smichaels8

Members
  • Content Count

    20
  • Joined

  • Last visited

Community Reputation

0 Neutral

About smichaels8

  • Rank
    Member
  1. Here is the new gmer log. Internet explorer may still be on my machine, but I can't find it. Also at about 5:30 every day my adaware turns itself off. GMER 1.0.15.14966 - http://www.gmer.net Rootkit scan 2009-05-06 21:29:36 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF766787E] SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7667BFE] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\SearchIndexer.exe[288] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A51777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A516F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A5173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A51684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----
  2. When I look in add/ remove programs, all I see is IE8. Should I download Mozilla just to be safe?
  3. How do I know if I have IE 7 on my computer? All I see is IE8. If I uninstall I have no other way to get online.
  4. GMER 1.0.15.14966 - http://www.gmer.net Rootkit scan 2009-04-21 18:09:06 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF766787E] SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7667C10] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\SearchIndexer.exe[288] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01179315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 01254832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 0136E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 0136DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 0136DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 0136DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 0136DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 0136E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 0136DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01179315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0124DBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 0124DD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 01254832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 011B1CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 0136E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 0136DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 0136DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 0136DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 0136DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 0136E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 0136DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3172] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0125488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3940] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01179315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3940] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0124DBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3940] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 0124DD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3940] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 01254832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3940] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 011B1CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3940] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 0136E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3940] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 0136DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3940] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 0136DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3940] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 0136DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3940] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 0136DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3940] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 0136E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3940] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 0136DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3940] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0125488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Internet Explorer\iexplore.exe[3172] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [009418FD] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3940] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [009418FD] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\LastGood 0 bytes File C:\WINDOWS\LastGood\INF 0 bytes File C:\WINDOWS\LastGood\INF\oem58.inf 0 bytes File C:\WINDOWS\LastGood\INF\oem58.PNF 0 bytes File C:\WINDOWS\LastGood\system32 0 bytes File C:\WINDOWS\LastGood\system32\DRIVERS 0 bytes File C:\WINDOWS\LastGood\system32\DRIVERS\Lbd.sys 64160 bytes executable ---- EOF - GMER 1.0.15 ----
  5. Here you go. DDS_4_20_09.txt Attach_4_20_09.txt
  6. I upgraded from IE7 to 8 and the process went smoothly. Don't know where IE6 came from.
  7. Attached are the DDS logs. DDS.txt Attach.txt
  8. The extra windows started popping up before you started to help me clean up the computer. I thought it was a result of the virus. Off to run DDS.
  9. Here is my screen shot Click here. I also ran another Kaspersky and the rootkits are still showing up. I attached that log to this message Kaspersky_Scan_Report_4_18_09.txt
  10. I can't get it to paste into the reply and the forum won't let me upload a word document with the screen shot. How should I attach it?
  11. YEs, Everytime I open a Window in IE I get an empty one that pops up. How do I stop this?
  12. Finally got Kaspersky to work. The report is attached. How do I clean these off? I don't see a quarantine button, Kaspersky_Scan_Report_4_17_09.txt
  13. It was an illegal type of file to upload.. Sorry! It says The update has failed. Program has failed t start. Close the kaspersky program and restart. OPen it again top reinstall the prgram. (Which I did a few times) ERROR: Invalid file signature I'm trying to run it one more time.
  14. Well I can't get through the Kaspersky Step. I keep getting the attached error message. I have also posted my lastest HJT log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:09:49 PM, on 4/15/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\NeatWorks\exec\NeatWorksDatabaseController.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\WINDOWS\system32\ezSP_Px.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe H:\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\ie7\iexplore.exe C:\WINDOWS\system32\SearchProtocolHost.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "H:\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.3.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - http://www.infospace.com/mypoints.main/tba...pointsSetup.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193285051484 O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NeatWorks Database Controller (NeatWorksDatabaseController) - The Neat Company - C:\Program Files\NeatWorks\exec\NeatWorksDatabaseController.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe -- End of file - 7685 bytes
  15. Ad aware just won't open on occassion. If I restart the computer it generally does eventually open. Attached is my combofix log...I'm still working on the other stuff. Thanks again for your help! ComboFix 09-04-15.08 - Stacey 04/15/2009 17:37.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2040.1601 [GMT -5:00] Running from: c:\documents and settings\Stacey\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Stacey\Desktop\CFScript.txt AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Trymedia c:\documents and settings\All Users\Application Data\Trymedia\data\{0CBDF1B9-E636-D80F-24ED-6C4FCBE5611A} c:\documents and settings\All Users\Application Data\Trymedia\data\{18D77EEA-2E4C-8A72-4B51-8BA4B2CE0118} c:\documents and settings\All Users\Application Data\Trymedia\data\{267E3769-BAE8-9B5F-4A74-9742B3430DD4} c:\documents and settings\All Users\Application Data\Trymedia\data\{63B33F42-013C-2442-96D8-BB04A8D9F27B} c:\documents and settings\All Users\Application Data\Trymedia\data\{6C8FEA85-CFD3-4A98-EC68-A028A2C06852} c:\documents and settings\All Users\Application Data\Trymedia\data\{7C7AF8E9-0EDC-9C3A-E0DE-4972DA5A6591} c:\documents and settings\All Users\Application Data\Trymedia\data\{D39C2048-18AD-3300-D309-11AB9C56E2DD} c:\documents and settings\All Users\Application Data\Trymedia\data\{E04840B3-C32C-A754-4FC7-4EED30BA6915} . ((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 ))))))))))))))))))))))))))))))) . 2009-04-14 02:28 . 2009-04-14 02:28 -------- dc----w c:\program files\Seagate 2009-04-14 02:28 . 2009-04-14 02:28 -------- dc----w c:\documents and settings\All Users\Application Data\Seagate 2009-04-14 02:27 . 2009-04-14 02:27 -------- dc----w c:\windows\Downloaded Installations 2009-04-14 02:27 . 2009-04-14 02:27 -------- dcsh--w c:\windows\ftpcache 2009-04-14 01:31 . 2009-03-09 19:06 15688 -c--a-w c:\windows\system32\lsdelete.exe 2009-04-13 22:26 . 2009-03-09 19:06 64160 -c--a-w c:\windows\system32\drivers\Lbd.sys 2009-04-13 22:07 . 2009-04-13 22:07 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-04-11 19:16 . 2009-04-13 22:07 -------- dc----w c:\program files\Lavasoft 2009-04-10 01:50 . 2009-04-10 01:50 -------- dc----w C:\Temp 2009-03-25 23:01 . 2009-03-25 23:01 -------- dc----w c:\program files\Trend Micro . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-15 22:16 . 2009-04-11 21:31 5833 -c--a-w C:\aaw7boot.log 2009-04-14 02:28 . 2003-08-14 21:50 -------- dc-h--w c:\program files\InstallShield Installation Information 2009-04-13 22:07 . 2008-09-20 14:41 -------- dc----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-04-11 21:57 . 2008-02-08 14:24 -------- dc----w c:\program files\Google 2009-04-11 21:47 . 2007-10-21 04:27 -------- dc----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-03-24 00:01 . 2009-03-01 17:39 16675 -c--a-w C:\spi.scanning.log 2009-03-05 05:46 . 2009-02-14 21:19 -------- dc----w c:\program files\Microsoft Silverlight 2009-03-01 17:40 . 2009-01-17 21:06 -------- dc----w c:\documents and settings\All Users\Application Data\The Neat Company 2009-03-01 15:47 . 2009-03-01 15:47 -------- dc----w c:\documents and settings\Stacey\Application Data\Windows Search 2009-02-22 08:15 . 2009-01-17 21:06 -------- dc----w c:\program files\Common Files\NeatReceipts 2009-02-22 08:15 . 2009-01-18 03:56 -------- dc----w c:\program files\NeatWorks 2009-02-22 08:13 . 2003-08-15 19:30 -------- dc----w c:\program files\Common Files\Intuit 2009-02-15 16:57 . 2007-10-21 06:42 55736 -c--a-w c:\documents and settings\Stacey\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-02-15 14:29 . 2009-02-15 14:29 -------- dc----w c:\documents and settings\All Users\Application Data\GARMIN 2009-02-15 04:51 . 2008-09-09 04:16 -------- dc----w c:\documents and settings\Stacey\Application Data\Download Manager 2009-02-09 11:13 . 2003-08-14 02:58 1846784 -c--a-w c:\windows\system32\win32k.sys 2009-01-17 22:22 . 2008-10-17 01:21 26966 -c--a-w C:\logfile 2008-09-11 13:19 . 2008-09-11 13:19 61224 -c--a-w c:\documents and settings\Stacey\GoToAssistDownloadHelper.exe 2008-05-16 23:50 . 2007-10-28 15:53 0 -c-h--w c:\documents and settings\All Users\Application Data\PKP_DLds.DAT 2007-11-05 03:13 . 2007-10-28 15:56 20 -c-h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT . ((((((((((((((((((((((((((((( [email protected]_16.48.15.98 ))))))))))))))))))))))))))))))))))))))))) . + 2009-04-14 01:31 . 2009-03-09 19:06 15688 c:\windows\system32\lsdelete.exe + 2009-04-13 22:26 . 2009-03-09 19:06 64160 c:\windows\system32\DRVSTORE\lbd_1D149FE61E2CD0936E43877117FE3EF0674B9944\Lbd.sys + 2009-04-13 22:26 . 2009-03-09 19:06 64160 c:\windows\system32\drivers\Lbd.sys + 2009-04-14 02:28 . 2009-04-14 02:28 81920 c:\windows\Installer\{71883667-71F2-48A1-AB72-28D518D8AC4A}\NewShortcut3_3AA20A2C6BEF43A6A3B4F09C5D78D1D4.exe + 2009-04-14 02:28 . 2009-04-14 02:28 81920 c:\windows\Installer\{71883667-71F2-48A1-AB72-28D518D8AC4A}\NewShortcut2_B7AA0888E8864144BA725EAA61DC15D5.exe + 2009-04-14 02:28 . 2009-04-14 02:28 45056 c:\windows\Installer\{71883667-71F2-48A1-AB72-28D518D8AC4A}\NewShortcut1_68F918D3F91F411B8936985CC2BD4192.exe + 2009-04-14 02:28 . 2009-04-14 02:28 81920 c:\windows\Installer\{71883667-71F2-48A1-AB72-28D518D8AC4A}\ARPPRODUCTICON.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "HijackThis startup scan"="c:\program files\Trend Micro\HijackThis\HijackThis.exe" [2009-03-25 396288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-07-16 4743168] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-06 335872] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-07-16 323584] "ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-04 28672] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-02-14 88107] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2008-11-07 20:16 111936 -c--a-w c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-12-20 16:38 136600 -c--a-w c:\program files\Java\jre6\bin\jusched.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R3 FXDRV;FXDRV; [x] R3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 29263712] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160] S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632] S2 NeatWorksDatabaseController;NeatWorks Database Controller;c:\program files\NeatWorks\exec\NeatWorksDatabaseController.exe [2009-01-28 351376] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{635d8de6-289a-11de-b56e-000c6eb5db4b}] \Shell\AutoRun\command - G:\InstallSeagateManager.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebed0481-c569-11dc-9f56-000c6eb5db4b}] \Shell\AutoRun\command - G:\setupSNK.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Neat ADF Scanner 2008] reg copy "HKLM\Software\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f . Contents of the 'Scheduled Tasks' folder 2009-04-15 c:\windows\Tasks\Ad-Aware Scan (Daily).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06] 2009-04-14 c:\windows\Tasks\Ad-Aware Scan (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06] 2009-04-15 c:\windows\Tasks\Ad-Aware Update (Daily).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06] 2008-08-19 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job - c:\program files\Microsoft IntelliType Pro\itype.exe [2007-08-31 19:13] . . ------- Supplementary Scan ------- . DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-15 17:39 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-04-15 17:41 ComboFix-quarantined-files.txt 2009-04-15 22:41 ComboFix2.txt 2009-04-13 21:50 Pre-Run: 86,131,650,560 bytes free Post-Run: 86,122,795,008 bytes free 148 --- E O F --- 2009-03-13 04:10