plugin: c:\Program Files\Java\jre1.6.0\bin\npjava32.dll FF - plugin: c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll FF - plugin: c:\Program Files\Java\jre1.6.0\bin\npoji610.dll FF - plugin: C:\Program Files\Minefield\plugins\npViewpoint.dll FF - plugin: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - plugin: C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\hcriw13c.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll ---- FIREFOX POLICIES ---- C:\Program Files\Minefield\greprefs\all.js - pref("media.enforce_same_site_origin", false); C:\Program Files\Minefield\greprefs\all.js - pref("media.cache_size", 51200); C:\Program Files\Minefield\greprefs\all.js - pref("media.ogg.enabled", true); C:\Program Files\Minefield\greprefs\all.js - pref("media.wave.enabled", true); C:\Program Files\Minefield\greprefs\all.js - pref("media.autoplay.enabled", true); C:\Program Files\Minefield\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); C:\Program Files\Minefield\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); C:\Program Files\Minefield\greprefs\all.js - pref("dom.storage.default_quota", 5120); C:\Program Files\Minefield\greprefs\all.js - pref("content.sink.event_probe_rate", 3); C:\Program Files\Minefield\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); C:\Program Files\Minefield\greprefs\all.js - pref("layout.css.dpi", -1); C:\Program Files\Minefield\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); C:\Program Files\Minefield\greprefs\all.js - pref("gestures.enable_single_finger_input", true); C:\Program Files\Minefield\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); C:\Program Files\Minefield\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); C:\Program Files\Minefield\greprefs\all.js - pref("geo.enabled", true); C:\Program Files\Minefield\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); C:\Program Files\Minefield\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", ""); C:\Program Files\Minefield\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", ""); C:\Program Files\Minefield\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-f-CN", ""); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.cpd.history", true); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); C:\Program Files\Minefield\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . . ------- File Associations ------- . regedit=regedit.exe "%1" regfile=regedit.exe "%1" %* scrfile="%1" %* . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-05 00:52:03 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCXCATS = rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,[email protected]??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiserver] "ImagePath"="%systemroot%\system32\msiexec /V" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}�00\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}�01\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}�02\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}�03\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(1456) C:\Program Files\Adobe\Reader 8.0\Reader\viewerps.dll . Completion time: 2009-08-05 0:55:15 ComboFix-quarantined-files.txt 2009-08-05 04:54:50 Pre-Run: 137,229,918,208 bytes free Post-Run: 137,412,472,832 bytes free 348 --- E O F --- 2009-06-25 17:41:05